Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 21.05.2015, 12:18   #1
Johannes85
 
Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes) - Icon21

Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes)



Hallo liebes Forum,

heute morgen habe ich auf meinem Rechner die Software Picexa.exe gefunden. Ich habe diese NICHT selbst installiert. Außerdem waren in meinen Browsern Firefox und Chrome die Startseiten, Einstellungen für neue Tabs und Standard-Suchanbieter verändert (delta-homes.com). Zusätzlich habe ich zwei Erweiterungen in Firefox gefunden, "Search Start" (o.ä.) und eine weitere (hier bin ich bei den Namen nicht sicher), die auch nicht von mir installiert wurden.

Das selbe Phänomen habe ich vor einigen Wochen bereits ein weiteres Mal mit einer merkwürdigen "Un-Zip"-Software (Name nicht mehr bekannt) erlebt. Hier war ich aber unsicher, ob das Programm nicht von einem Hausgast installiert worden war.

Nachdem ich hier im Board auf auf das Topic http://www.trojaner-board.de/165893-...-browsern.html gestoßen bin, hoffe ich, dass ich eine ähnliche Hilfestellung erhalten kann.

Schritte bisher:
(1) Picexa über "Programme und Funktionen" deinstalliert.
(2) Browser-Einstellungen geändert, um Status von gestern wiederherzustellen.
(3) Ereignis-Protokoll nach "verdächtigen" Ereignissen durchsucht.
(3.1) Sicherheit
Code:
ATTFilter
-- Microsoft Windows-Sicherheitsüberprüfung 21.05.2015 00:00:00 Ereignis 
4672 "Spezielle Anmeldung"
Antragsteller:
Sicherheits-ID: SYSTEM
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
         
(3.2) System
Code:
ATTFilter
-- Microsoft Antimalware 20.05.2015 19:09:59 Win32/FakeShak.A 
C:\Users\USERNAME\AppData\Local\Microsoft\Windows\Temporary Internet 
Files\Content.Outlook\2SMHKJFC\DHL_Report_14260977432.pdf
-- Service Control Manager 21.05.2015 01:58:26 
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service 
wird als Dienst ausgeführt.
-- Service Control Manager 21.05.2015 01:59:17 IHProtect Service wird 
als Dienst ausgeführt.
-- Service Control Manager 21.05.2015 02:00:09 C:\Program Files 
(x86)\Picexa\PicexaSvc.exe wurde installiert
-- Microsoft Antimalware 21.05.2015 03:35:33 Der Verlauf von 
Schadsoftware ... wurde ... entfernt.
-- Microsoft Antimalware 21.05.2015 03:36:25 Der Signaturversion wurde 
... aktualisiert. Alt: 1.199.182.0, Neu: 1.199.280.0
         
(4) Defogger.exe ausgeführt.
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:43 on 21/05/2015 (USERNAME)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
(5) FRST64.exe ausgeführt.
(5.1) FRST.txt angehängt, da zu groß
(5.2) Addition.txt angehängt, da zu groß
(6) GMER ausgeführt
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-21 12:43:15
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000081 ATA_____ rev.2.22 447,16GB
Running: nnzspp5u.exe; Driver: C:\Users\JOHANN~1\AppData\Local\Temp\uxddiuob.sys


---- User code sections - GMER 2.1 ----

.text    C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1544] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                       0000000075211401 2 bytes JMP 750db21b C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1544] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                         0000000075211419 2 bytes JMP 750db346 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                       0000000075211431 2 bytes JMP 75158f29 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                       000000007521144a 2 bytes CALL 750b489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                               * 9
.text    C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1544] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                          00000000752114dd 2 bytes JMP 75158822 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1544] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                   00000000752114f5 2 bytes JMP 751589f8 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1544] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                          000000007521150d 2 bytes JMP 75158718 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1544] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                   0000000075211525 2 bytes JMP 75158ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1544] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                         000000007521153d 2 bytes JMP 750cfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1544] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                              0000000075211555 2 bytes JMP 750d68ef C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1544] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                       000000007521156d 2 bytes JMP 75158fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1544] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                         0000000075211585 2 bytes JMP 75158b42 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1544] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                            000000007521159d 2 bytes JMP 751586dc C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1544] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                         00000000752115b5 2 bytes JMP 750cfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1544] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                       00000000752115cd 2 bytes JMP 750db2dc C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1544] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                   00000000752116b2 2 bytes JMP 75158ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1544] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                   00000000752116bd 2 bytes JMP 75158671 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4332] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                      0000000075211401 2 bytes JMP 750db21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4332] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                        0000000075211419 2 bytes JMP 750db346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                      0000000075211431 2 bytes JMP 75158f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                      000000007521144a 2 bytes CALL 750b489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                               * 9
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4332] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                         00000000752114dd 2 bytes JMP 75158822 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4332] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                  00000000752114f5 2 bytes JMP 751589f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4332] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                         000000007521150d 2 bytes JMP 75158718 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4332] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                  0000000075211525 2 bytes JMP 75158ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4332] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                        000000007521153d 2 bytes JMP 750cfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4332] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                             0000000075211555 2 bytes JMP 750d68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4332] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                      000000007521156d 2 bytes JMP 75158fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4332] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                        0000000075211585 2 bytes JMP 75158b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4332] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                           000000007521159d 2 bytes JMP 751586dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4332] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                        00000000752115b5 2 bytes JMP 750cfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4332] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                      00000000752115cd 2 bytes JMP 750db2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4332] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                  00000000752116b2 2 bytes JMP 75158ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4332] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                  00000000752116bd 2 bytes JMP 75158671 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\XTab\ProtectService.exe[5084] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                      0000000075211401 2 bytes JMP 750db21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\XTab\ProtectService.exe[5084] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                        0000000075211419 2 bytes JMP 750db346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\XTab\ProtectService.exe[5084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                      0000000075211431 2 bytes JMP 75158f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\XTab\ProtectService.exe[5084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                      000000007521144a 2 bytes CALL 750b489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                               * 9
.text    C:\Program Files (x86)\XTab\ProtectService.exe[5084] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                         00000000752114dd 2 bytes JMP 75158822 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\XTab\ProtectService.exe[5084] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                  00000000752114f5 2 bytes JMP 751589f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\XTab\ProtectService.exe[5084] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                         000000007521150d 2 bytes JMP 75158718 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\XTab\ProtectService.exe[5084] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                  0000000075211525 2 bytes JMP 75158ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\XTab\ProtectService.exe[5084] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                        000000007521153d 2 bytes JMP 750cfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\XTab\ProtectService.exe[5084] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                             0000000075211555 2 bytes JMP 750d68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\XTab\ProtectService.exe[5084] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                      000000007521156d 2 bytes JMP 75158fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\XTab\ProtectService.exe[5084] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                        0000000075211585 2 bytes JMP 75158b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\XTab\ProtectService.exe[5084] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                           000000007521159d 2 bytes JMP 751586dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\XTab\ProtectService.exe[5084] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                        00000000752115b5 2 bytes JMP 750cfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\XTab\ProtectService.exe[5084] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                      00000000752115cd 2 bytes JMP 750db2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\XTab\ProtectService.exe[5084] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                  00000000752116b2 2 bytes JMP 75158ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\XTab\ProtectService.exe[5084] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                  00000000752116bd 2 bytes JMP 75158671 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\CommunicationsClients\osoausvc.exe[4280] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                           0000000075211401 2 bytes JMP 750db21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\CommunicationsClients\osoausvc.exe[4280] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                             0000000075211419 2 bytes JMP 750db346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\CommunicationsClients\osoausvc.exe[4280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                           0000000075211431 2 bytes JMP 75158f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\CommunicationsClients\osoausvc.exe[4280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                           000000007521144a 2 bytes CALL 750b489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                               * 9
.text    C:\Program Files (x86)\CommunicationsClients\osoausvc.exe[4280] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                              00000000752114dd 2 bytes JMP 75158822 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\CommunicationsClients\osoausvc.exe[4280] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                       00000000752114f5 2 bytes JMP 751589f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\CommunicationsClients\osoausvc.exe[4280] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                              000000007521150d 2 bytes JMP 75158718 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\CommunicationsClients\osoausvc.exe[4280] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                       0000000075211525 2 bytes JMP 75158ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\CommunicationsClients\osoausvc.exe[4280] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                             000000007521153d 2 bytes JMP 750cfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\CommunicationsClients\osoausvc.exe[4280] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                  0000000075211555 2 bytes JMP 750d68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\CommunicationsClients\osoausvc.exe[4280] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                           000000007521156d 2 bytes JMP 75158fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\CommunicationsClients\osoausvc.exe[4280] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                             0000000075211585 2 bytes JMP 75158b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\CommunicationsClients\osoausvc.exe[4280] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                000000007521159d 2 bytes JMP 751586dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\CommunicationsClients\osoausvc.exe[4280] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                             00000000752115b5 2 bytes JMP 750cfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\CommunicationsClients\osoausvc.exe[4280] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                           00000000752115cd 2 bytes JMP 750db2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\CommunicationsClients\osoausvc.exe[4280] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                       00000000752116b2 2 bytes JMP 75158ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\CommunicationsClients\osoausvc.exe[4280] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                       00000000752116bd 2 bytes JMP 75158671 C:\Windows\syswow64\kernel32.dll
---- Processes - GMER 2.1 ----

Library  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BDA80CA9-BE15-46A2-ABEB-2E86C618A88E}\offreg.620.dll (*** suspicious ***) @ c:\Program Files\Microsoft Security Client\MsMpEng.exe [620](2015-05-21 10:33:21)  000007fee0180000
Process  C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (*** suspicious ***) @ C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [1544] (Windows SysTool /Windows SysTool)(2014-12-31 12:02:06)                 0000000000400000
Process  \\?\C:\Windows\system32\wbem\WMIADAP.EXE (*** suspicious ***) @ \\?\C:\Windows\system32\wbem\WMIADAP.EXE [7644] (WMI Reverse Performance Adapter Maintenance Utility/Microsoft Corporation)(2009-07-13 23:47:22)                  00000000ff730000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dc85de25faa9                                                                                                                                                       
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dc85de25faa9@d023db75258b                                                                                                                                          0xBC 0x78 0x5A 0x8D ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dc85de25faa9@0021fc7a7083                                                                                                                                          0x85 0x25 0x1F 0x54 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dc85de25faa9 (not active ControlSet)                                                                                                                                   
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dc85de25faa9@d023db75258b                                                                                                                                              0xBC 0x78 0x5A 0x8D ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dc85de25faa9@0021fc7a7083                                                                                                                                              0x85 0x25 0x1F 0x54 ...

---- EOF - GMER 2.1 ----
         


Ich werde jetzt erst mal die Füße stillhalten, auf dem System nicht weiterarbeiten und auf professionelle Hilfe warten.


Leider sieht es für mich Laien so aus, als wäre mein System ziemlich kompromittiert. Ich habe aber weder Zeit für ein komplettes Neuaufsetzen, noch ist das zum jetzigen Zeitpunkt möglich, da ich einen Webserver auf meinem Rechner betreibe, der für mehrere hundert User
(Mitspieler aus meiner BigBand) regelmäßig Dokumente bereitstellt.

Vor allem wäre ich interessiert daran, nicht nur die Symptome sondern auch die Ursache, also die relevante SIcherheitslücke zu finden, die dazu überhaupt erst geführt hat, dass sich die Software auf meinem Rechner installieren konnte.


Gerne befolge ich genau eine Anleitung, die ich von hier erhalte, ich habe mich auch schon mit den goldenen Regeln im Post von "Jürgen" vertraut gemacht.
Angehängte Dateien
Dateityp: txt Addition.txt (59,3 KB, 117x aufgerufen)

Geändert von Johannes85 (21.05.2015 um 12:25 Uhr) Grund: EDIT, da LOG-Files zu groß / Ein CODE-Tag falsch

Alt 21.05.2015, 12:19   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes) - Standard

Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes)



hi,

dann poste mal die andern Logs
__________________

__________________

Alt 21.05.2015, 12:30   #3
Johannes85
 
Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes) - Standard

Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes)



Hallo schrauber!

Das ging ja rasend schnell! Vielen dank, dass Du Dich meines Problems annimmst.
Welche LOGs benötigst Du noch? FRST und Addition habe ich gerade noch oben angehängt.
Ich poste die beiden jetzt erst noch mal als Text

FRST.txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by {{USERNAME}} (administrator) on {{PCNAME}} on 21-05-2015 10:16:28
Running from C:\Users\{{USERNAME}}\Desktop
Loaded Profiles: {{USERNAME}} (Available profiles: {{USERNAME}})
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.11\AsusFanControlService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
() C:\xampp\mysql\bin\mysqld.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(eTellicom) C:\Program Files (x86)\CommunicationsClients\osoausvc.exe
(UltraVNC) C:\Program Files (x86)\uvnc bvba\UltraVNC\winvnc.exe
(Chris Pietschmann (hxxp://pietschsoft.com)) C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe
(Dyn, Inc.) C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Dropbox, Inc.) C:\Users\{{USERNAME}}\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(eTellicom) C:\Program Files (x86)\CommunicationsClients\osoupd.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(rejetto) C:\hfs.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(UltraVNC) C:\Program Files (x86)\uvnc bvba\UltraVNC\winvnc.exe
(Windows SysTool) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [627360 2011-06-15] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-06-15] (Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519408 2013-07-18] (Acronis)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7843744 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104616 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [CommunicationsClients Auto Update Service] => C:\Program Files (x86)\CommunicationsClients\osoupd.exe [471552 2013-10-03] (eTellicom)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\...\Run: [AirVideoServer] => C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe [4923784 2010-09-22] ()
HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-10-25] (AMD)
HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\...\RunOnce: [Adobe Speed Launcher] => 1431501560
HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_17_0_0_169_ActiveX.exe [623792 2015-04-15] (Adobe Systems Incorporated)
HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\...\MountPoints2: {f03b237d-001c-11e2-a92b-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [AirVideoServer] => C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe [4923784 2010-09-22] ()
Startup: C:\Users\{{USERNAME}}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-11-18]
ShortcutTarget: Dropbox.lnk -> C:\Users\{{USERNAME}}\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\{{USERNAME}}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HFS.lnk [2012-09-23]
ShortcutTarget: HFS.lnk -> C:\hfs.exe (rejetto)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{{USERNAME}}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{{USERNAME}}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{{USERNAME}}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{{USERNAME}}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{{USERNAME}}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{{USERNAME}}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{{USERNAME}}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{{USERNAME}}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1AMPCBOK] -> {04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} =>  No File
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers-x32: [1AMPCBOK] -> {04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} =>  No File
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1420027279&from=cvs&uid=3219913727_132823_DED6A03F
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1420027279&from=cvs&uid=3219913727_132823_DED6A03F
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1420027279&from=cvs&uid=3219913727_132823_DED6A03F&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1420027279&from=cvs&uid=3219913727_132823_DED6A03F&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1420027279&from=cvs&uid=3219913727_132823_DED6A03F
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1420027279&from=cvs&uid=3219913727_132823_DED6A03F
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420027279&from=cvs&uid=3219913727_132823_DED6A03F&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420027279&from=cvs&uid=3219913727_132823_DED6A03F&q={searchTerms}
HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.delta-homes.com/web/?type=ds&ts=1426846686&from=wpm03203&uid=3219913727_132823_DED6A03F&q={searchTerms}
HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1420027279&from=cvs&uid=3219913727_132823_DED6A03F
HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1426846686&from=wpm03203&uid=3219913727_132823_DED6A03F&q={searchTerms}
URLSearchHook: HKLM-x32 - (No Name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No File
URLSearchHook: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000 - (No Name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No File
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420027279&from=cvs&uid=3219913727_132823_DED6A03F&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420027279&from=cvs&uid=3219913727_132823_DED6A03F&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420027279&from=cvs&uid=3219913727_132823_DED6A03F&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420027279&from=cvs&uid=3219913727_132823_DED6A03F&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll [2015-05-20] (Thinknice Co. Limited)
BHO-x32: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files (x86)\XTab\SupTab.dll [2015-05-20] (Thinknice Co. Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-25] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-06-15] (Atheros Commnucations)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2014-04-29] (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-25] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - No Name - {7473b6bd-4691-4744-a82b-7854eb3d70b6} -  No File
Toolbar: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler: osf-roaming - {C57E9882-B128-4E07-BA2D-FF83B8989C76} - C:\Users\{{USERNAME}}\Microsoft Office 15\root\Office15\MSOSB.DLL No File
Tcpip\..\Interfaces\{3AEC974B-24E3-4475-83E1-C29A875A9870}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{C1CB1CEF-42D9-486D-A6F4-005DFD4EA7BE}: [NameServer] 8.8.8.8,8.8.4.4
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1420027279&from=cvs&uid=3219913727_132823_DED6A03F

FireFox:
========
FF ProfilePath: C:\Users\{{USERNAME}}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default
FF NewTab: chrome://quick_start/content/index.html
FF SelectedSearchEngine: delta-homes
FF Homepage: google.de
FF Keyword.URL: https://www.google.de/#output=search&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1317513966-3781302880-2816950935-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll [2013-03-12] (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\{{USERNAME}}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\searchplugins\gmx-suche.xml [2014-06-25]
FF SearchPlugin: C:\Users\{{USERNAME}}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\searchplugins\webde-suche.xml [2014-06-25]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml [2014-12-31]
FF Extension: Html Validator - C:\Users\{{USERNAME}}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2014-08-15]
FF Extension: Firebug - C:\Users\{{USERNAME}}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\firebug@software.joehewitt.com.xpi [2012-09-17]
FF Extension: Ghostery - C:\Users\{{USERNAME}}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\firefox@ghostery.com.xpi [2013-08-18]
FF Extension: FireGestures - C:\Users\{{USERNAME}}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\firegestures@xuldev.org.xpi [2012-09-21]
FF Extension: ProxTube - C:\Users\{{USERNAME}}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: JSONView - C:\Users\{{USERNAME}}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\jsonview@brh.numbera.com.xpi [2012-10-13]
FF Extension: Scriptish - C:\Users\{{USERNAME}}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\scriptish@erikvold.com.xpi [2013-12-30]
FF Extension: SQLite Manager - C:\Users\{{USERNAME}}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2015-01-01]
FF Extension: PAYBACK Internet Assistent fuer Firefox - C:\Users\{{USERNAME}}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\toolbar-ff@payback.de.xpi [2015-04-02]
FF Extension: YouTube to MP3 - C:\Users\{{USERNAME}}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\youtube2mp3@mondayx.de.xpi [2012-09-17]
FF Extension: Video DownloadHelper - C:\Users\{{USERNAME}}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: Web Developer - C:\Users\{{USERNAME}}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-09-17]
FF Extension: Adblock Plus - C:\Users\{{USERNAME}}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-17]
FF Extension: Tab Mix Plus - C:\Users\{{USERNAME}}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-09-17]
FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-05-16]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-09-17]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\{{USERNAME}}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\extensions\faststartff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\{{USERNAME}}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\extensions\searchengine@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Users\{{USERNAME}}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\extensions\istart_ffnt@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\{{USERNAME}}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\extensions\quick_searchff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\{{USERNAME}}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\extensions\sweetsearch@gmail.com

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\{{USERNAME}}\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Recognize It for Chrome) - C:\Users\{{USERNAME}}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bclaagbljldlbmihblajinlijckggkea [2012-10-14]
CHR Extension: (Web Developer) - C:\Users\{{USERNAME}}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2012-10-14]
CHR Extension: (YouTube) - C:\Users\{{USERNAME}}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-14]
CHR Extension: (Firebug Lite for Google Chrome™) - C:\Users\{{USERNAME}}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench [2012-10-14]
CHR Extension: (Adblock Plus) - C:\Users\{{USERNAME}}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-10-14]
CHR Extension: (Google Search) - C:\Users\{{USERNAME}}\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-14]
CHR Extension: (Tampermonkey) - C:\Users\{{USERNAME}}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2013-12-30]
CHR Extension: (Postman - REST Client (Packaged App)) - C:\Users\{{USERNAME}}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2015-05-16]
CHR Extension: (Bookmark Manager) - C:\Users\{{USERNAME}}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\{{USERNAME}}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-20]
CHR Extension: (YouTube to MP3 Converter) - C:\Users\{{USERNAME}}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldkainijooolihjoejfnponkcahmkafn [2012-10-14]
CHR Extension: (Refresh Monkey) - C:\Users\{{USERNAME}}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljngnafhejmefmijjoedbclkadhacebd [2015-05-16]
CHR Extension: (Ghostery) - C:\Users\{{USERNAME}}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2012-10-14]
CHR Extension: (Google Wallet) - C:\Users\{{USERNAME}}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Users\{{USERNAME}}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-14]
CHR HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\{{USERNAME}}\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-26]
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\{{USERNAME}}\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-26]
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\{{USERNAME}}\AppData\Local\Wajam\Chrome\wajam.crx [2012-06-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apache2.4; c:\xampp\apache\bin\httpd.exe [22016 2012-06-06] (Apache Software Foundation) [File not signed]
R3 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-29] () [File not signed]
S3 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe [947328 2012-09-16] (ASUSTeK Computer Inc.)
S4 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.11\AsusFanControlService.exe [1430144 2011-10-06] (ASUSTeK Computer Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-06-15] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [80032 2011-06-15] (Atheros Commnucations) [File not signed]
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-09-16] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 Dyn Updater; C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe [95608 2011-11-15] (Dyn, Inc.)
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [157824 2015-05-20] (XTab system)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 mysql; c:\xampp\mysql\bin\mysqld.exe [8180224 2012-06-29] () [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 OSO Update Service; C:\Program Files (x86)\CommunicationsClients\osoausvc.exe [487936 2013-09-14] (eTellicom) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 uvnc_service; C:\Program Files (x86)\uvnc bvba\UltraVNC\WinVNC.exe [2038520 2012-09-12] (UltraVNC)
R2 Virtual Router; C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe [12288 2013-02-10] (Chris Pietschmann (hxxp://pietschsoft.com)) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [602112 2015-05-20] (Windows SysTool) [File not signed] <==== ATTENTION

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACR122U; C:\Windows\System32\DRIVERS\acr122.sys [62976 2014-11-13] (Advanced Card Systems Ltd.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2012-09-16] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41704 2012-08-01] (AnchorFree Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 mv2; C:\Windows\System32\DRIVERS\mv2.sys [12904 2012-09-28] (UVNC BVBA)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R0 ocz10xx; C:\Windows\System32\drivers\ocz10xx.sys [139056 2012-04-05] (OCZ Technology Group, Inc.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-12-29] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2013-12-29] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-12-29] (Acronis International GmbH)
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-21 10:16 - 2015-05-21 10:16 - 00040026 _____ () C:\Users\{{USERNAME}}\Desktop\FRST.txt
2015-05-21 10:15 - 2015-05-21 10:16 - 00000000 ____D () C:\FRST
2015-05-21 10:14 - 2015-05-21 10:14 - 02107904 _____ (Farbar) C:\Users\{{USERNAME}}\Desktop\FRST64.exe
2015-05-21 10:13 - 2015-05-21 10:13 - 00000490 _____ () C:\Users\{{USERNAME}}\Desktop\defogger_disable.log
2015-05-21 10:13 - 2015-05-21 10:13 - 00000000 _____ () C:\Users\{{USERNAME}}\defogger_reenable
2015-05-21 10:12 - 2015-05-21 10:12 - 00050477 _____ () C:\Users\{{USERNAME}}\Desktop\Defogger.exe
2015-05-21 09:40 - 2015-05-21 10:15 - 16644804 _____ () C:\video0.dat
2015-05-20 18:43 - 2015-05-20 18:43 - 00042945 _____ () C:\Users\{{USERNAME}}\Desktop\habermann.mw
2015-05-20 13:22 - 2015-05-20 19:23 - 00000741 _____ () C:\Users\{{USERNAME}}\26-2015-05-20.csv
2015-05-19 04:22 - 2015-05-19 21:57 - 00000492 _____ () C:\Users\{{USERNAME}}\26-2015-05-19.csv
2015-05-18 20:46 - 2015-05-18 20:50 - 00000000 ____D () C:\Users\{{USERNAME}}\Desktop\rewe
2015-05-18 10:27 - 2015-05-18 21:12 - 00001539 _____ () C:\Users\{{USERNAME}}\26-2015-05-18.csv
2015-05-17 12:42 - 2015-05-17 17:00 - 00000363 _____ () C:\Users\{{USERNAME}}\26-2015-05-17.csv
2015-05-17 00:33 - 2015-05-17 20:12 - 00000000 ____D () C:\Users\{{USERNAME}}\AppData\Roaming\KeePass
2015-05-16 22:56 - 2015-05-16 22:56 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2015-05-16 22:56 - 2015-05-16 22:56 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2015-05-16 21:35 - 2015-05-16 21:35 - 00000000 ____D () C:\Users\{{USERNAME}}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-16 20:15 - 2015-05-21 01:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-16 01:54 - 2015-05-16 13:55 - 00000250 _____ () C:\Users\{{USERNAME}}\26-2015-05-16.csv
2015-05-16 00:00 - 2015-05-16 00:00 - 00001317 _____ () C:\Users\{{USERNAME}}\26-2015-05-15.csv
2015-05-15 12:43 - 2015-05-15 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2015-05-15 12:43 - 2015-05-15 12:43 - 00000000 ____D () C:\Program Files (x86)\Git
2015-05-15 09:50 - 2015-05-15 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2015-05-14 15:01 - 2015-05-14 21:42 - 00000852 _____ () C:\Users\{{USERNAME}}\26-2015-05-14.csv
2015-05-13 18:13 - 2015-05-13 18:23 - 00001198 _____ () C:\Users\{{USERNAME}}\26-2015-05-13.csv
2015-05-13 03:01 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:01 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 21:39 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 21:39 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 21:39 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 21:39 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 21:39 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 21:39 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 21:39 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 21:39 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 21:39 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 21:39 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 21:39 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 21:39 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 21:39 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 21:39 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 21:39 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 21:39 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 21:39 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 21:39 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 21:39 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 21:39 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 21:39 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 21:39 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 21:39 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 21:39 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 21:39 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 21:39 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 21:39 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 21:39 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 21:39 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 21:39 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 21:39 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 21:39 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 21:39 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 21:39 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 21:39 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 21:39 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 21:39 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 21:39 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 21:39 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 21:39 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 21:39 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 21:39 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 21:39 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 21:39 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 21:39 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 21:39 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 21:39 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 21:39 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 21:39 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 21:39 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 21:39 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 21:39 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 21:39 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 21:39 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 21:39 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 21:39 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 21:39 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 21:39 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 21:39 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 21:39 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 21:39 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 21:39 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 21:39 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 21:39 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 21:34 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-12 21:34 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 21:34 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 21:34 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-12 21:34 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-12 21:34 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 21:34 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 21:34 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-12 21:34 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-12 21:34 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-12 21:34 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-12 21:34 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 21:34 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-12 21:34 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-12 21:34 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-12 21:34 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-12 21:34 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-12 21:34 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 21:34 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-12 21:34 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-12 21:34 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 21:34 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 21:34 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-12 21:34 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-12 21:34 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 21:34 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-12 21:34 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-12 21:34 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-12 21:34 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-12 21:34 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 21:34 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 21:34 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 21:34 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 21:34 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 21:33 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 21:33 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 21:33 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 21:33 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 21:33 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 21:33 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 21:33 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 21:32 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-12 21:32 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-12 21:32 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 21:32 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-12 21:32 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-12 21:32 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-12 21:32 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 07:33 - 2015-05-12 12:53 - 00000131 _____ () C:\Users\{{USERNAME}}\26-2015-05-12.csv
2015-05-11 06:38 - 2015-05-11 21:07 - 00000611 _____ () C:\Users\{{USERNAME}}\26-2015-05-11.csv
2015-05-09 19:37 - 2015-05-09 19:37 - 00000612 _____ () C:\Users\{{USERNAME}}\26-2015-05-09.csv
2015-05-07 19:33 - 2015-05-07 23:18 - 00001088 _____ () C:\Users\{{USERNAME}}\26-2015-05-07.csv
2015-05-06 11:04 - 2015-05-07 00:00 - 00000735 _____ () C:\Users\{{USERNAME}}\26-2015-05-06.csv
2015-05-05 10:06 - 2015-05-05 10:06 - 00000131 _____ () C:\Users\{{USERNAME}}\26-2015-05-05.csv
2015-05-04 06:56 - 2015-05-04 07:06 - 00000249 _____ () C:\Users\{{USERNAME}}\26-2015-05-04.csv
2015-05-03 20:18 - 2015-05-03 20:18 - 00000720 _____ () C:\Users\{{USERNAME}}\26-2015-05-03.csv
2015-05-02 10:26 - 2015-05-02 15:03 - 00000251 _____ () C:\Users\{{USERNAME}}\26-2015-05-02.csv
2015-05-01 17:12 - 2015-05-01 18:27 - 00000853 _____ () C:\Users\{{USERNAME}}\26-2015-05-01.csv
2015-04-30 18:04 - 2015-04-30 19:15 - 00000250 _____ () C:\Users\{{USERNAME}}\26-2015-04-30.csv
2015-04-29 19:41 - 2015-05-19 03:47 - 00002334 _____ () C:\Users\{{USERNAME}}\Desktop\aral.txt
2015-04-29 07:31 - 2015-04-29 19:59 - 00000968 _____ () C:\Users\{{USERNAME}}\26-2015-04-29.csv
2015-04-29 00:00 - 2015-04-29 00:00 - 00001278 _____ () C:\Users\{{USERNAME}}\26-2015-04-28.csv
2015-04-27 06:31 - 2015-04-27 21:41 - 00001777 _____ () C:\Users\{{USERNAME}}\26-2015-04-27.csv
2015-04-26 09:18 - 2015-04-26 19:49 - 00000842 _____ () C:\Users\{{USERNAME}}\26-2015-04-26.csv
2015-04-25 08:35 - 2015-04-25 10:09 - 00000131 _____ () C:\Users\{{USERNAME}}\26-2015-04-25.csv
2015-04-24 18:26 - 2015-05-19 21:53 - 00000000 ____D () C:\Users\{{USERNAME}}\Desktop\et4
2015-04-24 07:09 - 2015-04-25 00:00 - 00001079 _____ () C:\Users\{{USERNAME}}\26-2015-04-24.csv
2015-04-23 03:55 - 2015-04-23 20:20 - 00000603 _____ () C:\Users\{{USERNAME}}\26-2015-04-23.csv
2015-04-22 08:29 - 2015-04-22 19:26 - 00000483 _____ () C:\Users\{{USERNAME}}\26-2015-04-22.csv
2015-04-22 08:28 - 2015-04-22 08:28 - 00009058 _____ () C:\Users\{{USERNAME}}\Desktop\Skripten3.xlsx
2015-04-21 22:34 - 2015-04-21 22:52 - 00012424 _____ () C:\Users\{{USERNAME}}\Desktop\Skripten2.xlsx
2015-04-21 22:25 - 2015-04-21 22:25 - 00011164 _____ () C:\Users\{{USERNAME}}\Desktop\Skripten.xlsx
2015-04-21 07:41 - 2015-04-21 22:41 - 00000131 _____ () C:\Users\{{USERNAME}}\26-2015-04-21.csv

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-21 10:13 - 2012-09-16 18:43 - 00000000 ____D () C:\Users\{{USERNAME}}
2015-05-21 10:11 - 2009-07-14 06:45 - 00032000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-21 10:11 - 2009-07-14 06:45 - 00032000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-21 10:03 - 2012-09-17 16:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-21 09:47 - 2012-09-16 18:43 - 01176312 _____ () C:\Windows\WindowsUpdate.log
2015-05-21 09:33 - 2012-10-14 17:12 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-21 03:33 - 2012-10-14 17:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-21 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-21 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-21 02:00 - 2014-06-26 08:19 - 00000000 ____D () C:\Users\{{USERNAME}}\AppData\Local\Adobe
2015-05-21 01:59 - 2015-03-20 12:18 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-05-21 01:58 - 2014-12-31 14:02 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-05-20 19:23 - 2014-06-25 10:31 - 00000000 ____D () C:\Users\{{USERNAME}}\AppData\Roaming\CC-Cache
2015-05-20 19:23 - 2010-12-30 13:19 - 00000000 ____D () C:\Users\{{USERNAME}}\Documents\Outlook-Dateien
2015-05-20 18:43 - 2012-09-30 15:25 - 00000000 ____D () C:\Users\{{USERNAME}}\.maplesoft
2015-05-20 18:39 - 2012-09-29 15:18 - 00000000 ____D () C:\Users\{{USERNAME}}\.jedit
2015-05-20 18:26 - 2012-12-23 12:41 - 00000000 ____D () C:\Temp
2015-05-20 14:37 - 2012-09-16 18:44 - 00000000 ____D () C:\Users\{{USERNAME}}\AppData\Local\VirtualStore
2015-05-18 12:02 - 2012-09-27 12:00 - 00000203 _____ () C:\Windows\SysWOW64\cookieFileName
2015-05-17 10:07 - 2012-12-20 21:14 - 00000132 _____ () C:\Users\{{USERNAME}}\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2015-05-17 09:24 - 2012-09-27 18:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-17 03:28 - 2012-10-14 17:12 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 03:28 - 2012-10-14 17:12 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 16:06 - 2014-08-24 13:29 - 00001456 _____ () C:\Users\{{USERNAME}}\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2015-05-16 01:59 - 2012-09-23 21:32 - 00000000 ____D () C:\Users\{{USERNAME}}\AppData\Roaming\vlc
2015-05-15 13:09 - 2013-08-18 19:30 - 00000000 ____D () C:\Users\{{USERNAME}}\AppData\Roaming\npm-cache
2015-05-15 12:38 - 2013-08-18 19:30 - 00000000 ____D () C:\Users\{{USERNAME}}\AppData\Roaming\npm
2015-05-15 09:50 - 2013-08-18 11:40 - 00000000 ____D () C:\Program Files (x86)\JetBrains
2015-05-14 14:13 - 2013-07-17 14:17 - 00000000 ____D () C:\Users\{{USERNAME}}\AppData\Roaming\TeamViewer
2015-05-13 04:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-13 03:30 - 2011-04-12 09:43 - 00700470 _____ () C:\Windows\system32\perfh007.dat
2015-05-13 03:30 - 2011-04-12 09:43 - 00150108 _____ () C:\Windows\system32\perfc007.dat
2015-05-13 03:30 - 2009-07-14 07:13 - 01624106 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-13 03:26 - 2015-02-13 14:49 - 00000000 ____D () C:\Users\{{USERNAME}}\AppData\Local\TSVNCache
2015-05-13 03:26 - 2014-11-18 13:44 - 00000000 ____D () C:\Users\{{USERNAME}}\AppData\Roaming\Dropbox
2015-05-13 03:26 - 2012-09-17 18:55 - 00000000 ___HD () C:\jexepackres
2015-05-13 03:25 - 2012-09-23 14:42 - 05333536 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 03:25 - 2012-09-23 14:42 - 00043042 _____ () C:\Windows\setupact.log
2015-05-13 03:25 - 2012-09-16 20:34 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 03:25 - 2012-09-16 20:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 03:25 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-13 03:24 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 03:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 03:08 - 2012-09-17 17:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 03:07 - 2012-09-16 19:37 - 00002155 _____ () C:\Windows\epplauncher.mif
2015-05-13 03:07 - 2012-09-16 19:37 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-13 03:07 - 2012-09-16 19:37 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-13 03:07 - 2012-09-16 19:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-13 03:06 - 2013-07-25 21:07 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 03:03 - 2012-09-16 19:35 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 03:01 - 2012-09-16 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-11 20:43 - 2014-11-18 13:45 - 00000000 ____D () C:\Users\{{USERNAME}}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-10 10:44 - 2012-09-16 20:23 - 00000000 ____D () C:\Users\{{USERNAME}}\Documents\Bluetooth Folder
2015-05-09 17:35 - 2012-09-16 20:53 - 00000000 ____D () C:\Users\{{USERNAME}}\AppData\Local\CrashDumps
2015-04-25 12:50 - 2013-10-26 11:26 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-25 12:49 - 2013-07-22 19:46 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-25 12:49 - 2012-09-17 16:58 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-25 09:56 - 2014-11-02 19:39 - 00004736 ____H () C:\Users\{{USERNAME}}\_viminfo
2015-04-23 10:10 - 2012-09-17 21:38 - 00000000 ____D () C:\Program Files\Common Files\Adobe

==================== Files in the root of some directories =======

2012-12-20 21:14 - 2015-05-17 10:07 - 0000132 _____ () C:\Users\{{USERNAME}}\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2013-07-17 20:28 - 2013-07-17 21:27 - 0000116 _____ () C:\Users\{{USERNAME}}\AppData\Roaming\Camdata.ini
2013-07-17 20:28 - 2013-07-17 21:27 - 0000408 _____ () C:\Users\{{USERNAME}}\AppData\Roaming\CamLayout.ini
2013-07-17 20:28 - 2013-07-17 21:27 - 0000408 _____ () C:\Users\{{USERNAME}}\AppData\Roaming\CamShapes.ini
2013-07-17 20:28 - 2013-07-17 21:27 - 0004520 _____ () C:\Users\{{USERNAME}}\AppData\Roaming\CamStudio.cfg
2015-02-13 14:46 - 2015-03-01 14:56 - 0000600 _____ () C:\Users\{{USERNAME}}\AppData\Roaming\PUTTY.RND
2014-08-24 13:29 - 2015-05-16 16:06 - 0001456 _____ () C:\Users\{{USERNAME}}\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2013-07-17 17:51 - 2015-04-05 12:04 - 0006144 _____ () C:\Users\{{USERNAME}}\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-13 13:39 - 2015-03-29 10:05 - 0000600 _____ () C:\Users\{{USERNAME}}\AppData\Local\PUTTY.RND
2013-08-25 19:05 - 2013-08-25 19:05 - 0002286 _____ () C:\Users\{{USERNAME}}\AppData\Local\recently-used.xbel
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\{{USERNAME}}\AppData\Local\setup.txt
2013-12-23 22:13 - 2013-12-23 22:13 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-03-10 11:33 - 2013-03-10 11:33 - 0001534 _____ () C:\ProgramData\ss.ini
2010-01-14 15:01 - 2010-01-14 15:01 - 0000235 _____ () C:\ProgramData\UDATHXD.ini

Files to move or delete:
====================
C:\Users\{{USERNAME}}\appnimi-pdf-unlocker.dat


Some content of TEMP:
====================
C:\Users\{{USERNAME}}\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzvds5g.dll
C:\Users\{{USERNAME}}\AppData\Local\Temp\safepstbackup_1_00.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-14 00:05

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 21.05.2015, 12:30   #4
Johannes85
 
Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes) - Standard

Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes)



Addition.txt
FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2015
Ran by {{USERNAME}} at 2015-05-21 10:16:46
Running from C:\Users\{{USERNAME}}\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1317513966-3781302880-2816950935-500 - Administrator - Disabled)
Backup User (S-1-5-21-1317513966-3781302880-2816950935-1002 - Limited - Enabled)
Gast (S-1-5-21-1317513966-3781302880-2816950935-501 - Limited - Disabled)
{{USERNAME}} (S-1-5-21-1317513966-3781302880-2816950935-1000 - Administrator - Enabled) => C:\Users\{{USERNAME}}

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.1.28086 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Aangifte voor buitenlandse belastingplichtigen 2014 (HKLM-x32\...\Aangifte voor buitenlandse belastingplichtigen 2014) (Version:  - Belastingdienst)
Acronis True Image 2014 (HKLM-x32\...\{3ECDD663-5AF8-489B-9E3C-561F33A271BD}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden
Acronis True Image 2014 Media Add-on (HKLM-x32\...\{D9CB9C60-DA08-49E7-BA08-2C864D17A3D1}) (Version: 17.0.6614 - Acronis)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.13 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe CS6 Design and Web Premium (HKLM-x32\...\{402F6F2E-5683-491C-977D-0CA599A07CAF}) (Version: 6 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.2 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.02.16 - ASUSTeK Computer Inc.)
Air Video Server 2.4.3 (HKLM-x32\...\Air Video Server) (Version: 2.4.3 - InMethod, s.r.o.)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon.com Kindle Fire (HKLM\...\Kindle Fire Drivers) (Version:  - )
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Profiles (x32 Version: 2.0.4331.36041 - Ihr Firmenname) Hidden
ARTS PDF Aerialist 1.2.2.2 (HKLM-x32\...\ARTS PDF Aerialist 1.2.2.2) (Version: 1.2.2.2 - ARTS PDF)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.1.000 - Asmedia Technology)
Atheros Driver Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AusweisApp2 (HKLM-x32\...\{51F89243-B40E-470B-9B9D-ADD19B344E55}) (Version: 1.2.0 - Governikus GmbH & Co. KG)
AVI Splitter (HKLM-x32\...\AVI Splitter_is1) (Version:  - )
AviSplit Classic Version 1.43 (HKLM-x32\...\AviSplit Classic (Freeware)_is1) (Version:  - Bobyte software)
Backuptrans iPhone SMS Backup & Restore 2.13.01 (HKLM-x32\...\Backuptrans iPhone SMS Backup & Restore) (Version: 2.13.01 - Backuptrans)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.85 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
calibre 64bit (HKLM\...\{1BC00DD4-173E-4325-BDB7-48A076DFC1EF}) (Version: 1.29.0 - Kovid Goyal)
CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.2.3442 - CDBurnerXP)
CommunicationsClients (HKLM-x32\...\{65B40D5A-4F5A-417E-981C-1AF942463BEF}) (Version: 4.1.46 - Communications Clients)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.02 - Creative Technology Limited)
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.0 - REINER SCT)
DB Browser for SQLite (HKLM-x32\...\SqliteBrowser3) (Version: 3.4.0 - oldsch00l)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
Dropbox (HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
Dyn Updater (HKLM-x32\...\DynUpdater) (Version: 4.1.10 - Dyn, Inc.)
EPS Viewer (HKLM-x32\...\{32E05824-A0AC-4DFE-B965-5F52C28FBE9F}_is1) (Version:  - IdeaMK)
FastStone Image Viewer 4.6 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.6 - FastStone Soft)
FileMaker Pro 8.5 (HKLM-x32\...\{34F3877C-6399-4A89-98FD-C3FE32EEE25C}) (Version: 8.5.2.0 - FileMaker, Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.4.719 - Foxit Corporation)
Free Download Manager 3.9.4 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Freemake Audio Converter Version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
Freemake Video Converter Version 4.0.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.2 - Ellora Assets Corporation)
Git version 1.9.5-preview20150319 (HKLM-x32\...\Git_is1) (Version: 1.9.5-preview20150319 - The Git Development Community)
GnuWin32: LibArchive-2.4.12-1 (HKLM-x32\...\LibArchive-2.4.12-1_is1) (Version: 2.4.12-1 - GnuWin32)
GnuWin32: Wget-1.11.4-1 (HKLM-x32\...\Wget-1.11.4-1_is1) (Version: 1.11.4-1 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.05) (Version: 9.05 - Artifex Software Inc.)
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
HiPath 3000 Manager E  70.50.401.0 (HKLM-x32\...\{4736607E-57BF-11D4-9881-005004EDBBBD}) (Version:  - )
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Power Advisor (HKLM-x32\...\{DFB435B0-5F4A-4556-BBC9-A062AF526F59}) (Version: 6.2.0 - Hewlett-Packard Company)
HP Sizing Tool Update Components (HKLM-x32\...\{BC9A4617-6F5A-45D0-9947-05258AAE924A}) (Version: 11.7.0 - Hewlett-Packard Company)
HydraVision (x32 Version: 4.2.218.0 - Advanced Micro Devices, Inc.) Hidden
ID3-TagIT 3 (HKLM-x32\...\ID3-TagIT 3_is1) (Version: 3 - Michael Pluemper)
Intel(R) Network Connections 16.6.126.0 (HKLM\...\PROSetDX) (Version: 16.6.126.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
ISO2Disc 1.05 (HKLM-x32\...\ISO2Disc_is1) (Version:  - Top Password Software, Inc.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
jEdit 4.5.2 (HKLM\...\jEdit_is1) (Version: 4.5.2 - Contributors)
JetBrains PhpStorm 141.1000 (HKLM-x32\...\PhpStorm 141.1000) (Version: 141.1000 - JetBrains s.r.o.)
JustCloud  (HKLM\...\JustCloud) (Version:  - JustCloud)
KeePass Password Safe 2.29 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.29 - Dominik Reichl)
Maple 16 (HKLM\...\Maple 16) (Version:  - Maplesoft)
Maple 16 (HKLM-x32\...\Maple 16) (Version: 16.0.0.0 - Maplesoft)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1014 - Marvell)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{963E5FEB-1367-46B9-851D-A957F1A3747F}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Miro Video Converter (HKLM-x32\...\Miro Video Converter) (Version: 0.8.0 - Participatory Culture Foundation)
Mozilla Firefox 17.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 17.0.4 (x86 de)) (Version: 17.0.4 - Mozilla)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mp3tag v2.52 (HKLM-x32\...\Mp3tag) (Version: v2.52 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Myo Connect (HKLM-x32\...\Thalmic Labs Myo Connect) (Version: 0.5.1 - Thalmic Labs)
MySQL Workbench 6.1 CE (HKLM-x32\...\{AD95295B-0279-43B6-A873-F12A1D1CD146}) (Version: 6.1.7 - Oracle Corporation)
Node.js (HKLM\...\{862C0963-2F76-4BAA-B219-360DD390C85F}) (Version: 0.12.0 - Joyent, Inc. and other Node contributors)
NSIS Example2 (HKLM-x32\...\AuroraCoin) (Version:  - )
NX Client for Windows 3.5.0-9 (HKLM-x32\...\nxclient_is1) (Version: 3.5.0-9 - NoMachine)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Oscars Renamer PRO version 2.0.1 (HKLM-x32\...\{F011DFCF-9A61-491F-AB3C-F141FF0A88C5}_is1) (Version: 2.0.1 - Mediachance.com)
Passware Kit - 5.0.0 (HKLM-x32\...\Passware Kit - 5.0.0) (Version:  - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF Split And Merge Basic (HKLM-x32\...\{9A40D2F8-9458-458B-95E3-B57797C574E1}) (Version: 2.2.4 - Andrea Vacondio)
PDFtk - The PDF Toolkit version 2.02 (HKLM-x32\...\{C65EA7B8-FC21-4896-AD44-9CE952BB1255}_is1) (Version: 2.02 - PDF Labs)
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RapidSVN-0.12.1 (HKLM-x32\...\RapidSVN-0.12.1_is1) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.43 - Piriform)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Secure Download Manager (HKLM-x32\...\{1FED7EA0-9369-4E63-81BB-511F93441456}) (Version: 3.1.50 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SSH Secure Shell (HKLM-x32\...\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}) (Version:  - )
Stellarium 0.13.2 (HKLM\...\Stellarium_is1) (Version: 0.13.2 - Stellarium team)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.5.2 - Krzysztof Kowalczyk)
System Requirements Lab for Intel (HKLM-x32\...\{C71067FC-288F-4E0B-88C6-44DFDA8311E2}) (Version: 4.5.9.0 - Husdawg, LLC)
TeXnicCenter Version 1.0 Stable RC1 (HKLM-x32\...\TeXnicCenter_is1) (Version: Version 1.0 Stable RC1 - TeXnicCenter.org)
TortoiseSVN 1.8.10.26129 (64 bit) (HKLM\...\{A9E679EC-8FD4-49D8-A5A5-ACE462515A9E}) (Version: 1.8.26129 - TortoiseSVN)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.0 - Ghisler Software GmbH)
Transcribe! 8.40 (HKLM-x32\...\Transcribe!_is1) (Version: 8.40 - Seventh String Software)
UltraVnc (HKLM-x32\...\Ultravnc_is1) (Version: 1.1.0 - uvnc bvba)
Vim 7.4 (self-installing) (HKLM\...\Vim 7.4) (Version:  - )
Virtual Router v1.0 (HKLM-x32\...\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}) (Version: 1.0 - Chris Pietschmann)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 2.10.1.1735 - 1&1 Mail & Media GmbH)
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows-Treiberpaket - Amazon.com (WinUSB) KindleFireUsbDeviceClass  (08/20/2012 1.0.0000.00000) (HKLM\...\289137531F7C014BF296EFFBFC7E3748A293FEE9) (Version: 08/20/2012 1.0.0000.00000 - Amazon.com)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireshark 1.10.8 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.8 - The Wireshark developer community, hxxp://www.wireshark.org)
wx-devcpp 6.10.2 (4.9.9.2) (HKLM-x32\...\wx-devcpp) (Version:  - )
XAMPP 1.8.0 (HKLM-x32\...\xampp) (Version:  - )
Xming 6.9.0.31 (HKLM-x32\...\Xming_is1) (Version: 6.9.0.31 - Colin Harrison)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\{{USERNAME}}\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\{{USERNAME}}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\{{USERNAME}}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\{{USERNAME}}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\{{USERNAME}}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\{{USERNAME}}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\{{USERNAME}}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\{{USERNAME}}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\{{USERNAME}}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\{{USERNAME}}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

16-05-2015 03:35:57 Windows Update
17-05-2015 12:00:17 Windows-Sicherung
19-05-2015 03:36:33 Windows Update
21-05-2015 03:00:10 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {015976DA-C993-4DF6-8B8E-3B32D4A87C55} - System32\Tasks\{642F4CBC-71DF-4E7E-BB6C-21F78F5F78ED} => C:\Program Files (x86)\Maple\bin.win\maplew9.exe
Task: {0BE888DB-D21C-49BF-A3E0-7AD32A1A0098} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {12D6E77E-FFD1-4AEA-96C8-AC20BFB94FE6} - System32\Tasks\{7074D61B-26D4-455E-8F70-B136C175F4A0} => C:\Program Files (x86)\Network Notepad\netpad.exe
Task: {1551C0E1-70C3-4CB2-A544-9858D6633AF8} - System32\Tasks\Zählerstand C220 abfragen => C:\xampp\php\php.exe [2012-06-13] (The PHP Group)
Task: {1F4881F4-610E-4C13-B948-193246DEE430} - System32\Tasks\Zählerstand C360 abfragen => C:\xampp\php\php.exe [2012-06-13] (The PHP Group)
Task: {21C46FB2-E128-49A8-88D0-F58E9C32C16E} - System32\Tasks\Aktien => cmd.exe /c"C:\xampp\htdocs\aktien\nightly.cmd"
Task: {2D4C5652-DBB0-4367-984D-ACD8F480FF04} - System32\Tasks\{3E6B010C-6B3C-494B-B88E-F28439007BA9} => C:\Program Files (x86)\Maple\bin.win\maplew9.exe
Task: {35C8F96B-850F-4D54-830D-C5EC9D25E2F5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {43BC16C5-3C54-438B-82A0-7E8CF2231D03} - System32\Tasks\{660951AA-D8E7-48B7-87AD-0AB6D72BB6CA} => C:\Program Files (x86)\WorldOfGoo\WorldOfGoo.exe [2008-11-14] ()
Task: {5675C82D-AABF-4B3B-BF50-17B623429A48} - System32\Tasks\{E8E3D630-9AAB-4CEA-A070-54791364E6FD} => C:\Program Files (x86)\Maple\bin.win\maplew9.exe
Task: {686C2714-0C0E-493A-A0F0-230676A87847} - System32\Tasks\{DB5D777B-7E6F-4051-8403-95FCF90897C4} => pcalua.exe -a "C:\Program Files (x86)\Maple\Uninstall\Uninstall Maple 9.exe"
Task: {6AE3822B-D10C-4057-BE24-5C76FE96E71F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14] (Google Inc.)
Task: {75462D49-5223-43B7-8FA4-BE95A4FA9C38} - System32\Tasks\Zählerstand P951 abfragen => C:\xampp\php\php.exe [2012-06-13] (The PHP Group)
Task: {7772BAC0-AE14-4A70-A3C2-CD81769FBAFE} - System32\Tasks\{F0221D7C-20E9-4041-B682-BF1CD4E869C3} => pcalua.exe -a "C:\Users\{{USERNAME}}\Desktop\maple 8 - fullversion - serial\Windows\Windows\WindowsSetup.exe" -d "C:\Users\{{USERNAME}}\Desktop\maple 8 - fullversion - serial\Windows\Windows"
Task: {781588CA-D92D-4349-9D7F-24282A237906} - System32\Tasks\{FD90D8ED-0AC4-4F82-B2FD-7A36676617B6} => C:\Program Files (x86)\Maple\bin.win\maplew9.exe
Task: {89FA3568-0989-40FF-874A-3D24B819CB36} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {974505E9-AD2C-4BB8-A521-C748C1049560} - System32\Tasks\Rechnung => C:\xampp\php\php.exe [2012-06-13] (The PHP Group)
Task: {97FD775C-1755-435A-92D3-6C132E244F87} - System32\Tasks\LaunchApp => C:\Program Files (x86)\JustCloud\JustCloud.exe
Task: {A4DADEB8-3B52-4D8E-AB62-3AAEDDC37947} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14] (Google Inc.)
Task: {A8BC3F37-DC96-4ED5-A21B-CC81CD1F6534} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {AECFDE29-F611-4423-BF68-2AD6F8DD90DB} - System32\Tasks\AdobeAAMUpdater-1.0-{{PC}}-{{USERNAME}} => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {B67448E3-3A12-40E9-A8E1-79E8D0E2F793} - System32\Tasks\{09046B1B-8B4B-4090-AEED-C6A06394543C} => C:\Users\{{USERNAME}}\Desktop\OJ8600_Basicx86_1315.exe
Task: {D4F2FF0E-2A0F-4BE9-BE40-797A44D68CFB} - System32\Tasks\{FAACFEFE-BF7D-4409-AE85-44C584FC62BD} => pcalua.exe -a "C:\Users\{{USERNAME}}\Desktop\maple\Windows\Windows\WindowsSetup.exe" -d "C:\Users\{{USERNAME}}\Desktop\maple\Windows\Windows"
Task: {D6E13892-BEC0-4275-BED4-3658348ACAAA} - System32\Tasks\{B0B07D09-C939-4517-9539-4CB8996677B1} => C:\Program Files (x86)\Maple\bin.win\maplew9.exe
Task: {E268E5AB-D7C2-4E64-9457-9C46EC5D3C3D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd)
Task: {E4155F56-447A-4DD1-989D-2952E7B537F7} - System32\Tasks\{7DB68139-FB61-4A68-8808-FCECCF217875} => C:\Program Files (x86)\Maple\bin.win\maplew9.exe
Task: {EAA86364-3F48-4C6B-8177-2DD091661D45} - System32\Tasks\{B01C8AD2-AF1F-4C77-AC9A-ED4BF5BFA4DF} => C:\Program Files (x86)\WorldOfGoo\WorldOfGoo.exe [2008-11-14] ()
Task: {FDC329F7-E5ED-480D-AEC6-651F14FB8DD3} - System32\Tasks\4Team updater => C:\Program Files (x86)\4Team Corporation\4Team-Updater\4Team-Updater.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2011-03-10 09:14 - 2013-03-23 15:51 - 00015360 _____ () C:\Windows\System32\KOAZ8A_L.DLL
2015-02-12 13:22 - 2015-02-12 13:22 - 00086016 _____ () C:\Windows\SysWOW64\redmonnt.dll
2012-06-29 15:59 - 2012-06-29 15:59 - 08180224 _____ () c:\xampp\mysql\bin\mysqld.exe
2011-10-29 03:59 - 2011-10-29 03:59 - 00918448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
2014-12-17 22:31 - 2014-12-17 22:31 - 00076032 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2014-12-17 22:30 - 2014-12-17 22:30 - 00088832 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2013-10-01 11:32 - 2013-10-01 11:32 - 02818216 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2010-09-22 03:03 - 2010-09-22 03:03 - 04923784 _____ () C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
2012-05-10 15:16 - 2012-05-10 15:16 - 00108032 _____ () c:\xampp\apache\bin\pcre.dll
2012-06-06 14:30 - 2012-06-06 14:30 - 00067072 _____ () c:\xampp\apache\bin\zlib1.dll
2012-06-14 19:21 - 2012-06-14 19:21 - 00025088 _____ () C:\xampp\php\php5apache2_4.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-10 15:17 - 2007-05-31 08:38 - 00167936 ____N () C:\Windows\SysWOW64\SerialXP.dll
2012-05-10 15:16 - 2012-05-10 15:16 - 00108032 _____ () C:\xampp\apache\bin\pcre.dll
2012-06-06 14:30 - 2012-06-06 14:30 - 00067072 _____ () C:\xampp\apache\bin\zlib1.dll
2012-09-16 21:05 - 2015-05-13 03:26 - 00025600 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.18\PEbiosinterface32.dll
2012-09-16 20:50 - 2010-06-29 04:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.18\ATKEX.dll
2012-09-16 19:41 - 2007-09-13 18:05 - 00002560 _____ () C:\Windows\system32\CTXFIGER.DLL
2014-12-03 20:07 - 2014-12-03 20:07 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
2014-02-04 19:25 - 2014-02-04 19:25 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2014-02-04 19:25 - 2014-02-04 19:25 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2015-05-13 03:26 - 2015-05-13 03:26 - 00043008 _____ () c:\Users\{{USERNAME}}\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzvds5g.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\{{USERNAME}}\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\{{USERNAME}}\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\{{USERNAME}}\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\{{USERNAME}}\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-10-10 13:02 - 2013-10-10 13:02 - 00013120 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll
2012-09-16 19:42 - 2009-10-02 16:07 - 00176128 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2015-02-11 18:28 - 2015-02-11 18:28 - 00016384 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\bc9bcf53b97e0180a22783ef8b2567c2\PSIClient.ni.dll
2014-02-04 19:28 - 2014-02-04 19:28 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2014-12-17 21:53 - 2014-12-17 21:53 - 00065792 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
2014-12-17 21:53 - 2014-12-17 21:53 - 00071936 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\24564479.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\24564479.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\...\127.0.0.1 -> hxxp://127.0.0.1


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ASUS ShellProcess Execute => C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
MSCONFIG\startupreg: Myo Connect => "C:\Program Files (x86)\Thalmic Labs\Myo Connect\Myo Connect.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E6CE692F-0152-43F2-A651-60AA28D47E77}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
FirewallRules: [{B61E6549-2C65-43D1-AB0F-D08CB1E322C6}] => (Allow) LPort=5900
FirewallRules: [{C0B81259-3817-4C70-90A3-4C30AEDC5C5A}] => (Allow) LPort=5800
FirewallRules: [{74EB7205-1515-454F-807B-F0EC030CE85B}] => (Allow) C:\Program Files (x86)\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{CACA6FF3-3197-4218-9FE0-230D2B74A143}] => (Allow) C:\Program Files (x86)\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{C3A0C707-7B4D-4D2D-A5A0-1A5D92D0B078}] => (Allow) C:\Program Files (x86)\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{68D8EAF8-59ED-4784-ACFC-1285A3C40572}] => (Allow) C:\Program Files (x86)\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [TCP Query User{0EEC40B1-2551-45A2-B676-B7CB5C5D770A}C:\program files (x86)\nx client for windows\nxclient.exe] => (Allow) C:\program files (x86)\nx client for windows\nxclient.exe
FirewallRules: [UDP Query User{B77FD10A-FE48-4C05-B0AF-D3593AA3C5F9}C:\program files (x86)\nx client for windows\nxclient.exe] => (Allow) C:\program files (x86)\nx client for windows\nxclient.exe
FirewallRules: [TCP Query User{55554ACD-7B2A-4940-B5EC-2BBE6C3CD065}C:\program files (x86)\nx client for windows\bin\nxssh.exe] => (Allow) C:\program files (x86)\nx client for windows\bin\nxssh.exe
FirewallRules: [UDP Query User{72964D49-B23F-46C2-A658-5224383D3402}C:\program files (x86)\nx client for windows\bin\nxssh.exe] => (Allow) C:\program files (x86)\nx client for windows\bin\nxssh.exe
FirewallRules: [TCP Query User{E181F376-D5C4-4ADF-817F-C0B3714B178A}C:\program files (x86)\xming\xming.exe] => (Allow) C:\program files (x86)\xming\xming.exe
FirewallRules: [UDP Query User{C8C3B769-AC6A-4994-A385-9E0DF621DEC2}C:\program files (x86)\xming\xming.exe] => (Allow) C:\program files (x86)\xming\xming.exe
FirewallRules: [TCP Query User{76D7147D-B994-48D4-8967-17BAA3CC23A8}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{3959356A-7045-4155-B554-7964F9FD4DA1}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{D9909EC6-54B8-40A5-94FA-18AA50B949E1}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{FED3F621-1014-42DE-9199-C5AE3203773A}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{E30CC676-73E3-472A-A185-21298014A643}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6B214F23-4BB4-4E20-8552-E77DDA710352}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2D32E2CC-CF43-496E-AE33-AE1488682278}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0E13848B-A92E-4F86-8CB2-75E815760D45}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A421DBCA-2D84-468B-A6A9-8E8162FE4E77}] => (Allow) C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
FirewallRules: [{EF54AD10-4847-42CA-AA48-02BA34A9BF46}] => (Allow) C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
FirewallRules: [{671894E5-A286-402F-B180-92B526BBA4C4}] => (Allow) C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
FirewallRules: [{09957168-9F42-490A-A2D1-E78CF53FF870}] => (Allow) C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
FirewallRules: [TCP Query User{E6B7ADFF-1B68-4725-9350-0AED4CE73A0E}C:\program files (x86)\filemaker\filemaker pro 8.5\filemaker pro.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 8.5\filemaker pro.exe
FirewallRules: [UDP Query User{76C21AB7-3F5F-4347-8225-18788F0A35CE}C:\program files (x86)\filemaker\filemaker pro 8.5\filemaker pro.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 8.5\filemaker pro.exe
FirewallRules: [TCP Query User{6A820D8E-1146-46A0-82E6-1722AA5B0E92}C:\program files\totalcmd\totalcmd64.exe] => (Allow) C:\program files\totalcmd\totalcmd64.exe
FirewallRules: [UDP Query User{C5255C32-F2C8-4EDA-9196-823930B97F7E}C:\program files\totalcmd\totalcmd64.exe] => (Allow) C:\program files\totalcmd\totalcmd64.exe
FirewallRules: [TCP Query User{E0EB6F65-F04F-43F0-908D-0715C7FA093E}C:\hfs.exe] => (Allow) C:\hfs.exe
FirewallRules: [UDP Query User{28D0E2CF-DE27-43AA-8F8F-F8B10173921B}C:\hfs.exe] => (Allow) C:\hfs.exe
FirewallRules: [TCP Query User{39F2E585-EE9C-42C5-90D2-AC39E8D4A36F}C:\program files\windows sidebar\sidebar.exe] => (Allow) C:\program files\windows sidebar\sidebar.exe
FirewallRules: [UDP Query User{E8830896-28D6-42D9-B2BA-6CD7FD7D7B1E}C:\program files\windows sidebar\sidebar.exe] => (Allow) C:\program files\windows sidebar\sidebar.exe
FirewallRules: [TCP Query User{F242E69C-B1E1-4DA8-ACC2-F11904E46F3F}C:\program files\maple 16\jre\bin\maple.exe] => (Allow) C:\program files\maple 16\jre\bin\maple.exe
FirewallRules: [UDP Query User{887598C2-0BD1-4B85-8913-648B3AF2611B}C:\program files\maple 16\jre\bin\maple.exe] => (Allow) C:\program files\maple 16\jre\bin\maple.exe
FirewallRules: [TCP Query User{A00F40F9-4490-4A91-999C-69FCF521F7BC}C:\program files\maple 16\jre\bin\java.exe] => (Allow) C:\program files\maple 16\jre\bin\java.exe
FirewallRules: [UDP Query User{B8B1684E-0D82-4C37-85E4-7296AE934F42}C:\program files\maple 16\jre\bin\java.exe] => (Allow) C:\program files\maple 16\jre\bin\java.exe
FirewallRules: [{928320E1-1532-4D90-8E6A-BFE384778D4D}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{4F348571-A951-411E-9DA1-E1A2697E8D4C}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{9041BF8A-C869-4EA1-81C0-8C1D79D24440}C:\program files (x86)\jetbrains\phpstorm 7.0.1\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 7.0.1\bin\phpstorm.exe
FirewallRules: [UDP Query User{C6FEF07C-6922-4CF5-A315-3ECC1E59EDC5}C:\program files (x86)\jetbrains\phpstorm 7.0.1\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 7.0.1\bin\phpstorm.exe
FirewallRules: [{62BD67DA-516D-449A-901C-40F2AFE88D7C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{78F10D37-1353-4A33-B106-98D1665C047F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{76299CB1-6B75-49A9-91CA-B66DD651C5BC}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{22E5F75B-E8D7-4AA6-90C4-B900D1C78C51}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{4892C602-0CA2-429A-AA46-A1B771B77AD2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{7FC78A29-06F6-4FA5-B382-6E3CEB9F0CC8}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{B18625F5-8A90-4895-8D9A-029A6B2A3556}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{4EC9ADF9-4A8E-478F-B507-99C2E179DAA8}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{D5E7162B-8079-477B-9D57-8D8D35565C04}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{23B68863-BD44-4774-A722-FD8E2BF786ED}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{F83D032D-CC66-4173-B9A9-F1034ED05F01}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{13E4114F-F6EF-42A8-86FC-E85419ACA48F}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [TCP Query User{0F74A14C-1F04-4B12-BA9D-2CEAC1CA6688}C:\program files (x86)\auroracoin\auroracoin-qt.exe] => (Allow) C:\program files (x86)\auroracoin\auroracoin-qt.exe
FirewallRules: [UDP Query User{9E6B5866-4DAA-40C7-99F6-B87F2BA9D962}C:\program files (x86)\auroracoin\auroracoin-qt.exe] => (Allow) C:\program files (x86)\auroracoin\auroracoin-qt.exe
FirewallRules: [TCP Query User{2F901A03-CBAB-44C7-AF51-AA5A43C65A0B}C:\users\{{USERNAME}}\desktop\coino\coino-qt.exe] => (Allow) C:\users\{{USERNAME}}\desktop\coino\coino-qt.exe
FirewallRules: [UDP Query User{7EDD828A-8909-4AB3-8A42-80EA956DCA89}C:\users\{{USERNAME}}\desktop\coino\coino-qt.exe] => (Allow) C:\users\{{USERNAME}}\desktop\coino\coino-qt.exe
FirewallRules: [TCP Query User{B2A9F7F0-9141-4159-8DA2-5BA640BBF11D}C:\users\{{USERNAME}}\desktop\rpc\ronpaulcoin-qt.exe] => (Allow) C:\users\{{USERNAME}}\desktop\rpc\ronpaulcoin-qt.exe
FirewallRules: [UDP Query User{6424E736-8235-4709-B547-0AF63AC1E538}C:\users\{{USERNAME}}\desktop\rpc\ronpaulcoin-qt.exe] => (Allow) C:\users\{{USERNAME}}\desktop\rpc\ronpaulcoin-qt.exe
FirewallRules: [TCP Query User{271EF109-2FDD-497C-90D0-32B353CF1C9D}C:\users\{{USERNAME}}\desktop\hfs.exe] => (Block) C:\users\{{USERNAME}}\desktop\hfs.exe
FirewallRules: [UDP Query User{8997731F-10D7-4E11-AC0A-598E81BCD1A4}C:\users\{{USERNAME}}\desktop\hfs.exe] => (Block) C:\users\{{USERNAME}}\desktop\hfs.exe
FirewallRules: [TCP Query User{2C8FFA6B-788F-441C-B9BF-80D87A853B7A}C:\program files (x86)\jetbrains\phpstorm 138.1505\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 138.1505\bin\phpstorm.exe
FirewallRules: [UDP Query User{58492CD7-B68D-4B0D-8AE6-CE70DD044554}C:\program files (x86)\jetbrains\phpstorm 138.1505\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 138.1505\bin\phpstorm.exe
FirewallRules: [TCP Query User{2C00972D-0B2F-466A-8CD4-A8615FB1EE07}C:\xampp\php\php.exe] => (Allow) C:\xampp\php\php.exe
FirewallRules: [UDP Query User{F65A3D22-0F08-4BA3-A3E6-9AADADE61D53}C:\xampp\php\php.exe] => (Allow) C:\xampp\php\php.exe
FirewallRules: [{88496175-92D0-40AD-9C76-DF37A623A307}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{D242DE63-B906-4CA4-801B-BB3767B1A959}C:\program files (x86)\jetbrains\phpstorm 8.0.2\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 8.0.2\bin\phpstorm.exe
FirewallRules: [UDP Query User{149D3410-729B-48F8-A3AC-5BA23E27E627}C:\program files (x86)\jetbrains\phpstorm 8.0.2\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 8.0.2\bin\phpstorm.exe
FirewallRules: [{B5984E2B-B217-4211-8CC9-4F7465DA7173}] => (Allow) C:\Users\{{USERNAME}}\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{38F9B4FC-591E-4B5C-AADA-AF6433076E53}] => (Allow) C:\Users\{{USERNAME}}\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B2028365-CBB8-4EDA-BABE-DFD499BB3C9A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BEA93529-A069-45AD-B300-A67E72D0B15E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A8B7AD51-1D6D-46CE-9945-E56D14DF759A}C:\program files (x86)\free download manager\fdm.exe] => (Allow) C:\program files (x86)\free download manager\fdm.exe
FirewallRules: [UDP Query User{65D816A8-3CC6-4FCD-80CA-D166FC55F475}C:\program files (x86)\free download manager\fdm.exe] => (Allow) C:\program files (x86)\free download manager\fdm.exe
FirewallRules: [TCP Query User{45A5F8A1-9966-4CCF-86DB-935701436C18}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe
FirewallRules: [UDP Query User{F1C011FB-BCA9-48B9-B26E-07B247659047}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe
FirewallRules: [TCP Query User{7DE0CB75-85C4-4C48-BC82-8699C9F74DA4}C:\program files (x86)\jetbrains\phpstorm 8.0.2\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 8.0.2\bin\phpstorm.exe
FirewallRules: [UDP Query User{33697D60-9CA3-4490-8600-90388037EAA8}C:\program files (x86)\jetbrains\phpstorm 8.0.2\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 8.0.2\bin\phpstorm.exe
FirewallRules: [TCP Query User{3C341A16-9B6F-4D28-904B-3F358B841D07}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{277B1E46-8752-4E3E-BFB1-4F2A80807A72}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{832DB58B-B633-4EDA-8059-2918F48BA2B7}C:\users\{{USERNAME}}\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\{{USERNAME}}\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{D0792AF4-3C1F-45A8-9C89-E8ABB068A7D1}C:\users\{{USERNAME}}\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\{{USERNAME}}\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{B34263FC-9AE0-47D2-A926-5A0E0075D1E2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{50FA7AA4-6DA3-40FC-B67E-3CB1DF23BCF4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{189BC851-26F2-4451-8AD9-962C75DB5C79}C:\program files (x86)\jetbrains\phpstorm 141.473\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 141.473\bin\phpstorm.exe
FirewallRules: [UDP Query User{1F74910C-2FA5-40F4-A8D8-95277BCD9D28}C:\program files (x86)\jetbrains\phpstorm 141.473\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 141.473\bin\phpstorm.exe
FirewallRules: [{16348255-7588-4BC5-85BE-5A00927E3B0C}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
FirewallRules: [{55584585-1B80-4965-86F3-D6B0A4374C6E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{1BC413A3-A254-439E-AC46-62CB61BC070C}C:\program files (x86)\jetbrains\phpstorm 141.1000\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 141.1000\bin\phpstorm.exe
FirewallRules: [UDP Query User{B186E552-E863-4F5D-BC4D-B6F1989C9C1C}C:\program files (x86)\jetbrains\phpstorm 141.1000\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 141.1000\bin\phpstorm.exe
FirewallRules: [TCP Query User{45A540EE-CD5C-4117-A611-E2DB05A2FD75}C:\program files (x86)\jetbrains\phpstorm 141.1000\jre\jre\bin\java.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 141.1000\jre\jre\bin\java.exe
FirewallRules: [UDP Query User{8A07933F-80F5-4102-AD85-EB8CE78FFF3C}C:\program files (x86)\jetbrains\phpstorm 141.1000\jre\jre\bin\java.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 141.1000\jre\jre\bin\java.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth Module
Description: Bluetooth Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Atheros AR9002WB-1NG Wireless Network Adapter
Description: Atheros AR9002WB-1NG Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/21/2015 00:46:57 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (05/21/2015 00:46:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/20/2015 00:10:28 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (05/20/2015 00:10:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/18/2015 11:48:46 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (05/18/2015 11:48:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/18/2015 03:44:51 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (05/18/2015 03:44:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/18/2015 00:51:24 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (05/18/2015 00:51:19 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (05/19/2015 09:56:31 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.

Error: (05/19/2015 09:56:31 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.

Error: (05/19/2015 09:56:31 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.

Error: (05/19/2015 09:56:31 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.

Error: (05/19/2015 09:56:31 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.

Error: (05/19/2015 09:56:31 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.

Error: (05/19/2015 09:56:30 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.

Error: (05/19/2015 09:56:30 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.

Error: (05/19/2015 09:56:30 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.

Error: (05/19/2015 09:56:30 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.


Microsoft Office Sessions:
=========================
Error: (05/21/2015 00:46:57 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\CommunicationsClients\OutlookIntegration\OLI.dll.ManifestC:\Program Files (x86)\CommunicationsClients\OutlookIntegration\OLI.dll.Manifest4

Error: (05/21/2015 00:46:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\ASUS\ai suite ii\asus mobilink\simulator\killproc.exe

Error: (05/20/2015 00:10:28 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\CommunicationsClients\OutlookIntegration\OLI.dll.ManifestC:\Program Files (x86)\CommunicationsClients\OutlookIntegration\OLI.dll.Manifest4

Error: (05/20/2015 00:10:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\ASUS\ai suite ii\asus mobilink\simulator\killproc.exe

Error: (05/18/2015 11:48:46 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\CommunicationsClients\OutlookIntegration\OLI.dll.ManifestC:\Program Files (x86)\CommunicationsClients\OutlookIntegration\OLI.dll.Manifest4

Error: (05/18/2015 11:48:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\ASUS\ai suite ii\asus mobilink\simulator\killproc.exe

Error: (05/18/2015 03:44:51 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\CommunicationsClients\OutlookIntegration\OLI.dll.ManifestC:\Program Files (x86)\CommunicationsClients\OutlookIntegration\OLI.dll.Manifest4

Error: (05/18/2015 03:44:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\asus\ai suite ii\asus mobilink\simulator\killproc.exe

Error: (05/18/2015 00:51:24 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\CommunicationsClients\OutlookIntegration\OLI.dll.ManifestC:\Program Files (x86)\CommunicationsClients\OutlookIntegration\OLI.dll.Manifest4

Error: (05/18/2015 00:51:19 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\ASUS\ai suite ii\asus mobilink\simulator\killproc.exe


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3930K CPU @ 3.20GHz
Percentage of memory in use: 13%
Total physical RAM: 61388.67 MB
Available physical RAM: 52929.32 MB
Total Pagefile: 61386.88 MB
Available Pagefile: 53323.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive b: (Backup) (Fixed) (Total:1863.01 GB) (Free:235.5 GB) NTFS
Drive c: () (Fixed) (Total:447.06 GB) (Free:360.16 GB) NTFS
Drive d: (Data) (Fixed) (Total:476.94 GB) (Free:265.04 GB) NTFS
Drive f: (Filesharing) (Fixed) (Total:5 GB) (Free:4.53 GB) NTFS
Drive g: (EOS_DIGITAL) (Removable) (Total:3.78 GB) (Free:3.13 GB) FAT32
Drive m: (Movies) (Fixed) (Total:1863.01 GB) (Free:1298.24 GB) NTFS
Drive s: (Software) (Fixed) (Total:471.94 GB) (Free:407.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 447.2 GB) (Disk ID: 1ECE2817)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: 6F03043C)
Partition 1: (Not Active) - (Size=471.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: 6F03043B)
Partition 1: (Not Active) - (Size=476.9 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: EDA3CD21)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: BECFC4AC)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 3.8 GB) (Disk ID: 98D2A730)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0C)

==================== End Of Log ============================
         
--- --- ---

Alt 22.05.2015, 06:55   #5
schrauber
/// the machine
/// TB-Ausbilder
 

Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes) - Standard

Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes)



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.05.2015, 20:27   #6
Johannes85
 
Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes) - Beitrag

Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes)



Hallo schrauber!

Hier ist das Log.


Code:
ATTFilter
ComboFix 15-05-19.01 - Johannes Brand 22.05.2015  21:05:29.1.12 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.61389.57162 [GMT 2:00]
ausgeführt von:: c:\users\Johannes Brand\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\XTab\SupTab.dll
c:\programdata\ntuser.pol
c:\users\Johannes Brand\AppData\Local\assembly\tmp
c:\users\Johannes Brand\AppData\Roaming\poclbm
c:\users\Johannes Brand\AppData\Roaming\poclbm\poclbm.ini
c:\users\Johannes Brand\AppData\Roaming\poclbm\poclbm_scrypt.ini
c:\users\Johannes Brand\ia_remove.sh5226.tmp
c:\windows\wininit.ini
.
----- Datei Replikatoren -----
.
c:\program files (x86)\Git\bin\git.exe
c:\program files (x86)\Git\libexec\git-core\git-add.exe
c:\program files (x86)\Git\libexec\git-core\git-annotate.exe
c:\program files (x86)\Git\libexec\git-core\git-apply.exe
c:\program files (x86)\Git\libexec\git-core\git-archive.exe
c:\program files (x86)\Git\libexec\git-core\git-bisect--helper.exe
c:\program files (x86)\Git\libexec\git-core\git-blame.exe
c:\program files (x86)\Git\libexec\git-core\git-branch.exe
c:\program files (x86)\Git\libexec\git-core\git-bundle.exe
c:\program files (x86)\Git\libexec\git-core\git-cat-file.exe
c:\program files (x86)\Git\libexec\git-core\git-check-attr.exe
c:\program files (x86)\Git\libexec\git-core\git-check-ignore.exe
c:\program files (x86)\Git\libexec\git-core\git-check-mailmap.exe
c:\program files (x86)\Git\libexec\git-core\git-check-ref-format.exe
c:\program files (x86)\Git\libexec\git-core\git-checkout-index.exe
c:\program files (x86)\Git\libexec\git-core\git-checkout.exe
c:\program files (x86)\Git\libexec\git-core\git-cherry-pick.exe
c:\program files (x86)\Git\libexec\git-core\git-cherry.exe
c:\program files (x86)\Git\libexec\git-core\git-clean.exe
c:\program files (x86)\Git\libexec\git-core\git-clone.exe
c:\program files (x86)\Git\libexec\git-core\git-column.exe
c:\program files (x86)\Git\libexec\git-core\git-commit-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-commit.exe
c:\program files (x86)\Git\libexec\git-core\git-config.exe
c:\program files (x86)\Git\libexec\git-core\git-count-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-credential.exe
c:\program files (x86)\Git\libexec\git-core\git-describe.exe
c:\program files (x86)\Git\libexec\git-core\git-diff-files.exe
c:\program files (x86)\Git\libexec\git-core\git-diff-index.exe
c:\program files (x86)\Git\libexec\git-core\git-diff-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-diff.exe
c:\program files (x86)\Git\libexec\git-core\git-fast-export.exe
c:\program files (x86)\Git\libexec\git-core\git-fetch-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-fetch.exe
c:\program files (x86)\Git\libexec\git-core\git-fmt-merge-msg.exe
c:\program files (x86)\Git\libexec\git-core\git-for-each-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-format-patch.exe
c:\program files (x86)\Git\libexec\git-core\git-fsck-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-fsck.exe
c:\program files (x86)\Git\libexec\git-core\git-gc.exe
c:\program files (x86)\Git\libexec\git-core\git-get-tar-commit-id.exe
c:\program files (x86)\Git\libexec\git-core\git-grep.exe
c:\program files (x86)\Git\libexec\git-core\git-hash-object.exe
c:\program files (x86)\Git\libexec\git-core\git-help.exe
c:\program files (x86)\Git\libexec\git-core\git-index-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-init-db.exe
c:\program files (x86)\Git\libexec\git-core\git-init.exe
c:\program files (x86)\Git\libexec\git-core\git-log.exe
c:\program files (x86)\Git\libexec\git-core\git-ls-files.exe
c:\program files (x86)\Git\libexec\git-core\git-ls-remote.exe
c:\program files (x86)\Git\libexec\git-core\git-ls-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-mailinfo.exe
c:\program files (x86)\Git\libexec\git-core\git-mailsplit.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-base.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-file.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-index.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-ours.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-recursive.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-subtree.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-merge.exe
c:\program files (x86)\Git\libexec\git-core\git-mktag.exe
c:\program files (x86)\Git\libexec\git-core\git-mktree.exe
c:\program files (x86)\Git\libexec\git-core\git-mv.exe
c:\program files (x86)\Git\libexec\git-core\git-name-rev.exe
c:\program files (x86)\Git\libexec\git-core\git-notes.exe
c:\program files (x86)\Git\libexec\git-core\git-pack-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-pack-redundant.exe
c:\program files (x86)\Git\libexec\git-core\git-pack-refs.exe
c:\program files (x86)\Git\libexec\git-core\git-patch-id.exe
c:\program files (x86)\Git\libexec\git-core\git-prune-packed.exe
c:\program files (x86)\Git\libexec\git-core\git-prune.exe
c:\program files (x86)\Git\libexec\git-core\git-push.exe
c:\program files (x86)\Git\libexec\git-core\git-read-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-receive-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-reflog.exe
c:\program files (x86)\Git\libexec\git-core\git-remote-ext.exe
c:\program files (x86)\Git\libexec\git-core\git-remote-fd.exe
c:\program files (x86)\Git\libexec\git-core\git-remote.exe
c:\program files (x86)\Git\libexec\git-core\git-repack.exe
c:\program files (x86)\Git\libexec\git-core\git-replace.exe
c:\program files (x86)\Git\libexec\git-core\git-rerere.exe
c:\program files (x86)\Git\libexec\git-core\git-reset.exe
c:\program files (x86)\Git\libexec\git-core\git-rev-list.exe
c:\program files (x86)\Git\libexec\git-core\git-rev-parse.exe
c:\program files (x86)\Git\libexec\git-core\git-revert.exe
c:\program files (x86)\Git\libexec\git-core\git-rm.exe
c:\program files (x86)\Git\libexec\git-core\git-send-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-shortlog.exe
c:\program files (x86)\Git\libexec\git-core\git-show-branch.exe
c:\program files (x86)\Git\libexec\git-core\git-show-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-show.exe
c:\program files (x86)\Git\libexec\git-core\git-stage.exe
c:\program files (x86)\Git\libexec\git-core\git-status.exe
c:\program files (x86)\Git\libexec\git-core\git-stripspace.exe
c:\program files (x86)\Git\libexec\git-core\git-symbolic-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-tag.exe
c:\program files (x86)\Git\libexec\git-core\git-unpack-file.exe
c:\program files (x86)\Git\libexec\git-core\git-unpack-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-update-index.exe
c:\program files (x86)\Git\libexec\git-core\git-update-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-update-server-info.exe
c:\program files (x86)\Git\libexec\git-core\git-upload-archive.exe
c:\program files (x86)\Git\libexec\git-core\git-var.exe
c:\program files (x86)\Git\libexec\git-core\git-verify-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-verify-tag.exe
c:\program files (x86)\Git\libexec\git-core\git-whatchanged.exe
c:\program files (x86)\Git\libexec\git-core\git-write-tree.exe
c:\program files (x86)\Git\libexec\git-core\git.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\afm2afm.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\arlatex.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\authorindex.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\autoinst.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\bib2xhtml.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\bibhtml.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\biokey2html.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\biokey2html1.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\biokey2html2.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\biokey2html3.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\birm.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\bundledoc.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\cmap2enc.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\csvtools.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\ctanify.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\ctanupload.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\dosepsbin.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\dumphint.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\eps2eps.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\etexdef.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\exceltex.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\feynmf.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\fig4latex.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\findhyph.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\font2afm.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\font2c.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\fullref.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\gsbj.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\gsdj.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\gsdj500.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\gslj.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\gslp.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\gsnd.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\gsndt.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\gssetgs.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\gst.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\gstt.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\ht.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\htcontext.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\htcopy.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\htlatex.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\htmex.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\htmove.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\httex.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\httexi.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\htxelatex.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\htxetex.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\ibyhyph.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\internal\runbat.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\internal\runperl.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\latexdef.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\latexdiff-fast.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\latexdiff-so.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\latexdiff-vc.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\latexdiff.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\latexmk.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\latexpand.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\latexrevise.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\lp386.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\lp386r2.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\lpgs.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\lpr2.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\lualatexdef.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\luatexdef.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\makeglossaries.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\makejmlrbook.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\mathspic.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\mathspic113.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\mf2pt1.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\mk4ht.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\mkjobtexmf.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\mkt1font.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\mptopdf.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\OOopict.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\orderrefs.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\ot2kpx.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\pdf2dsc.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\pdf2ps.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\pdfatfi.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\pdfcrop.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\pdflatexdef.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\pdfopt.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\pdftexdef.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\pedigree.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\perltex.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\pf2afm.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\pfbtopfa.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\pfm2kpx.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\pftogsf.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\pkfix-helper.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\pkfix.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\pn2pdf.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\ps2ascii.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\ps2epsi.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\ps2pdf.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\ps2pdf12.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\ps2pdf13.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\ps2pdf14.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\ps2pdfxx.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\ps2ps.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\ps2ps2.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\ps4pdf.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\pst2pdf.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\rcsinfo.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\showglyphs.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\splitindex.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\sty2dtx.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\svn-multi.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\texcount.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\texdef.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\texdiff.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\texdirflatten.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\thumbpdf.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\urlbst.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\vpe.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\vpl2ovp.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\vpl2vpl.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\wmakebat.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\xdv2pdf_mergemarks.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\xelatexdef.exe
c:\program files (x86)\MiKTeX 2.9\miktex\bin\xetexdef.exe
c:\users\Johannes Brand\AppData\Roaming\Microsoft\Installer\{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}\ARPPRODUCTICON.exe
c:\windows\Installer\{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}\ARPPRODUCTICON.exe
c:\windows\Installer\{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}\ARPPRODUCTICON.exe
c:\windows\Installer\{1DE2BD51-0300-772D-5E18-F337D95D5687}\ARPPRODUCTICON.exe
c:\windows\Installer\{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}\ARPPRODUCTICON.exe
c:\windows\Installer\{23F2C78C-E131-4CA0-8F84-3473FB7728BA}\EPP.exe
c:\windows\Installer\{23F2C78C-E131-4CA0-8F84-3473FB7728BA}\FEP.exe
c:\windows\Installer\{23F2C78C-E131-4CA0-8F84-3473FB7728BA}\INTUNE.exe
c:\windows\Installer\{23F2C78C-E131-4CA0-8F84-3473FB7728BA}\SCEP.exe
c:\windows\Installer\{275E9C49-C72F-D754-DEB7-77F10A9C00D8}\ARPPRODUCTICON.exe
c:\windows\Installer\{27726449-83B8-428D-92DE-101346C1E15C}\EPP.exe
c:\windows\Installer\{27726449-83B8-428D-92DE-101346C1E15C}\FEP.exe
c:\windows\Installer\{27726449-83B8-428D-92DE-101346C1E15C}\INTUNE.exe
c:\windows\Installer\{27726449-83B8-428D-92DE-101346C1E15C}\SCEP.exe
c:\windows\Installer\{30049739-BE95-6591-B504-E6D7057D49CC}\ARPPRODUCTICON.exe
c:\windows\Installer\{303CE0AA-A81D-4087-B620-AE4C3B404108}\ARPPRODUCTICON.exe
c:\windows\Installer\{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}\ARPPRODUCTICON.exe
c:\windows\Installer\{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}\ARPPRODUCTICON.exe
c:\windows\Installer\{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}\ARPPRODUCTICON.exe
c:\windows\Installer\{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}\ARPPRODUCTICON.exe
c:\windows\Installer\{5AF23993-7152-1620-E43F-1B4542FB4F84}\ARPPRODUCTICON.exe
c:\windows\Installer\{5E03A267-415E-5383-FA8F-3CE4145663B9}\ARPPRODUCTICON.exe
c:\windows\Installer\{5E03A267-415E-5383-FA8F-3CE4145663B9}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{5E03A267-415E-5383-FA8F-3CE4145663B9}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{5E03A267-415E-5383-FA8F-3CE4145663B9}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{5E03A267-415E-5383-FA8F-3CE4145663B9}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{63326924-3CAF-C858-3A8F-8598C87019D7}\ARPPRODUCTICON.exe
c:\windows\Installer\{63822E89-11AA-F8EC-D433-F72A85799EC0}\ARPPRODUCTICON.exe
c:\windows\Installer\{66361420-4905-AEB8-17AE-172FDD164A7E}\ARPPRODUCTICON.exe
c:\windows\Installer\{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}\ARPPRODUCTICON.exe
c:\windows\Installer\{81D00339-968D-15D1-3499-8431658E896F}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{81D00339-968D-15D1-3499-8431658E896F}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{81D00339-968D-15D1-3499-8431658E896F}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{81D00339-968D-15D1-3499-8431658E896F}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}\ARPPRODUCTICON.exe
c:\windows\Installer\{89EE4A30-080F-2C95-6F78-C98D18FBD74D}\ARPPRODUCTICON.exe
c:\windows\Installer\{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}\ARPPRODUCTICON.exe
c:\windows\Installer\{8D26D58C-3464-4C03-BB61-5695F984EFEF}\EPP.exe
c:\windows\Installer\{8D26D58C-3464-4C03-BB61-5695F984EFEF}\FEP.exe
c:\windows\Installer\{8D26D58C-3464-4C03-BB61-5695F984EFEF}\INTUNE.exe
c:\windows\Installer\{8D26D58C-3464-4C03-BB61-5695F984EFEF}\SCEP.exe
c:\windows\Installer\{97D7FB32-C400-7500-3596-5E10B70FECF2}\ARPPRODUCTICON.exe
c:\windows\Installer\{996D32B6-F629-4764-894B-CB24D9C19051}\EPP.exe
c:\windows\Installer\{996D32B6-F629-4764-894B-CB24D9C19051}\FEP.exe
c:\windows\Installer\{996D32B6-F629-4764-894B-CB24D9C19051}\INTUNE.exe
c:\windows\Installer\{996D32B6-F629-4764-894B-CB24D9C19051}\SCEP.exe
c:\windows\Installer\{9CF11D16-ECEB-90A5-A028-CA9E068D848B}\ARPPRODUCTICON.exe
c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
c:\windows\Installer\{A0A3CE05-96CB-52E9-434E-074F3BB7807E}\ARPPRODUCTICON.exe
c:\windows\Installer\{A9C64319-932F-D02B-B14C-FFFC3EC49E77}\ARPPRODUCTICON.exe
c:\windows\Installer\{B858CA94-FAA0-3663-01AE-0B0798C61657}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{B858CA94-FAA0-3663-01AE-0B0798C61657}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{B858CA94-FAA0-3663-01AE-0B0798C61657}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{B858CA94-FAA0-3663-01AE-0B0798C61657}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{BFAE8D5B-F918-486F-B74E-90762DF11C5C}\EPP.exe
c:\windows\Installer\{BFAE8D5B-F918-486F-B74E-90762DF11C5C}\FEP.exe
c:\windows\Installer\{BFAE8D5B-F918-486F-B74E-90762DF11C5C}\INTUNE.exe
c:\windows\Installer\{BFAE8D5B-F918-486F-B74E-90762DF11C5C}\SCEP.exe
c:\windows\Installer\{C09DB932-7619-7B56-30E3-C0454811D6D7}\ARPPRODUCTICON.exe
c:\windows\Installer\{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}\ARPPRODUCTICON.exe
c:\windows\Installer\{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}\EPP.exe
c:\windows\Installer\{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}\FEP.exe
c:\windows\Installer\{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}\INTUNE.exe
c:\windows\Installer\{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}\SCEP.exe
c:\windows\Installer\{D4B457B2-260F-C561-CA87-703BD3B724CA}\ARPPRODUCTICON.exe
c:\windows\Installer\{D6CDB506-297D-AE70-0EF6-DE5185F961BE}\ARPPRODUCTICON.exe
c:\windows\Installer\{D954C6C2-544B-4091-A47F-11E77162883E}\EPP.exe
c:\windows\Installer\{D954C6C2-544B-4091-A47F-11E77162883E}\FEP.exe
c:\windows\Installer\{D954C6C2-544B-4091-A47F-11E77162883E}\INTUNE.exe
c:\windows\Installer\{D954C6C2-544B-4091-A47F-11E77162883E}\SCEP.exe
c:\windows\Installer\{D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6}\EPP.exe
c:\windows\Installer\{D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6}\FEP.exe
c:\windows\Installer\{D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6}\INTUNE.exe
c:\windows\Installer\{D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6}\SCEP.exe
c:\windows\Installer\{E102B843-786A-4F58-AF75-6504570E207B}\EPP.exe
c:\windows\Installer\{E102B843-786A-4F58-AF75-6504570E207B}\FEP.exe
c:\windows\Installer\{E102B843-786A-4F58-AF75-6504570E207B}\INTUNE.exe
c:\windows\Installer\{E102B843-786A-4F58-AF75-6504570E207B}\SCEP.exe
c:\windows\Installer\{ECFD508E-68A2-91B2-46DD-1D03D783D94B}\ARPPRODUCTICON.exe
c:\windows\Installer\{EDE361D5-35A5-DA7D-3462-C3DABD24029B}\ARPPRODUCTICON.exe
c:\windows\Installer\{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}\ARPPRODUCTICON.exe
c:\windows\Installer\{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}\ARPPRODUCTICON.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_mv2
-------\Service_uvnc_service
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-04-22 bis 2015-05-22  ))))))))))))))))))))))))))))))
.
.
2015-05-22 19:08 . 2015-05-22 19:08	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-05-22 11:07 . 2015-03-26 19:57	1187344	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E0F688B-66DE-4B9E-9CC6-6FA36B0DAB1B}\gapaengine.dll
2015-05-22 11:07 . 2015-05-03 03:16	12214312	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C762F6E4-CD3F-4628-9C79-2AFBEE3E2B2D}\mpengine.dll
2015-05-21 10:43 . 2015-05-03 03:16	12214312	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-05-21 08:15 . 2015-05-21 08:17	--------	d-----w-	C:\FRST
2015-05-16 22:33 . 2015-05-17 18:12	--------	d-----w-	c:\users\Johannes Brand\AppData\Roaming\KeePass
2015-05-16 20:56 . 2015-05-16 20:56	--------	d-----w-	c:\program files (x86)\KeePass Password Safe 2
2015-05-15 10:43 . 2015-05-15 10:43	--------	d-----w-	c:\program files (x86)\Git
2015-05-13 01:01 . 2015-05-01 13:17	124112	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 01:01 . 2015-05-01 13:16	102608	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 19:34 . 2015-04-13 03:28	328704	----a-w-	c:\windows\system32\services.exe
2015-05-12 19:33 . 2015-04-08 03:29	1736192	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2015-05-12 19:32 . 2015-03-04 04:41	6656	----a-w-	c:\windows\system32\shimeng.dll
2015-05-12 19:32 . 2015-03-04 04:41	72192	----a-w-	c:\windows\system32\aelupsvc.dll
2015-05-12 19:32 . 2015-03-04 04:41	342016	----a-w-	c:\windows\system32\apphelp.dll
2015-05-12 19:32 . 2015-03-04 04:41	23552	----a-w-	c:\windows\system32\sdbinst.exe
2015-05-12 19:32 . 2015-03-04 04:11	5120	----a-w-	c:\windows\SysWow64\shimeng.dll
2015-05-12 19:32 . 2015-03-04 04:10	295936	----a-w-	c:\windows\SysWow64\apphelp.dll
2015-05-12 19:32 . 2015-03-04 04:10	20992	----a-w-	c:\windows\SysWow64\sdbinst.exe
2015-04-25 10:49 . 2015-04-25 10:49	--------	d-----w-	c:\program files (x86)\Common Files\Java
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-13 01:03 . 2012-09-16 17:35	140425016	----a-w-	c:\windows\system32\MRT.exe
2015-04-27 19:04 . 2015-05-12 19:34	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-04-25 10:49 . 2013-07-22 17:46	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-04-15 17:03 . 2012-09-17 14:56	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-15 17:03 . 2012-09-17 14:56	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-14 01:38 . 2015-04-14 01:38	1217192	----a-w-	c:\windows\SysWow64\FM20.DLL
2015-03-26 19:57 . 2012-09-27 01:10	1187344	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-25 03:24 . 2015-04-15 10:20	98304	----a-w-	c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 10:20	37376	----a-w-	c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 10:20	35328	----a-w-	c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 10:20	3298816	----a-w-	c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 10:20	2553856	----a-w-	c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 10:20	191488	----a-w-	c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 10:20	696320	----a-w-	c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 10:20	60416	----a-w-	c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 10:20	12288	----a-w-	c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 10:20	36864	----a-w-	c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 10:20	135168	----a-w-	c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 10:20	92672	----a-w-	c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 10:20	566784	----a-w-	c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 10:20	29696	----a-w-	c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 10:20	173056	----a-w-	c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 10:20	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-15 10:20	726528	----a-w-	c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 10:20	769536	----a-w-	c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 10:20	419840	----a-w-	c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 10:20	957952	----a-w-	c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 10:20	30720	----a-w-	c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 10:20	227328	----a-w-	c:\windows\system32\aepdu.dll
2015-03-23 03:24 . 2015-04-15 10:20	192000	----a-w-	c:\windows\system32\aepic.dll
2015-03-23 03:17 . 2015-04-15 10:20	1111552	----a-w-	c:\windows\system32\aeinv.dll
2015-03-10 03:25 . 2015-04-15 10:20	1882624	----a-w-	c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-15 10:20	2048	----a-w-	c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-15 10:20	1237504	----a-w-	c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-15 10:20	2048	----a-w-	c:\windows\SysWow64\msxml3r.dll
2015-03-05 05:12 . 2015-04-15 10:20	404480	----a-w-	c:\windows\system32\gdi32.dll
2015-03-05 04:05 . 2015-04-15 10:20	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
2015-03-04 17:34 . 2015-03-04 17:34	280376	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2015-03-04 17:34 . 2012-03-20 18:44	124568	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2015-03-04 04:55 . 2015-04-15 10:20	367552	----a-w-	c:\windows\system32\clfs.sys
2015-03-04 04:41 . 2015-04-15 10:20	79360	----a-w-	c:\windows\system32\clfsw32.dll
2015-03-04 04:41 . 2015-05-12 19:32	309248	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:41 . 2015-05-12 19:32	103424	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:10 . 2015-04-15 10:20	58880	----a-w-	c:\windows\SysWow64\clfsw32.dll
2015-03-04 04:10 . 2015-05-12 19:32	470528	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-12 19:32	2178560	----a-w-	c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-12 19:32	2560	----a-w-	c:\windows\apppatch\AcRes.dll
2015-03-03 13:17 . 2010-11-21 03:27	295552	------w-	c:\windows\system32\MpSigStub.exe
2015-02-25 03:18 . 2015-04-15 10:20	754688	----a-w-	c:\windows\system32\drivers\http.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"AirVideoServer"="c:\program files (x86)\AirVideoServer\AirVideoServer.exe" [2010-09-22 4923784]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-10-25 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-11-25 25600]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2015-04-29 41360]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2015-04-29 840592]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2014-02-04 7843744]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2013-10-10 1104616]
"CommunicationsClients Auto Update Service"="c:\program files (x86)\CommunicationsClients\osoupd.exe" [2013-10-03 471552]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AirVideoServer"="c:\program files (x86)\AirVideoServer\AirVideoServer.exe" [2010-09-22 4923784]
.
c:\users\Johannes Brand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Johannes Brand\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 43374104]
HFS.lnk - C:\hfs.exe [2014-2-28 759808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage-Technologie;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
R3 ACR122U;ACR122 Smart Card Reader;c:\windows\system32\DRIVERS\acr122.sys;c:\windows\SYSNATIVE\DRIVERS\acr122.sys [x]
R3 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe [x]
R3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\DRIVERS\cjusb.sys;c:\windows\SYSNATIVE\DRIVERS\cjusb.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
R4 IHProtect Service;IHProtect Service;c:\program files (x86)\XTab\ProtectService.exe;c:\program files (x86)\XTab\ProtectService.exe [x]
R4 WindowsMangerProtect;WindowsMangerProtect Service;c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe;c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys;c:\windows\SYSNATIVE\DRIVERS\mv91cons.sys [x]
S0 ocz10xx;ocz10xx;c:\windows\system32\drivers\ocz10xx.sys;c:\windows\SYSNATIVE\drivers\ocz10xx.sys [x]
S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys;c:\windows\SYSNATIVE\DRIVERS\nm3.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apache2.4;Apache2.4;c:\xampp\apache\bin\httpd.exe;c:\xampp\apache\bin\httpd.exe [x]
S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.00.11\AsusFanControlService.exe;c:\program files (x86)\ASUS\AsusFanControlService\1.00.11\AsusFanControlService.exe [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\SysWOW64\cjpcsc.exe;c:\windows\SysWOW64\cjpcsc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Dyn Updater;Dyn Updater;c:\program files (x86)\Dyn Updater\DynUpSvc.exe;c:\program files (x86)\Dyn Updater\DynUpSvc.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 OSO Update Service;OSO Update Service;c:\program files (x86)\CommunicationsClients\osoausvc.exe;c:\program files (x86)\CommunicationsClients\osoausvc.exe [x]
S2 Virtual Router;VirtualRouterService;c:\program files (x86)\Virtual Router\VirtualRouterService.exe;c:\program files (x86)\Virtual Router\VirtualRouterService.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys;c:\windows\SYSNATIVE\drivers\ha20x22k.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-22 07:34	986440	----a-w-	c:\program files (x86)\Google\Chrome\Application\43.0.2357.65\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-17 17:03]
.
2015-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14 15:12]
.
2015-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14 15:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Johannes Brand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Johannes Brand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Johannes Brand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Johannes Brand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Johannes Brand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Johannes Brand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Johannes Brand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Johannes Brand\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2013-10-01 09:32	2818216	----a-w-	c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2013-10-01 09:32	2818216	----a-w-	c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2013-10-01 09:32	2818216	----a-w-	c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-06-15 627360]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-06-15 379552]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2013-07-18 519408]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
uDefault_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1426846686&from=wpm03203&uid=3219913727_132823_DED6A03F&q={searchTerms}
mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420027279&from=cvs&uid=3219913727_132823_DED6A03F&q={searchTerms}
mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1420027279&from=cvs&uid=3219913727_132823_DED6A03F
mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1420027279&from=cvs&uid=3219913727_132823_DED6A03F
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1420027279&from=cvs&uid=3219913727_132823_DED6A03F&q={searchTerms}
uInternet Settings,ProxyOverride = *.local
IE: Alles mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Auswahl mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Client auf Monitor & öffnen1 - c:\windows\web\AOpenClient.htm
IE: Client auf Monitor & öffnen2 - c:\windows\web\AOpenClient.htm
IE: Datei mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
Trusted Zone: 127.0.0.1
TCP: Interfaces\{3AEC974B-24E3-4475-83E1-C29A875A9870}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C1CB1CEF-42D9-486D-A6F4-005DFD4EA7BE}: NameServer = 8.8.8.8,8.8.4.4
Handler: osf-roaming - {C57E9882-B128-4E07-BA2D-FF83B8989C76} - 
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Johannes Brand\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\
FF - prefs.js: browser.search.selectedEngine - delta-homes
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxps://www.google.de/#output=search&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2015-04-24 13:15; toolbar-ff@payback.de; c:\users\Johannes Brand\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\extensions\toolbar-ff@payback.de.xpi
FF - ExtSQL: 2015-04-25 21:07; scriptish@erikvold.com; c:\users\Johannes Brand\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\extensions\scriptish@erikvold.com.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
BHO-{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - c:\program files (x86)\XTab\SupTab.dll
BHO-{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} - c:\program files (x86)\XTab\SupTab.dll
Toolbar-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-ApplePhotoStreams - c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
Wow6432Node-HKCU-Run-iCloudServices - c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-24564479.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\xampp\mysql\bin\mysqld.exe
c:\program files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-05-22  21:12:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-05-22 19:12
.
Vor Suchlauf: 17 Verzeichnis(se), 385.759.690.752 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 385.808.805.888 Bytes frei
.
- - End Of File - - AAF618668C22D2CB162DBA7542DAC6D0
         

Es sieht mir so aus, als hätte der Combofix meinen UVNC-Service auch gekillt. Das ist zunächst mal nicht weiter tragisch. Hier können wir ja vielleicht zu einem späteren Zeitpunkt mal darüber reden, ob ich den wieder aktivieren darf.

Grüße

Johannes

Alt 23.05.2015, 19:46   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes) - Standard

Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes)



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.05.2015, 10:16   #8
Johannes85
 
Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes) - Standard

Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes)



Hallo schrauber,

ich habe die Schritte befolgt. Hier sind die Logs.
Ich schreib hier nur noch schnell zwei Dinge hin, die ich gerne im Hinterkopf behalten würde. Vielleicht kannst Du mir ja zu gegebener Zeit was dazu erzählen.
(1) Wo kommt der ganze Scheiß her? Also gibt es eine Sicherheitslücke, die ich stopfen muss, wenn die ganze Malware irgendwann mal weg ist?
(2) Darf ich irgendwann wieder meinen UVNC-Service benutzen, oder kann genau der die Sicherheitslücke sein?

Liebe Grüße

Johannes

MBAM
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 24.05.2015
Suchlauf-Zeit: 10:29:26
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.23.05
Rootkit Datenbank: v2015.05.16.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: {{{USERNAME}}}

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 399818
Verstrichene Zeit: 6 Min, 41 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 55
PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, In Quarantäne, [dc35deb9f39769cd55cc8e88857dfa06], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantäne, [47cadcbb890133034142b2e38182629e], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantäne, [47cadcbb890133034142b2e38182629e], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantäne, [47cadcbb890133034142b2e38182629e], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [26eb6631a0ea1f17094f4e1247bc3dc3], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [26eb6631a0ea1f17094f4e1247bc3dc3], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [26eb6631a0ea1f17094f4e1247bc3dc3], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [0f026e292b5f96a0666a0857a95ab64a], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [0f026e292b5f96a0666a0857a95ab64a], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [0f026e292b5f96a0666a0857a95ab64a], 
PUP.Optional.LuckyTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, In Quarantäne, [e32e3562b2d879bd9c68cb8ae2216799], 
PUP.Optional.LuckyTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, In Quarantäne, [e32e3562b2d879bd9c68cb8ae2216799], 
PUP.Optional.LuckyTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, In Quarantäne, [e32e3562b2d879bd9c68cb8ae2216799], 
PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, In Quarantäne, [7899efa8cfbb3cfaaf1940211ce7ae52], 
PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, In Quarantäne, [7899efa8cfbb3cfaaf1940211ce7ae52], 
PUP.Optional.GetNow.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, In Quarantäne, [7899efa8cfbb3cfaaf1940211ce7ae52], 
PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, In Quarantäne, [7899efa8cfbb3cfaaf1940211ce7ae52], 
PUP.Optional.GetNow.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, In Quarantäne, [7899efa8cfbb3cfaaf1940211ce7ae52], 
PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, In Quarantäne, [7899efa8cfbb3cfaaf1940211ce7ae52], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\delta-homesSoftware, In Quarantäne, [2be6a9ee385294a2da2c61a5d62e3bc5], 
PUP.Optional.FFPluginHp.A, HKLM\SOFTWARE\WOW6432NODE\FFPluginHp, In Quarantäne, [769b50472b5fd264b309c616c241c937], 
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, In Quarantäne, [26eb3c5bcdbd1521b4cf648917ec6799], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, In Quarantäne, [937ed5c2ddadaa8cb88857d519ebf50b], 
PUP.Optional.Picexa.A, HKLM\SOFTWARE\WOW6432NODE\PicexaSvc, In Quarantäne, [4ac75245ed9d54e201ef3046d72e4db3], 
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [f21fcacd305a7abc61bd0b5553b28c74], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WajIntEnhance, In Quarantäne, [759c3661335778be2a1232b8e81b669a], 
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, In Quarantäne, [18f9b8dff09adf57077e07185aaae818], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\jpmbfleldcgkldadpdinhjjopdfpjfjp, In Quarantäne, [ac65682f7b0f8caa2acfe143fc08659b], 
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\EJPBBHJLBIPNCJKLFJJAEDAIEIMBMDDA, In Quarantäne, [7c95e4b35238152199e8687534cf9c64], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, In Quarantäne, [7f927c1ba9e1b97d1544dc0b8b7837c9], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, In Quarantäne, [070aa7f0f694fb3b3f19cc1bee159b65], 
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, In Quarantäne, [828f5b3ca8e235013cd65a9bac5750b0], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, In Quarantäne, [779a8a0d3555122494c2826542c1c13f], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [c24f8f086f1b1c1a6cf347bad232c43c], 
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, In Quarantäne, [b1603760eaa03303f0d500f0857ec040], 
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [9a77ebac305a9b9b531f609720e3956b], 
PUP.Optional.HomeTab.A, HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\HomeTab, In Quarantäne, [20f1badda3e7f244342969a971939a66], 
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\SearchProtectWS, In Quarantäne, [b35e7f186921c27490cbb037a65d12ee], 
PUP.Optional.TNT.A, HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\TNT2, In Quarantäne, [878a97004b3f8fa78189a84109fa32ce], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\WajIntEnhance, In Quarantäne, [b25f3067315973c3ff3e3fabe1220af6], 
PUP.Optional.MultiIE.A, HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, In Quarantäne, [a26fe7b0ee9cc670bc2b3b2255b0e21e], 
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\EJPBBHJLBIPNCJKLFJJAEDAIEIMBMDDA, In Quarantäne, [be537b1c71198fa78bf7c71638cb8d73], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\INSTALLCORE, In Quarantäne, [31e02473503ae551cd4b182964a1ca36], 
PUP.Optional.DoSearch.A, HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, [90815e39206a7fb750f2736c8a79d52b], 
PUP.Optional.DoSearch.A, HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}, In Quarantäne, [cc453463d2b8ad89f84afce3b44fd828], 
PUP.Optional.Delta.A, HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [4ac79ef94446c472963346997e8528d8], 
PUP.Optional.DoSearch.A, HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}, In Quarantäne, [43ced5c21773a6902a1806d928dba65a], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, In Quarantäne, [8a87abec246647efe40cba298083c63a], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, In Quarantäne, [f51c46514842fb3b8c65bb28ce35f30d], 
PUP.Optional.Linkey.A, HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Linkey, In Quarantäne, [24ed970047431d1931c11ac9679cb848], 
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, In Quarantäne, [58b9b0e79bef79bd533bbdb5b4514bb5], 
PUP.Optional.Vosteran.A, HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, In Quarantäne, [0f02f5a26f1b48eedd16905319ea817f], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, In Quarantäne, [b75ae8af2a602e08797b01e2897ab050], 
PUP.Optional.QuickSearch.A, HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [43ceeea95238d1651eb9637a877c8e72], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\SIMPLYTECH\HomeTabWajIEnhance, In Quarantäne, [51c0435426643ff77cdba24559aabd43], 

Registrierungswerte: 23
PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{7473b6bd-4691-4744-a82b-7854eb3d70b6}, In Quarantäne, [7d94f2a5c0ca5adc840a96c8ca39b848], 
PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{7473B6BD-4691-4744-A82B-7854EB3D70B6}, uTorrentControl_v2 Toolbar, In Quarantäne, [7d94f2a5c0ca5adc840a96c8ca39b848]
PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{7473B6BD-4691-4744-A82B-7854EB3D70B6}, In Quarantäne, [7d94f2a5c0ca5adc840a96c8ca39b848], 
PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{7473b6bd-4691-4744-a82b-7854eb3d70b6}, In Quarantäne, [52bf6e29f09a2412dbb372eccb384fb1], 
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1420027279&from=cvs&uid=3219913727_132823_DED6A03F&q={searchTerms}, In Quarantäne, [8e83791e0684b482857e706c2fd4f10f]
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ejpbbhjlbipncjklfjjaedaieimbmdda|path, C:\Users\{{{USERNAME}}}\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx, In Quarantäne, [7c95e4b35238152199e8687534cf9c64]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1420027279&from=cvs&uid=3219913727_132823_DED6A03F&q={searchTerms}, In Quarantäne, [9879a9ee5a306fc75da68a522fd48878]
PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\{{{USERNAME}}}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\extensions\faststartff@gmail.com, In Quarantäne, [cf42acebc8c24ee82e181f4062a37c84]
PUP.Optional.SearchEngine.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|searchengine@gmail.com, C:\Users\{{{USERNAME}}}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\extensions\searchengine@gmail.com, In Quarantäne, [b45d33640c7ec76fd112d99217ee08f8]
PUP.Optional.IStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|istart_ffnt@gmail.com, C:\Users\{{{USERNAME}}}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\extensions\istart_ffnt@gmail.com, In Quarantäne, [828f682fdfab64d28d4b39aa4ab99d63]
PUP.Optional.QuickSearch.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|quick_searchff@gmail.com, C:\Users\{{{USERNAME}}}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\extensions\quick_searchff@gmail.com, In Quarantäne, [c8499bfcd0ba89ad446be8f54ab9926e]
PUP.Optional.SweetSearch.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|sweetsearch@gmail.com, C:\Users\{{{USERNAME}}}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\extensions\sweetsearch@gmail.com, In Quarantäne, [cc459403f991e650efc1dd00ac578f71]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, wpm03203, In Quarantäne, [c24f8f086f1b1c1a6cf347bad232c43c]
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ejpbbhjlbipncjklfjjaedaieimbmdda|path, C:\Users\{{{USERNAME}}}\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx, In Quarantäne, [be537b1c71198fa78bf7c71638cb8d73]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\INSTALLCORE|tb, 0U1P1G1J1FtG0YtH0B, In Quarantäne, [31e02473503ae551cd4b182964a1ca36]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [90815e39206a7fb750f2736c8a79d52b]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [cc453463d2b8ad89f84afce3b44fd828]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FaviconURL, hxxp://do-search.com//favicon.ico, In Quarantäne, [a071d3c432588caa380a06d93dc6b14f]
PUP.Optional.Delta.A, HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, delta-homes, In Quarantäne, [4ac79ef94446c472963346997e8528d8]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [809144535a303ff7ae940dd254af37c9]
PUP.Optional.Delta.A, HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|TopResultURL, hxxp://search.delta-homes.com/web/?type=ds&ts=1426846686&from=wpm03203&uid=3219913727_132823_DED6A03F&q={searchTerms}, In Quarantäne, [c44d30672a6038feb217538c32d13cc4]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [43ced5c21773a6902a1806d928dba65a]
PUP.Optional.QuickSearch.A, HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\MOZILLA\EXTENDS|appid, quick_searchff@gmail.com, In Quarantäne, [43ceeea95238d1651eb9637a877c8e72]

Registrierungsdaten: 8
PUP.Optional.WebsSearches, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1420027279&from=cvs&uid=3219913727_132823_DED6A03F, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1420027279&from=cvs&uid=3219913727_132823_DED6A03F),Ersetzt,[f1207027c5c5fc3a27d418030ff707f9]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[fa17d2c53b4f5dd91d91fc2b7294c838]
PUP.Optional.WebsSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1420027279&from=cvs&uid=3219913727_132823_DED6A03F&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1420027279&from=cvs&uid=3219913727_132823_DED6A03F&q={searchTerms}),Ersetzt,[bc55009758325dd9857602195aac18e8]
PUP.Optional.WebsSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1420027279&from=cvs&uid=3219913727_132823_DED6A03F, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1420027279&from=cvs&uid=3219913727_132823_DED6A03F),Ersetzt,[1100b5e2305a0e28ab50b2694db9758b]
PUP.Optional.WebsSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1420027279&from=cvs&uid=3219913727_132823_DED6A03F, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1420027279&from=cvs&uid=3219913727_132823_DED6A03F),Ersetzt,[0f02d1c67a103afc6b90d348d92d9c64]
PUP.Optional.WebsSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://istart.webssearches.com/web/?type=ds&ts=1420027279&from=cvs&uid=3219913727_132823_DED6A03F&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1420027279&from=cvs&uid=3219913727_132823_DED6A03F&q={searchTerms}),Ersetzt,[59b8c2d5ccbe49ed47b4f2290600867a]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[17fac2d57d0d7eb89a14aa7d1de9c33d]
PUP.Optional.Delta.A, HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://search.delta-homes.com/web/?type=ds&ts=1426846686&from=wpm03203&uid=3219913727_132823_DED6A03F&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://search.delta-homes.com/web/?type=ds&ts=1426846686&from=wpm03203&uid=3219913727_132823_DED6A03F&q={searchTerms}),Ersetzt,[a66be4b3137773c3fd8e6fb9ef177f81]

Ordner: 40
PUP.Optional.ConduitTB.Gen, C:\Users\{{{USERNAME}}}\AppData\Local\CRE, In Quarantäne, [52bf1384c6c4f73f1967904de51e639d], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\image, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.InetStat.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat, In Quarantäne, [b55c6631f8922214cdc55a0edd28f50b], 
PUP.Optional.Wajam.A, C:\Users\{{{USERNAME}}}\AppData\Local\Wajam, In Quarantäne, [7e93f2a505850234bb19684449baa060], 
PUP.Optional.Wajam.A, C:\Users\{{{USERNAME}}}\AppData\Local\Wajam\Chrome, In Quarantäne, [7e93f2a505850234bb19684449baa060], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches\images, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches\images\code, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches\log, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.UTorrentControl.A, C:\Users\{{{USERNAME}}}\AppData\LocalLow\uTorrentControl_v2, In Quarantäne, [1ef37d1a375341f537cc1e92bc4705fb], 
PUP.Optional.UTorrentControl.A, C:\Users\{{{USERNAME}}}\AppData\LocalLow\uTorrentControl_v2\Logs, In Quarantäne, [1ef37d1a375341f537cc1e92bc4705fb], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, In Quarantäne, [f71ae3b499f1d26402f39329d33049b7], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [f71ae3b499f1d26402f39329d33049b7], 
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, In Quarantäne, [ec255a3d77133afc442c17bb17ec18e8], 
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, In Quarantäne, [ec255a3d77133afc442c17bb17ec18e8], 

Dateien: 104
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, In Quarantäne, [dc35deb9f39769cd55cc8e88857dfa06], 
Riskware.BitcoinMiner, C:\Program Files (x86)\AuroraCoin\minerd.exe, In Quarantäne, [858c8017eaa06ccaa5e1b0c62dd4d52b], 
PUP.Optional.ConduitTB.Gen, C:\Users\{{{USERNAME}}}\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx, In Quarantäne, [52bf1384c6c4f73f1967904de51e639d], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\uninstall.exe, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1025.xpi, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1031.xpi, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\install.data, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\searchProvider.xml, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about.png, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about_bk.png, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn.png, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn_apply.png, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\close.png, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf.xml, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf_back.png, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\input_bk.png, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\logo.png, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\main.xml, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_1.png, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_2.png, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\rigth_arrow.png, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\settings.png, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\data.html, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE.html, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE8.html, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\main.css, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\ver.txt, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\google_trends.png, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon128.png, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon16.png, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon48.png, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\loading.gif, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\logo32.ico, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\common.js, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ga.js, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery.autocomplete.js, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery.xdomainrequest.min.js, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\js.js, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\library.js, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit-ie8.js, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit2.0.js, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xdomain.min.js, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US\messages.json, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419\messages.json, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES\messages.json, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE\messages.json, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA\messages.json, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH\messages.json, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR\messages.json, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU\messages.json, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH\messages.json, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT\messages.json, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl\messages.json, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt\messages.json, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR\messages.json, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru\messages.json, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO\messages.json, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR\messages.json, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI\messages.json, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN\messages.json, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW\messages.json, In Quarantäne, [5fb2fb9c7e0cbb7b7e06f2fbaf54f010], 
PUP.Optional.Conduit.A, C:\Users\{{{USERNAME}}}\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage, In Quarantäne, [f61ba6f1e9a1a492fd258f851de7d42c], 
PUP.Optional.Conduit.A, C:\Users\{{{USERNAME}}}\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage-journal, In Quarantäne, [ca47336477130d297ca62aeadd275ca4], 
PUP.Optional.WebsSearches.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml, In Quarantäne, [5cb55146ddadba7ca1e6f12e5ba948b8], 
PUP.Optional.InetStat.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat\InetStat.lnk, In Quarantäne, [b55c6631f8922214cdc55a0edd28f50b], 
PUP.Optional.WindowsMangerProtect.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, In Quarantäne, [b1603760eaa03303f0d500f0857ec040], 
PUP.Optional.Wajam.A, C:\Users\{{{USERNAME}}}\AppData\Local\Wajam\Chrome\wajam.crx, In Quarantäne, [7e93f2a505850234bb19684449baa060], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches\363.json, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches\MessageBox.xml, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches\uninstallDlg2.xml, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches\UninstallManager.exe, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches\images\bg.png, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches\images\bg1.png, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches\images\bk_shadow.png, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches\images\button.png, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches\images\button1.png, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches\images\checkbox.png, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches\images\checkbox_select.png, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches\images\checked.png, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches\images\close.png, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches\images\loading_bg.png, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches\images\loading_light.png, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches\images\min.png, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches\images\scrollbar.bmp, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches\images\Thumbs.db, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches\images\unchecked.png, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches\images\code\code1.jpg, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches\images\code\code2.jpg, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches\images\code\code3.jpg, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches\images\code\code4.jpg, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches\images\code\code5.jpg, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches\images\code\code6.jpg, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches\images\code\Thumbs.db, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.WebsSearches.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\webssearches\log\UninstallManager_2014-12-31[13-02-24-241].log, In Quarantäne, [78997b1c4842b97d9be7f0bfd92aff01], 
PUP.Optional.UTorrentControl.A, C:\Users\{{{USERNAME}}}\AppData\LocalLow\uTorrentControl_v2\ldrtbuTor.dll, In Quarantäne, [1ef37d1a375341f537cc1e92bc4705fb], 
PUP.Optional.UTorrentControl.A, C:\Users\{{{USERNAME}}}\AppData\LocalLow\uTorrentControl_v2\tbuTor.dll, In Quarantäne, [1ef37d1a375341f537cc1e92bc4705fb], 
PUP.Optional.UTorrentControl.A, C:\Users\{{{USERNAME}}}\AppData\LocalLow\uTorrentControl_v2\toolbar.cfg, In Quarantäne, [1ef37d1a375341f537cc1e92bc4705fb], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, In Quarantäne, [f71ae3b499f1d26402f39329d33049b7], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\update.exe, In Quarantäne, [f71ae3b499f1d26402f39329d33049b7], 
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, In Quarantäne, [ec255a3d77133afc442c17bb17ec18e8], 
PUP.Optional.QuickStart.A, C:\Users\{{{USERNAME}}}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), Ersetzt,[91802f68f793fd39ba184e19c83e1be5]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
ADWCLEANER
Code:
ATTFilter
# AdwCleaner v4.205 - Bericht erstellt 24/05/2015 um 10:51:58
# Aktualisiert 21/05/2015 von Xplode
# Datenbank : 2015-05-21.2 [Lokal]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : {user_name} - {computer_name}
# Gestarted von : C:\Users\{user_name}\Desktop\AdwCleaner_4.205.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\{user_name}\AppData\LocalLow\Conduit
Datei Gelöscht : C:\Users\{user_name}\PUTTY.RND
Datei Gelöscht : C:\Users\{user_name}\AppData\Local\PUTTY.RND
Datei Gelöscht : C:\Users\{user_name}\AppData\Roaming\PUTTY.RND
Datei Gelöscht : C:\Users\{user_name}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\{user_name}\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_youtube.conduitapps.com_0.localstorage
Datei Gelöscht : C:\Users\{user_name}\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_youtube.conduitapps.com_0.localstorage-journal

***** [ Geplante Tasks ] *****

Task Gelöscht : LaunchApp

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Appscion
Schlüssel Gelöscht : HKCU\Software\Linkey
Schlüssel Gelöscht : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\hdcode
Schlüssel Gelöscht : HKLM\SOFTWARE\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\V9
Schlüssel Gelöscht : HKLM\SOFTWARE\winzipersvc
Schlüssel Gelöscht : HKLM\SOFTWARE\SpeedBit
Schlüssel Gelöscht : HKLM\SOFTWARE\AIM Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.1 (x86 de)

[psv85u7d.default\prefs.js] - Zeile Gelöscht : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[psv85u7d.default\prefs.js] - Zeile Gelöscht : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
[psv85u7d.default\prefs.js] - Zeile Gelöscht : user_pref("CT3220468.smartbar.CTID", "CT3220468");
[psv85u7d.default\prefs.js] - Zeile Gelöscht : user_pref("CT3220468.smartbar.Uninstall", "0");
[psv85u7d.default\prefs.js] - Zeile Gelöscht : user_pref("CT3220468.smartbar.homepage", true);
[psv85u7d.default\prefs.js] - Zeile Gelöscht : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
[psv85u7d.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468");
[psv85u7d.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[psv85u7d.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[psv85u7d.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v43.0.2357.65

[C:\Users\{user_name}\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\{user_name}\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : ejpbbhjlbipncjklfjjaedaieimbmdda
[C:\Users\{user_name}\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\{user_name}\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp
[C:\Users\{user_name}\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Default_Search_Provider_Data] : 

*************************

AdwCleaner[R0].txt - [37049 Bytes] - [24/05/2015 10:48:38]
AdwCleaner[S0].txt - [6338 Bytes] - [24/05/2015 10:51:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6397  Bytes] ##########
         
JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.8 (05.23.2015:2)
OS: Windows 7 Professional x64
Ran by Johannes Brand on 24.05.2015 at 10:57:48,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}



~~~ Files

Successfully deleted: [File] C:\Users\Johannes Brand\appdata\local\google\chrome\user data\default\local storage\http_toolbar.utorrent.com_0.localstorage
Successfully deleted: [File] C:\Users\Johannes Brand\appdata\local\google\chrome\user data\default\local storage\http_toolbar.utorrent.com_0.localstorage-journal



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\freerip



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Johannes Brand\AppData\Roaming\mozilla\firefox\profiles\psv85u7d.default\smartbar
Successfully deleted the following from C:\Users\Johannes Brand\AppData\Roaming\mozilla\firefox\profiles\psv85u7d.default\prefs.js

user_pref(CT3220468.ENABALE_HISTORY, {\dataType\:\string\,\data\:\true\});
user_pref(CT3220468.FirstTime, true);
user_pref(CT3220468.FirstTimeFF3, true);
user_pref(CT3220468.UserID, UN11099985691430114);
user_pref(CT3220468.addressBarTakeOverEnabledInHidden, true);
user_pref(CT3220468.autoDisableScopes, -1);
user_pref(CT3220468.browser.search.defaultthis.engineName, true);
user_pref(CT3220468.enableAlerts, always);
user_pref(CT3220468.enableSearchFromAddressBar, true);
user_pref(CT3220468.firstTimeDialogOpened, true);
user_pref(CT3220468.fixPageNotFoundError, true);
user_pref(CT3220468.fixPageNotFoundErrorInHidden, true);
user_pref(CT3220468.fixUrls, true);
user_pref(CT3220468.installId, fft6EE4.tmp.exe);
user_pref(CT3220468.installType, XPE);
user_pref(CT3220468.isEnableAllDialogs, {\dataType\:\string\,\data\:\true\});
user_pref(CT3220468.isNewTabEnabled, true);
user_pref(CT3220468.isToolbarShrinked, {\dataType\:\string\,\data\:\false\});
user_pref(CT3220468.isWelcomPage, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT3220468.keyword, true);
user_pref(CT3220468.navigationAliasesJson, {\EB_SEARCH_TERM\:\\,\EB_MAIN_FRAME_URL\:\\,\EB_MAIN_FRAME_TITLE\:\\,\EB_TOOLBAR_SUB_DOMAIN\:\hxxp://uTorrentContr
user_pref(CT3220468.openThankYouPage, true);
user_pref(CT3220468.openUninstallPage, FALSE);
user_pref(CT3220468.search.searchAppId, 129813684258939747);
user_pref(CT3220468.search.searchCount, 0);
user_pref(CT3220468.searchInNewTabEnabledInHidden, true);
user_pref(CT3220468.selectToSearchBoxEnabled, {\dataType\:\string\,\data\:\true\});
user_pref(CT3220468.serviceLayer_service_login_isFirstLoginInvoked, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT3220468.serviceLayer_service_login_loginCount, {\dataType\:\number\,\data\:\2\});
user_pref(CT3220468.serviceLayer_service_toolbarGrouping_activeCTID, {\dataType\:\string\,\data\:\CT3220468\});
user_pref(CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl, {\dataType\:\string\,\data\:\hxxp://uTorrentControlv2.OurToolbar.com//xpi\});
user_pref(CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName, {\dataType\:\string\,\data\:\uTorrentControl_v2\});
user_pref(CT3220468.serviceLayer_service_toolbarGrouping_invoked, {\dataType\:\string\,\data\:\true\});
user_pref(CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate, 1351371852162);
user_pref(CT3220468.serviceLayer_services_appsMetadata_lastUpdate, 1351371851843);
user_pref(CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate, 1351371852249);
user_pref(CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate, 1351371852359);
user_pref(CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate, 1351371852271);
user_pref(CT3220468.serviceLayer_services_searchAPI_lastUpdate, 1351371851750);
user_pref(CT3220468.serviceLayer_services_serviceMap_lastUpdate, 1351371851651);
user_pref(CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate, 1351371852141);
user_pref(CT3220468.serviceLayer_services_toolbarSettings_lastUpdate, 1351371851721);
user_pref(CT3220468.serviceLayer_services_translation_lastUpdate, 1351371851927);
user_pref(CT3220468.settingsINI, true);
user_pref(CT3220468.shouldFirstTimeDialog, false);
user_pref(CT3220468.startPage, TRUE);
user_pref(CT3220468.toolbarBornServerTime, 28-10-2012);
user_pref(CT3220468.toolbarCurrentServerTime, 28-10-2012);
user_pref(browser.search.searchengine.alias, delta-homes);
user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.iconURL, hxxp://search.delta-homes.com/favicon.ico);
user_pref(browser.search.searchengine.name, delta-homes);
user_pref(browser.search.searchengine.ptid, wpm05203);
user_pref(browser.search.searchengine.uid, 3219913727_132823_DED6A03F);
user_pref(browser.search.searchengine.url, hxxp://search.delta-homes.com/web/?type=ds&ts=1432166318&z=b825075606545a212e6f77bg9zdcco6g9q6qcc9o2e&from=wpm05203&uid=321991372
user_pref(browser.search.selectedEngine, delta-homes);



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Johannes Brand\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.05.2015 at 10:59:29,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST IM NÄCHSTEN POST, WEIL SONST ZU LANG

Alt 24.05.2015, 10:17   #9
Johannes85
 
Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes) - Standard

Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes)



FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by {user_name} (administrator) on {computer_name} on 24-05-2015 11:01:51
Running from C:\Users\{user_name}\Desktop
Loaded Profiles: {user_name} (Available profiles: {user_name})
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.11\AsusFanControlService.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [627360 2011-06-15] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-06-15] (Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519408 2013-07-18] (Acronis)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-04-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-04-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7843744 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104616 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [CommunicationsClients Auto Update Service] => C:\Program Files (x86)\CommunicationsClients\osoupd.exe [471552 2013-10-03] (eTellicom)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\...\Run: [AirVideoServer] => C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe [4923784 2010-09-22] ()
HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-10-25] (AMD)
HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [AirVideoServer] => C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe [4923784 2010-09-22] ()
Startup: C:\Users\{user_name}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-11-18]
ShortcutTarget: Dropbox.lnk -> C:\Users\{user_name}\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\{user_name}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HFS.lnk [2012-09-23]
ShortcutTarget: HFS.lnk -> C:\hfs.exe (rejetto)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{user_name}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{user_name}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{user_name}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{user_name}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{user_name}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{user_name}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{user_name}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{user_name}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1AMPCBOK] -> {04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} =>  No File
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-25] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-06-15] (Atheros Commnucations)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-30] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2014-04-29] (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-25] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-30] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler: osf-roaming - {C57E9882-B128-4E07-BA2D-FF83B8989C76} - C:\Users\{user_name}\Microsoft Office 15\root\Office15\MSOSB.DLL No File
Tcpip\..\Interfaces\{3AEC974B-24E3-4475-83E1-C29A875A9870}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{C1CB1CEF-42D9-486D-A6F4-005DFD4EA7BE}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\{user_name}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default
FF Homepage: google.de
FF Keyword.URL: https://www.google.de/#output=search&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1317513966-3781302880-2816950935-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll [2013-03-12] (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\{user_name}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\searchplugins\gmx-suche.xml [2014-06-25]
FF SearchPlugin: C:\Users\{user_name}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\searchplugins\webde-suche.xml [2014-06-25]
FF Extension: Html Validator - C:\Users\{user_name}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2014-08-15]
FF Extension: Firebug - C:\Users\{user_name}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\firebug@software.joehewitt.com.xpi [2012-09-17]
FF Extension: Ghostery - C:\Users\{user_name}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\firefox@ghostery.com.xpi [2013-08-18]
FF Extension: FireGestures - C:\Users\{user_name}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\firegestures@xuldev.org.xpi [2012-09-21]
FF Extension: ProxTube - C:\Users\{user_name}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: JSONView - C:\Users\{user_name}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\jsonview@brh.numbera.com.xpi [2012-10-13]
FF Extension: Scriptish - C:\Users\{user_name}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\scriptish@erikvold.com.xpi [2013-12-30]
FF Extension: SQLite Manager - C:\Users\{user_name}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2015-01-01]
FF Extension: PAYBACK Internet Assistent fuer Firefox - C:\Users\{user_name}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\toolbar-ff@payback.de.xpi [2015-04-02]
FF Extension: YouTube to MP3 - C:\Users\{user_name}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\youtube2mp3@mondayx.de.xpi [2012-09-17]
FF Extension: Video DownloadHelper - C:\Users\{user_name}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: Web Developer - C:\Users\{user_name}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-09-17]
FF Extension: Adblock Plus - C:\Users\{user_name}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-17]
FF Extension: Tab Mix Plus - C:\Users\{user_name}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-09-17]
FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-05-16]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-09-17]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\{user_name}\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Recognize It for Chrome) - C:\Users\{user_name}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bclaagbljldlbmihblajinlijckggkea [2012-10-14]
CHR Extension: (Web Developer) - C:\Users\{user_name}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2012-10-14]
CHR Extension: (YouTube) - C:\Users\{user_name}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-14]
CHR Extension: (Firebug Lite for Google Chrome™) - C:\Users\{user_name}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench [2012-10-14]
CHR Extension: (Adblock Plus) - C:\Users\{user_name}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-10-14]
CHR Extension: (Google Search) - C:\Users\{user_name}\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-14]
CHR Extension: (Tampermonkey) - C:\Users\{user_name}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2013-12-30]
CHR Extension: (Postman - REST Client (Packaged App)) - C:\Users\{user_name}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2015-05-16]
CHR Extension: (Bookmark Manager) - C:\Users\{user_name}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\{user_name}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-20]
CHR Extension: (YouTube to MP3 Converter) - C:\Users\{user_name}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldkainijooolihjoejfnponkcahmkafn [2012-10-14]
CHR Extension: (Refresh Monkey) - C:\Users\{user_name}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljngnafhejmefmijjoedbclkadhacebd [2015-05-16]
CHR Extension: (Ghostery) - C:\Users\{user_name}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2012-10-14]
CHR Extension: (Gmail) - C:\Users\{user_name}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 Apache2.4; c:\xampp\apache\bin\httpd.exe [22016 2012-06-06] (Apache Software Foundation) [File not signed]
S3 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-29] () [File not signed]
S3 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe [947328 2012-09-16] (ASUSTeK Computer Inc.)
S4 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.11\AsusFanControlService.exe [1430144 2011-10-06] (ASUSTeK Computer Inc.)
S2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-06-15] (Atheros) [File not signed]
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [80032 2011-06-15] (Atheros Commnucations) [File not signed]
S2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-09-16] (Creative Labs) [File not signed]
S2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S2 Dyn Updater; C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe [95608 2011-11-15] (Dyn, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S2 mysql; c:\xampp\mysql\bin\mysqld.exe [8180224 2012-06-29] () [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 OSO Update Service; C:\Program Files (x86)\CommunicationsClients\osoausvc.exe [487936 2013-09-14] (eTellicom) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 Virtual Router; C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe [12288 2013-02-10] (Chris Pietschmann (hxxp://pietschsoft.com)) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACR122U; C:\Windows\System32\DRIVERS\acr122.sys [62976 2014-11-13] (Advanced Card Systems Ltd.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2012-09-16] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41704 2012-08-01] (AnchorFree Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R0 ocz10xx; C:\Windows\System32\drivers\ocz10xx.sys [139056 2012-04-05] (OCZ Technology Group, Inc.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-12-29] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2013-12-29] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-12-29] (Acronis International GmbH)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-24 10:59 - 2015-05-24 10:59 - 00005646 _____ () C:\Users\{user_name}\Desktop\JRT.txt
2015-05-24 10:57 - 2015-05-24 10:57 - 00006449 _____ () C:\Users\{user_name}\Desktop\AdwCleaner[S0].txt
2015-05-24 10:57 - 2015-05-24 10:57 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-{computer_name}-Windows-7-Professional-(64-bit).dat
2015-05-24 10:57 - 2015-05-24 10:57 - 00000000 ____D () C:\RegBackup
2015-05-24 10:54 - 2015-05-24 10:54 - 00000000 ___RD () C:\Users\{user_name}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-05-24 10:48 - 2015-05-24 10:51 - 00000000 ____D () C:\AdwCleaner
2015-05-24 10:43 - 2015-05-24 10:45 - 00038416 _____ () C:\Users\{user_name}\Desktop\mbam.txt
2015-05-24 10:41 - 2015-05-24 10:41 - 02720636 _____ (Thisisu) C:\Users\{user_name}\Desktop\JRT.exe
2015-05-24 10:41 - 2015-05-24 10:41 - 02222592 _____ () C:\Users\{user_name}\Desktop\AdwCleaner_4.205.exe
2015-05-24 10:28 - 2015-05-24 10:54 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-24 10:28 - 2015-05-24 10:28 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-24 10:28 - 2015-05-24 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-24 10:28 - 2015-05-24 10:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-24 10:28 - 2015-05-24 10:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-24 10:28 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-24 10:28 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-24 10:28 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-24 10:26 - 2015-05-24 10:26 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\{user_name}\Desktop\mbam-setup-2.1.6.1022.exe
2015-05-23 10:23 - 2015-05-23 15:16 - 00000250 _____ () C:\Users\{user_name}\26-2015-05-23.csv
2015-05-23 09:36 - 2015-05-23 10:21 - 00060574 _____ () C:\Users\{user_name}\Desktop\dreiecke.pptx
2015-05-22 21:49 - 2015-05-23 19:01 - 00000000 ____D () C:\Users\{user_name}\Desktop\payback
2015-05-22 21:12 - 2015-05-22 21:12 - 00063243 _____ () C:\ComboFix.txt
2015-05-22 21:04 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-22 21:04 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-22 21:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-22 21:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-22 21:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-22 21:04 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-22 21:04 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-22 21:04 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-22 20:55 - 2015-05-22 21:12 - 00000000 ____D () C:\Qoobox
2015-05-22 20:55 - 2015-05-22 21:11 - 00000000 ____D () C:\Windows\erdnt
2015-05-22 20:50 - 2015-05-22 20:50 - 05627500 ____R (Swearware) C:\Users\{user_name}\Desktop\ComboFix.exe
2015-05-22 20:49 - 2015-05-22 21:25 - 00000490 _____ () C:\Users\{user_name}\26-2015-05-22.csv
2015-05-21 14:36 - 2015-05-21 14:36 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-21 12:43 - 2015-05-21 12:43 - 00024517 _____ () C:\Users\{user_name}\Desktop\Gmer_with_devices.txt
2015-05-21 12:38 - 2015-05-21 12:38 - 00024517 _____ () C:\Users\{user_name}\Desktop\Gmer.txt
2015-05-21 12:16 - 2015-05-21 12:16 - 00380416 _____ () C:\Users\{user_name}\Desktop\nnzspp5u.exe
2015-05-21 11:09 - 2015-05-21 19:17 - 00001801 _____ () C:\Users\{user_name}\26-2015-05-21.csv
2015-05-21 10:16 - 2015-05-24 11:01 - 00029836 _____ () C:\Users\{user_name}\Desktop\FRST.txt
2015-05-21 10:16 - 2015-05-21 13:31 - 00060580 _____ () C:\Users\{user_name}\Desktop\Addition.txt
2015-05-21 10:16 - 2015-05-21 13:11 - 00079302 _____ () C:\Users\{user_name}\Desktop\FRST_1.txt
2015-05-21 10:15 - 2015-05-24 11:01 - 00000000 ____D () C:\FRST
2015-05-21 10:14 - 2015-05-21 10:14 - 02107904 _____ (Farbar) C:\Users\{user_name}\Desktop\FRST64.exe
2015-05-21 10:13 - 2015-05-21 12:43 - 00000490 _____ () C:\Users\{user_name}\Desktop\defogger_disable.log
2015-05-21 10:13 - 2015-05-21 10:13 - 00000000 _____ () C:\Users\{user_name}\defogger_reenable
2015-05-21 10:12 - 2015-05-21 10:12 - 00050477 _____ () C:\Users\{user_name}\Desktop\Defogger.exe
2015-05-20 18:43 - 2015-05-20 18:43 - 00042945 _____ () C:\Users\{user_name}\Desktop\habermann.mw
2015-05-20 13:22 - 2015-05-20 19:23 - 00000741 _____ () C:\Users\{user_name}\26-2015-05-20.csv
2015-05-19 04:22 - 2015-05-19 21:57 - 00000492 _____ () C:\Users\{user_name}\26-2015-05-19.csv
2015-05-18 10:27 - 2015-05-18 21:12 - 00001539 _____ () C:\Users\{user_name}\26-2015-05-18.csv
2015-05-17 12:42 - 2015-05-17 17:00 - 00000363 _____ () C:\Users\{user_name}\26-2015-05-17.csv
2015-05-17 00:33 - 2015-05-17 20:12 - 00000000 ____D () C:\Users\{user_name}\AppData\Roaming\KeePass
2015-05-16 22:56 - 2015-05-16 22:56 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2015-05-16 22:56 - 2015-05-16 22:56 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2015-05-16 21:35 - 2015-05-16 21:35 - 00000000 ____D () C:\Users\{user_name}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-16 20:15 - 2015-05-21 01:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-16 01:54 - 2015-05-16 13:55 - 00000250 _____ () C:\Users\{user_name}\26-2015-05-16.csv
2015-05-16 00:00 - 2015-05-16 00:00 - 00001317 _____ () C:\Users\{user_name}\26-2015-05-15.csv
2015-05-15 12:43 - 2015-05-15 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2015-05-15 12:43 - 2015-05-15 12:43 - 00000000 ____D () C:\Program Files (x86)\Git
2015-05-15 09:50 - 2015-05-15 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2015-05-14 15:01 - 2015-05-14 21:42 - 00000852 _____ () C:\Users\{user_name}\26-2015-05-14.csv
2015-05-13 18:13 - 2015-05-13 18:23 - 00001198 _____ () C:\Users\{user_name}\26-2015-05-13.csv
2015-05-13 03:01 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:01 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 21:39 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 21:39 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 21:39 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 21:39 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 21:39 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 21:39 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 21:39 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 21:39 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 21:39 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 21:39 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 21:39 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 21:39 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 21:39 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 21:39 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 21:39 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 21:39 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 21:39 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 21:39 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 21:39 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 21:39 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 21:39 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 21:39 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 21:39 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 21:39 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 21:39 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 21:39 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 21:39 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 21:39 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 21:39 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 21:39 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 21:39 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 21:39 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 21:39 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 21:39 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 21:39 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 21:39 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 21:39 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 21:39 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 21:39 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 21:39 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 21:39 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 21:39 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 21:39 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 21:39 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 21:39 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 21:39 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 21:39 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 21:39 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 21:39 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 21:39 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 21:39 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 21:39 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 21:39 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 21:39 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 21:39 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 21:39 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 21:39 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 21:39 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 21:39 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 21:39 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 21:39 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 21:39 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 21:39 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 21:39 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 21:34 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-12 21:34 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 21:34 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 21:34 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-12 21:34 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-12 21:34 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 21:34 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 21:34 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-12 21:34 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-12 21:34 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-12 21:34 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-12 21:34 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 21:34 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-12 21:34 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-12 21:34 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-12 21:34 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-12 21:34 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-12 21:34 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 21:34 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-12 21:34 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-12 21:34 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 21:34 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 21:34 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-12 21:34 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-12 21:34 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 21:34 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-12 21:34 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-12 21:34 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-12 21:34 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-12 21:34 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 21:34 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 21:34 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 21:34 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 21:34 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 21:33 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 21:33 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 21:33 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 21:33 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 21:33 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 21:33 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 21:33 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 21:32 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-12 21:32 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-12 21:32 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 21:32 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-12 21:32 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-12 21:32 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-12 21:32 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 07:33 - 2015-05-12 12:53 - 00000131 _____ () C:\Users\{user_name}\26-2015-05-12.csv
2015-05-11 06:38 - 2015-05-11 21:07 - 00000611 _____ () C:\Users\{user_name}\26-2015-05-11.csv
2015-05-09 19:37 - 2015-05-09 19:37 - 00000612 _____ () C:\Users\{user_name}\26-2015-05-09.csv
2015-05-07 19:33 - 2015-05-07 23:18 - 00001088 _____ () C:\Users\{user_name}\26-2015-05-07.csv
2015-05-06 11:04 - 2015-05-07 00:00 - 00000735 _____ () C:\Users\{user_name}\26-2015-05-06.csv
2015-05-05 10:06 - 2015-05-05 10:06 - 00000131 _____ () C:\Users\{user_name}\26-2015-05-05.csv
2015-05-04 06:56 - 2015-05-04 07:06 - 00000249 _____ () C:\Users\{user_name}\26-2015-05-04.csv
2015-05-03 20:18 - 2015-05-03 20:18 - 00000720 _____ () C:\Users\{user_name}\26-2015-05-03.csv
2015-05-02 10:26 - 2015-05-02 15:03 - 00000251 _____ () C:\Users\{user_name}\26-2015-05-02.csv
2015-05-01 17:12 - 2015-05-01 18:27 - 00000853 _____ () C:\Users\{user_name}\26-2015-05-01.csv
2015-04-30 18:04 - 2015-04-30 19:15 - 00000250 _____ () C:\Users\{user_name}\26-2015-04-30.csv
2015-04-29 07:31 - 2015-04-29 19:59 - 00000968 _____ () C:\Users\{user_name}\26-2015-04-29.csv
2015-04-29 00:00 - 2015-04-29 00:00 - 00001278 _____ () C:\Users\{user_name}\26-2015-04-28.csv
2015-04-27 06:31 - 2015-04-27 21:41 - 00001777 _____ () C:\Users\{user_name}\26-2015-04-27.csv
2015-04-26 09:18 - 2015-04-26 19:49 - 00000842 _____ () C:\Users\{user_name}\26-2015-04-26.csv
2015-04-25 08:35 - 2015-04-25 10:09 - 00000131 _____ () C:\Users\{user_name}\26-2015-04-25.csv
2015-04-24 18:26 - 2015-05-19 21:53 - 00000000 ____D () C:\Users\{user_name}\Desktop\et4
2015-04-24 07:09 - 2015-04-25 00:00 - 00001079 _____ () C:\Users\{user_name}\26-2015-04-24.csv

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-24 10:59 - 2011-04-12 09:43 - 00700470 _____ () C:\Windows\system32\perfh007.dat
2015-05-24 10:59 - 2011-04-12 09:43 - 00150108 _____ () C:\Windows\system32\perfc007.dat
2015-05-24 10:59 - 2009-07-14 07:13 - 01624106 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-24 10:58 - 2009-07-14 06:45 - 00032000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-24 10:58 - 2009-07-14 06:45 - 00032000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-24 10:54 - 2012-10-14 17:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-24 10:54 - 2012-09-23 14:42 - 00043434 _____ () C:\Windows\setupact.log
2015-05-24 10:54 - 2012-09-17 18:55 - 00000000 ____D () C:\jexepackres
2015-05-24 10:54 - 2012-09-16 18:44 - 00000000 ____D () C:\Users\{user_name}\AppData\Local\VirtualStore
2015-05-24 10:54 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-24 10:53 - 2012-10-28 11:07 - 00279152 _____ () C:\Windows\PFRO.log
2015-05-24 10:52 - 2012-09-16 18:43 - 01539900 _____ () C:\Windows\WindowsUpdate.log
2015-05-24 10:51 - 2012-09-16 18:43 - 00000000 ____D () C:\Users\{user_name}
2015-05-24 10:39 - 2014-11-18 13:44 - 00000000 ____D () C:\Users\{user_name}\AppData\Roaming\Dropbox
2015-05-24 10:38 - 2015-02-13 14:49 - 00000000 ____D () C:\Users\{user_name}\AppData\Local\TSVNCache
2015-05-24 10:36 - 2014-02-08 19:40 - 00000000 ____D () C:\Program Files (x86)\AuroraCoin
2015-05-24 10:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-05-24 10:33 - 2012-10-14 17:12 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-24 10:03 - 2012-09-17 16:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-24 02:00 - 2014-06-26 08:19 - 00000000 ____D () C:\Users\{user_name}\AppData\Local\Adobe
2015-05-23 17:15 - 2015-02-13 14:10 - 00000000 ____D () C:\Users\{user_name}\Desktop\{surname}
2015-05-23 15:16 - 2010-12-30 13:19 - 00000000 ____D () C:\Users\{user_name}\Documents\Outlook-Dateien
2015-05-22 21:44 - 2012-12-23 12:41 - 00000000 ____D () C:\Temp
2015-05-22 21:12 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-22 21:10 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-22 21:09 - 2009-07-14 04:34 - 95158272 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-05-22 21:09 - 2009-07-14 04:34 - 47448064 _____ () C:\Windows\system32\config\components.bak
2015-05-22 21:09 - 2009-07-14 04:34 - 24117248 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-05-22 21:09 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-05-22 21:09 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-05-22 21:09 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-05-22 12:02 - 2012-09-27 12:00 - 00000203 _____ () C:\Windows\SysWOW64\cookieFileName
2015-05-21 19:17 - 2012-09-29 15:18 - 00000000 ____D () C:\Users\{user_name}\.jedit
2015-05-21 18:07 - 2014-06-25 10:31 - 00000000 ____D () C:\Users\{user_name}\AppData\Roaming\CC-Cache
2015-05-21 14:37 - 2012-09-17 21:41 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2015-05-21 14:37 - 2012-09-17 21:41 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2015-05-21 14:37 - 2012-09-17 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2015-05-21 12:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-21 12:33 - 2012-09-16 20:23 - 00000000 ____D () C:\Users\{user_name}\Documents\Bluetooth Folder
2015-05-21 12:27 - 2012-09-27 18:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-21 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-21 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-20 18:43 - 2012-09-30 15:25 - 00000000 ____D () C:\Users\{user_name}\.maplesoft
2015-05-17 10:07 - 2012-12-20 21:14 - 00000132 _____ () C:\Users\{user_name}\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2015-05-17 03:28 - 2012-10-14 17:12 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 03:28 - 2012-10-14 17:12 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 16:06 - 2014-08-24 13:29 - 00001456 _____ () C:\Users\{user_name}\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2015-05-16 01:59 - 2012-09-23 21:32 - 00000000 ____D () C:\Users\{user_name}\AppData\Roaming\vlc
2015-05-15 13:09 - 2013-08-18 19:30 - 00000000 ____D () C:\Users\{user_name}\AppData\Roaming\npm-cache
2015-05-15 12:38 - 2013-08-18 19:30 - 00000000 ____D () C:\Users\{user_name}\AppData\Roaming\npm
2015-05-15 09:50 - 2013-08-18 11:40 - 00000000 ____D () C:\Program Files (x86)\JetBrains
2015-05-14 14:13 - 2013-07-17 14:17 - 00000000 ____D () C:\Users\{user_name}\AppData\Roaming\TeamViewer
2015-05-13 04:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-13 03:25 - 2012-09-23 14:42 - 05333536 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 03:25 - 2012-09-16 20:34 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 03:25 - 2012-09-16 20:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 03:24 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 03:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 03:08 - 2012-09-17 17:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 03:07 - 2012-09-16 19:37 - 00002155 _____ () C:\Windows\epplauncher.mif
2015-05-13 03:07 - 2012-09-16 19:37 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-13 03:07 - 2012-09-16 19:37 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-13 03:07 - 2012-09-16 19:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-13 03:06 - 2013-07-25 21:07 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 03:03 - 2012-09-16 19:35 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 03:01 - 2012-09-16 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-11 20:43 - 2014-11-18 13:45 - 00000000 ____D () C:\Users\{user_name}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-09 17:35 - 2012-09-16 20:53 - 00000000 ____D () C:\Users\{user_name}\AppData\Local\CrashDumps
2015-04-25 12:50 - 2013-10-26 11:26 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-25 12:49 - 2013-07-22 19:46 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-25 12:49 - 2012-09-17 16:58 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-25 09:56 - 2014-11-02 19:39 - 00004736 ____H () C:\Users\{user_name}\_viminfo

==================== Files in the root of some directories =======

2012-12-20 21:14 - 2015-05-17 10:07 - 0000132 _____ () C:\Users\{user_name}\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2013-07-17 20:28 - 2013-07-17 21:27 - 0000116 _____ () C:\Users\{user_name}\AppData\Roaming\Camdata.ini
2013-07-17 20:28 - 2013-07-17 21:27 - 0000408 _____ () C:\Users\{user_name}\AppData\Roaming\CamLayout.ini
2013-07-17 20:28 - 2013-07-17 21:27 - 0000408 _____ () C:\Users\{user_name}\AppData\Roaming\CamShapes.ini
2013-07-17 20:28 - 2013-07-17 21:27 - 0004520 _____ () C:\Users\{user_name}\AppData\Roaming\CamStudio.cfg
2014-08-24 13:29 - 2015-05-16 16:06 - 0001456 _____ () C:\Users\{user_name}\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2013-07-17 17:51 - 2015-04-05 12:04 - 0006144 _____ () C:\Users\{user_name}\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-25 19:05 - 2013-08-25 19:05 - 0002286 _____ () C:\Users\{user_name}\AppData\Local\recently-used.xbel
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\{user_name}\AppData\Local\setup.txt
2013-12-23 22:13 - 2013-12-23 22:13 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-03-10 11:33 - 2013-03-10 11:33 - 0001534 _____ () C:\ProgramData\ss.ini
2010-01-14 15:01 - 2010-01-14 15:01 - 0000235 _____ () C:\ProgramData\UDATHXD.ini

Files to move or delete:
====================
C:\Users\{user_name}\appnimi-pdf-unlocker.dat


Some content of TEMP:
====================
C:\Users\{user_name}\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpakbgvc.dll
C:\Users\{user_name}\AppData\Local\Temp\Quarantine.exe
C:\Users\{user_name}\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 00:56

==================== End Of Log ============================
         
--- --- ---

Alt 25.05.2015, 10:14   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes) - Standard

Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes)




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.05.2015, 15:16   #11
Johannes85
 
Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes) - Standard

Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes)



Hallo schrauber,

das mit dem eset-log wird schwierig, weil ich den ersten Scan nach wahrscheinlich ungefähr 2 Stunden abgebrochen habe. Da hing eset immer noch beim Scan eines versuchten Backup-Sets und hatte insgesamt erst 3854 Files gescannt. Da das das erste von insgesamt 4 Backup-Sets war, habe ich mich entschieden, die Backup-HD erst mal zu formatieren.

Nachdem ich meine Backup-Platte formatiert hatte, was ich eh machen wollte, habe ich den Scan noch mal angestoßen.

Der ging dann durch, aber das LOG, was C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt liegt, gehört merkwürdigerweise zum ersten, abgebrochenen Scan.

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5f4f1932827a8d458c920835cb6d2376
# engine=24008
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-25 11:33:27
# local_time=2015-05-25 01:33:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 239156 103847229 0 0
# scanned=3854
# found=5
# cleaned=0
# scan_time=6788
sh=CE9E893172EBC4EB78EDA7604ECDFD30D85538A3 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="B:\{pc}\Backup Set 2014-07-13 120008\Backup Files 2014-07-13 120008\Backup files 104.zip"
sh=57488BE01D610CC630971A5194924DC4BE0E7EB4 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="B:\{pc}\Backup Set 2014-07-13 120008\Backup Files 2014-07-13 120008\Backup files 105.zip"
sh=D73C070CC2CD8603F7D338474DC5724D28160256 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="B:\{pc}\Backup Set 2014-07-13 120008\Backup Files 2014-07-13 120008\Backup files 106.zip"
sh=AA47BD2D3DEA98B3DC1A5F88EBED12BDEBF4C76E ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="B:\{pc}\Backup Set 2014-07-13 120008\Backup Files 2014-07-13 120008\Backup files 118.zip"
sh=30E8AD41548788FCA1BC36930CBC2B704C5229A3 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen Virus" ac=I fn="B:\{pc}\Backup Set 2014-07-13 120008\Backup Files 2014-07-13 120008\Backup files 27.zip"
         
Zum erfolgreichen ESET-Scan kann ich aber noch mitteilen:
Genau ein Fund in
C:\Qoobox\Quarantine


Hier kommt das log von Security Scan

Code:
ATTFilter
 Results of screen317's Security Check version 1.001  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 45  
 Adobe Flash Player 17.0.0.169  
 Mozilla Firefox (38.0.1) 
 Google Chrome (42.0.2311.152) 
 Google Chrome (43.0.2357.65) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Im nächsten Post dann FRST und Addition

frst
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
Ran by {user} (administrator) on {pc} on 25-05-2015 16:04:18
Running from C:\Users\{user}\Desktop
Loaded Profiles: {user} (Available Profiles: {user})
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.11\AsusFanControlService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\xampp\mysql\bin\mysqld.exe
(eTellicom) C:\Program Files (x86)\CommunicationsClients\osoausvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Chris Pietschmann (hxxp://pietschsoft.com)) C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Dyn, Inc.) C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(eTellicom) C:\Program Files (x86)\CommunicationsClients\osoupd.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [627360 2011-06-15] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-06-15] (Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519408 2013-07-18] (Acronis)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-04-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-04-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7843744 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104616 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [CommunicationsClients Auto Update Service] => C:\Program Files (x86)\CommunicationsClients\osoupd.exe [471552 2013-10-03] (eTellicom)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\...\Run: [AirVideoServer] => C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe [4923784 2010-09-22] ()
HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-10-25] (AMD)
HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [AirVideoServer] => C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe [4923784 2010-09-22] ()
Startup: C:\Users\{user}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-11-18]
ShortcutTarget: Dropbox.lnk -> C:\Users\{user}\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\{user}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HFS.lnk [2012-09-23]
ShortcutTarget: HFS.lnk -> C:\hfs.exe (rejetto)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{user}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{user}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{user}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{user}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{user}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{user}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{user}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{user}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1AMPCBOK] -> {04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} =>  No File
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-25] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-06-15] (Atheros Commnucations)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-30] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2014-04-29] (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-25] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-30] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler: osf-roaming - {C57E9882-B128-4E07-BA2D-FF83B8989C76} - C:\Users\{user}\Microsoft Office 15\root\Office15\MSOSB.DLL No File
Tcpip\..\Interfaces\{3AEC974B-24E3-4475-83E1-C29A875A9870}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{C1CB1CEF-42D9-486D-A6F4-005DFD4EA7BE}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default
FF Homepage: google.de
FF Keyword.URL: https://www.google.de/#output=search&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1317513966-3781302880-2816950935-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll [2013-03-12] (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\searchplugins\gmx-suche.xml [2014-06-25]
FF SearchPlugin: C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\searchplugins\webde-suche.xml [2014-06-25]
FF Extension: Html Validator - C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2014-08-15]
FF Extension: Firebug - C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\firebug@software.joehewitt.com.xpi [2012-09-17]
FF Extension: Ghostery - C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\firefox@ghostery.com.xpi [2013-08-18]
FF Extension: FireGestures - C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\firegestures@xuldev.org.xpi [2012-09-21]
FF Extension: ProxTube - C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: JSONView - C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\jsonview@brh.numbera.com.xpi [2012-10-13]
FF Extension: Scriptish - C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\scriptish@erikvold.com.xpi [2013-12-30]
FF Extension: SQLite Manager - C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2015-01-01]
FF Extension: PAYBACK Internet Assistent fuer Firefox - C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\toolbar-ff@payback.de.xpi [2015-04-02]
FF Extension: YouTube to MP3 - C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\youtube2mp3@mondayx.de.xpi [2012-09-17]
FF Extension: Video DownloadHelper - C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: Web Developer - C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-09-17]
FF Extension: Adblock Plus - C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-17]
FF Extension: Tab Mix Plus - C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-09-17]
FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-05-16]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-09-17]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\{user}\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Recognize It for Chrome) - C:\Users\{user}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bclaagbljldlbmihblajinlijckggkea [2012-10-14]
CHR Extension: (Web Developer) - C:\Users\{user}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2012-10-14]
CHR Extension: (YouTube) - C:\Users\{user}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-14]
CHR Extension: (Firebug Lite for Google Chrome™) - C:\Users\{user}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench [2012-10-14]
CHR Extension: (Adblock Plus) - C:\Users\{user}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-10-14]
CHR Extension: (Google Search) - C:\Users\{user}\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-14]
CHR Extension: (Tampermonkey) - C:\Users\{user}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2013-12-30]
CHR Extension: (Postman - REST Client (Packaged App)) - C:\Users\{user}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2015-05-16]
CHR Extension: (Bookmark Manager) - C:\Users\{user}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\{user}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-20]
CHR Extension: (YouTube to MP3 Converter) - C:\Users\{user}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldkainijooolihjoejfnponkcahmkafn [2012-10-14]
CHR Extension: (Refresh Monkey) - C:\Users\{user}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljngnafhejmefmijjoedbclkadhacebd [2015-05-16]
CHR Extension: (Ghostery) - C:\Users\{user}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2012-10-14]
CHR Extension: (Gmail) - C:\Users\{user}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apache2.4; c:\xampp\apache\bin\httpd.exe [22016 2012-06-06] (Apache Software Foundation) []
R3 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-29] () []
S3 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe [947328 2012-09-16] (ASUSTeK Computer Inc.)
S4 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.11\AsusFanControlService.exe [1430144 2011-10-06] (ASUSTeK Computer Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-06-15] (Atheros) []
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [80032 2011-06-15] (Atheros Commnucations) []
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-09-16] (Creative Labs) []
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) []
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 Dyn Updater; C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe [95608 2011-11-15] (Dyn, Inc.)
S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 mysql; c:\xampp\mysql\bin\mysqld.exe [8180224 2012-06-29] () []
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 OSO Update Service; C:\Program Files (x86)\CommunicationsClients\osoausvc.exe [487936 2013-09-14] (eTellicom) []
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) []
R2 Virtual Router; C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe [12288 2013-02-10] (Chris Pietschmann (hxxp://pietschsoft.com)) []
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACR122U; C:\Windows\System32\DRIVERS\acr122.sys [62976 2014-11-13] (Advanced Card Systems Ltd.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2012-09-16] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41704 2012-08-01] (AnchorFree Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R0 ocz10xx; C:\Windows\System32\drivers\ocz10xx.sys [139056 2012-04-05] (OCZ Technology Group, Inc.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-12-29] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2013-12-29] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-12-29] (Acronis International GmbH)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 16:04 - 2015-05-25 16:04 - 00032236 _____ () C:\Users\{user}\Desktop\FRST.txt
2015-05-25 16:03 - 2015-05-25 16:03 - 00000000 ____D () C:\Users\{user}\Desktop\FRST-OlderVersion
2015-05-25 15:55 - 2015-05-25 15:57 - 00000211 _____ () C:\Users\{user}\Desktop\eset.txt
2015-05-25 15:54 - 2015-05-25 15:54 - 00852630 _____ () C:\Users\{user}\Desktop\SecurityCheck.exe
2015-05-25 11:36 - 2015-05-25 11:36 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-25 11:35 - 2015-05-25 11:35 - 02347384 _____ (ESET) C:\Users\{user}\Desktop\esetsmartinstaller_deu.exe
2015-05-25 10:59 - 2015-05-25 10:59 - 00000000 ___RD () C:\Users\{user}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-05-25 09:53 - 2015-05-25 09:53 - 00000131 _____ () C:\Users\{user}\26-2015-05-25.csv
2015-05-25 00:00 - 2015-05-25 00:00 - 00000948 _____ () C:\Users\{user}\26-2015-05-24.csv
2015-05-24 19:08 - 2015-05-24 19:08 - 00000600 _____ () C:\Users\{user}\AppData\Roaming\PUTTY.RND
2015-05-24 15:15 - 2015-05-24 19:09 - 00000600 _____ () C:\Users\{user}\AppData\Local\PUTTY.RND
2015-05-24 10:59 - 2015-05-24 10:59 - 00005646 _____ () C:\Users\{user}\Desktop\JRT.txt
2015-05-24 10:57 - 2015-05-24 10:57 - 00006449 _____ () C:\Users\{user}\Desktop\AdwCleaner[S0].txt
2015-05-24 10:57 - 2015-05-24 10:57 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-{pc}-Windows-7-Professional-(64-bit).dat
2015-05-24 10:57 - 2015-05-24 10:57 - 00000000 ____D () C:\RegBackup
2015-05-24 10:48 - 2015-05-24 10:51 - 00000000 ____D () C:\AdwCleaner
2015-05-24 10:43 - 2015-05-24 10:45 - 00038416 _____ () C:\Users\{user}\Desktop\mbam.txt
2015-05-24 10:41 - 2015-05-24 10:41 - 02720636 _____ (Thisisu) C:\Users\{user}\Desktop\JRT.exe
2015-05-24 10:41 - 2015-05-24 10:41 - 02222592 _____ () C:\Users\{user}\Desktop\AdwCleaner_4.205.exe
2015-05-24 10:28 - 2015-05-25 10:59 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-24 10:28 - 2015-05-24 10:28 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-24 10:28 - 2015-05-24 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-24 10:28 - 2015-05-24 10:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-24 10:28 - 2015-05-24 10:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-24 10:28 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-24 10:28 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-24 10:28 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-24 10:26 - 2015-05-24 10:26 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\{user}\Desktop\mbam-setup-2.1.6.1022.exe
2015-05-23 10:23 - 2015-05-23 15:16 - 00000250 _____ () C:\Users\{user}\26-2015-05-23.csv
2015-05-23 09:36 - 2015-05-23 10:21 - 00060574 _____ () C:\Users\{user}\Desktop\dreiecke.pptx
2015-05-22 21:49 - 2015-05-23 19:01 - 00000000 ____D () C:\Users\{user}\Desktop\payback
2015-05-22 21:12 - 2015-05-22 21:12 - 00063243 _____ () C:\ComboFix.txt
2015-05-22 21:04 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-22 21:04 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-22 21:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-22 21:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-22 21:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-22 21:04 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-22 21:04 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-22 21:04 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-22 20:55 - 2015-05-22 21:12 - 00000000 ____D () C:\Qoobox
2015-05-22 20:55 - 2015-05-22 21:11 - 00000000 ____D () C:\Windows\erdnt
2015-05-22 20:50 - 2015-05-22 20:50 - 05627500 ____R (Swearware) C:\Users\{user}\Desktop\ComboFix.exe
2015-05-22 20:49 - 2015-05-22 21:25 - 00000490 _____ () C:\Users\{user}\26-2015-05-22.csv
2015-05-21 14:36 - 2015-05-21 14:36 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-21 12:43 - 2015-05-21 12:43 - 00024517 _____ () C:\Users\{user}\Desktop\Gmer_with_devices.txt
2015-05-21 12:38 - 2015-05-21 12:38 - 00024517 _____ () C:\Users\{user}\Desktop\Gmer.txt
2015-05-21 12:16 - 2015-05-21 12:16 - 00380416 _____ () C:\Users\{user}\Desktop\nnzspp5u.exe
2015-05-21 11:09 - 2015-05-21 19:17 - 00001801 _____ () C:\Users\{user}\26-2015-05-21.csv
2015-05-21 10:16 - 2015-05-24 11:03 - 00073346 _____ () C:\Users\{user}\Desktop\FRST_2.txt
2015-05-21 10:16 - 2015-05-21 13:31 - 00060580 _____ () C:\Users\{user}\Desktop\Addition.txt
2015-05-21 10:16 - 2015-05-21 13:11 - 00079302 _____ () C:\Users\{user}\Desktop\FRST_1.txt
2015-05-21 10:15 - 2015-05-25 16:04 - 00000000 ____D () C:\FRST
2015-05-21 10:14 - 2015-05-25 16:03 - 02108416 _____ (Farbar) C:\Users\{user}\Desktop\FRST64.exe
2015-05-21 10:13 - 2015-05-21 12:43 - 00000490 _____ () C:\Users\{user}\Desktop\defogger_disable.log
2015-05-21 10:13 - 2015-05-21 10:13 - 00000000 _____ () C:\Users\{user}\defogger_reenable
2015-05-21 10:12 - 2015-05-21 10:12 - 00050477 _____ () C:\Users\{user}\Desktop\Defogger.exe
2015-05-20 18:43 - 2015-05-20 18:43 - 00042945 _____ () C:\Users\{user}\Desktop\habermann.mw
2015-05-20 13:22 - 2015-05-20 19:23 - 00000741 _____ () C:\Users\{user}\26-2015-05-20.csv
2015-05-19 04:22 - 2015-05-19 21:57 - 00000492 _____ () C:\Users\{user}\26-2015-05-19.csv
2015-05-18 10:27 - 2015-05-18 21:12 - 00001539 _____ () C:\Users\{user}\26-2015-05-18.csv
2015-05-17 12:42 - 2015-05-17 17:00 - 00000363 _____ () C:\Users\{user}\26-2015-05-17.csv
2015-05-17 00:33 - 2015-05-17 20:12 - 00000000 ____D () C:\Users\{user}\AppData\Roaming\KeePass
2015-05-16 22:56 - 2015-05-16 22:56 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2015-05-16 22:56 - 2015-05-16 22:56 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2015-05-16 21:35 - 2015-05-16 21:35 - 00000000 ____D () C:\Users\{user}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-16 20:15 - 2015-05-21 01:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-16 01:54 - 2015-05-16 13:55 - 00000250 _____ () C:\Users\{user}\26-2015-05-16.csv
2015-05-16 00:00 - 2015-05-16 00:00 - 00001317 _____ () C:\Users\{user}\26-2015-05-15.csv
2015-05-15 12:43 - 2015-05-15 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2015-05-15 12:43 - 2015-05-15 12:43 - 00000000 ____D () C:\Program Files (x86)\Git
2015-05-15 09:50 - 2015-05-15 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2015-05-14 15:01 - 2015-05-14 21:42 - 00000852 _____ () C:\Users\{user}\26-2015-05-14.csv
2015-05-13 18:13 - 2015-05-13 18:23 - 00001198 _____ () C:\Users\{user}\26-2015-05-13.csv
2015-05-13 03:01 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:01 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 21:39 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 21:39 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 21:39 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 21:39 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 21:39 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 21:39 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 21:39 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 21:39 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 21:39 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 21:39 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 21:39 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 21:39 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 21:39 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 21:39 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 21:39 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 21:39 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 21:39 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 21:39 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 21:39 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 21:39 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 21:39 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 21:39 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 21:39 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 21:39 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 21:39 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 21:39 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 21:39 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 21:39 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 21:39 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 21:39 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 21:39 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 21:39 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 21:39 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 21:39 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 21:39 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 21:39 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 21:39 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 21:39 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 21:39 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 21:39 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 21:39 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 21:39 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 21:39 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 21:39 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 21:39 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 21:39 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 21:39 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 21:39 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 21:39 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 21:39 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 21:39 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 21:39 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 21:39 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 21:39 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 21:39 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 21:39 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 21:39 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 21:39 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 21:39 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 21:39 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 21:39 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 21:39 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 21:39 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 21:39 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 21:34 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-12 21:34 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 21:34 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 21:34 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-12 21:34 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-12 21:34 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 21:34 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 21:34 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-12 21:34 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-12 21:34 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-12 21:34 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-12 21:34 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 21:34 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-12 21:34 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-12 21:34 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-12 21:34 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-12 21:34 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-12 21:34 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 21:34 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-12 21:34 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-12 21:34 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 21:34 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 21:34 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-12 21:34 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-12 21:34 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 21:34 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-12 21:34 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-12 21:34 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-12 21:34 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-12 21:34 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 21:34 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 21:34 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 21:34 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 21:34 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 21:33 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 21:33 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 21:33 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 21:33 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 21:33 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 21:33 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 21:33 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 21:32 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-12 21:32 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-12 21:32 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 21:32 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-12 21:32 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-12 21:32 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-12 21:32 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 07:33 - 2015-05-12 12:53 - 00000131 _____ () C:\Users\{user}\26-2015-05-12.csv
2015-05-11 06:38 - 2015-05-11 21:07 - 00000611 _____ () C:\Users\{user}\26-2015-05-11.csv
2015-05-09 19:37 - 2015-05-09 19:37 - 00000612 _____ () C:\Users\{user}\26-2015-05-09.csv
2015-05-07 19:33 - 2015-05-07 23:18 - 00001088 _____ () C:\Users\{user}\26-2015-05-07.csv
2015-05-06 11:04 - 2015-05-07 00:00 - 00000735 _____ () C:\Users\{user}\26-2015-05-06.csv
2015-05-05 10:06 - 2015-05-05 10:06 - 00000131 _____ () C:\Users\{user}\26-2015-05-05.csv
2015-05-04 06:56 - 2015-05-04 07:06 - 00000249 _____ () C:\Users\{user}\26-2015-05-04.csv
2015-05-03 20:18 - 2015-05-03 20:18 - 00000720 _____ () C:\Users\{user}\26-2015-05-03.csv
2015-05-02 10:26 - 2015-05-02 15:03 - 00000251 _____ () C:\Users\{user}\26-2015-05-02.csv
2015-05-01 17:12 - 2015-05-01 18:27 - 00000853 _____ () C:\Users\{user}\26-2015-05-01.csv
2015-04-30 18:04 - 2015-04-30 19:15 - 00000250 _____ () C:\Users\{user}\26-2015-04-30.csv
2015-04-29 07:31 - 2015-04-29 19:59 - 00000968 _____ () C:\Users\{user}\26-2015-04-29.csv
2015-04-29 00:00 - 2015-04-29 00:00 - 00001278 _____ () C:\Users\{user}\26-2015-04-28.csv
2015-04-27 06:31 - 2015-04-27 21:41 - 00001777 _____ () C:\Users\{user}\26-2015-04-27.csv
2015-04-26 09:18 - 2015-04-26 19:49 - 00000842 _____ () C:\Users\{user}\26-2015-04-26.csv
2015-04-25 08:35 - 2015-04-25 10:09 - 00000131 _____ () C:\Users\{user}\26-2015-04-25.csv

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 16:03 - 2012-09-17 16:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-25 15:58 - 2012-09-16 18:43 - 01670699 _____ () C:\Windows\WindowsUpdate.log
2015-05-25 15:33 - 2012-10-14 17:12 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-25 13:31 - 2012-09-17 18:55 - 00000000 ____D () C:\jexepackres
2015-05-25 13:30 - 2012-09-16 18:44 - 00000000 ____D () C:\Users\{user}\AppData\Local\VirtualStore
2015-05-25 11:35 - 2012-09-23 14:42 - 00044285 _____ () C:\Windows\setupact.log
2015-05-25 11:35 - 2011-04-12 09:43 - 00700470 _____ () C:\Windows\system32\perfh007.dat
2015-05-25 11:35 - 2011-04-12 09:43 - 00150108 _____ () C:\Windows\system32\perfc007.dat
2015-05-25 11:35 - 2009-07-14 07:13 - 01624106 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-25 11:33 - 2015-04-24 18:26 - 00000000 ____D () C:\Users\{user}\Desktop\et4
2015-05-25 11:07 - 2009-07-14 06:45 - 00032000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-25 11:07 - 2009-07-14 06:45 - 00032000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-25 10:59 - 2015-02-13 14:49 - 00000000 ____D () C:\Users\{user}\AppData\Local\TSVNCache
2015-05-25 10:59 - 2014-11-18 13:44 - 00000000 ____D () C:\Users\{user}\AppData\Roaming\Dropbox
2015-05-25 10:59 - 2012-10-14 17:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-25 10:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-25 09:53 - 2014-06-25 10:31 - 00000000 ____D () C:\Users\{user}\AppData\Roaming\CC-Cache
2015-05-25 09:53 - 2012-09-16 18:43 - 00000000 ____D () C:\Users\{user}
2015-05-25 09:53 - 2010-12-30 13:19 - 00000000 ____D () C:\Users\{user}\Documents\Outlook-Dateien
2015-05-25 09:28 - 2015-02-13 14:10 - 00000000 ____D () C:\Users\{user}\Desktop\{surname}
2015-05-25 02:00 - 2014-06-26 08:19 - 00000000 ____D () C:\Users\{user}\AppData\Local\Adobe
2015-05-24 10:53 - 2012-10-28 11:07 - 00279152 _____ () C:\Windows\PFRO.log
2015-05-24 10:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-05-24 10:36 - 2014-02-08 19:40 - 00000000 ____D () C:\Program Files (x86)\AuroraCoin
2015-05-22 21:44 - 2012-12-23 12:41 - 00000000 ____D () C:\Temp
2015-05-22 21:12 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-22 21:10 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-22 21:09 - 2009-07-14 04:34 - 95158272 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-05-22 21:09 - 2009-07-14 04:34 - 47448064 _____ () C:\Windows\system32\config\components.bak
2015-05-22 21:09 - 2009-07-14 04:34 - 24117248 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-05-22 21:09 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-05-22 21:09 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-05-22 21:09 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-05-22 12:02 - 2012-09-27 12:00 - 00000203 _____ () C:\Windows\SysWOW64\cookieFileName
2015-05-21 19:17 - 2012-09-29 15:18 - 00000000 ____D () C:\Users\{user}\.jedit
2015-05-21 14:37 - 2012-09-17 21:41 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2015-05-21 14:37 - 2012-09-17 21:41 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2015-05-21 14:37 - 2012-09-17 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2015-05-21 12:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-21 12:33 - 2012-09-16 20:23 - 00000000 ____D () C:\Users\{user}\Documents\Bluetooth Folder
2015-05-21 12:27 - 2012-09-27 18:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-21 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-21 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-20 18:43 - 2012-09-30 15:25 - 00000000 ____D () C:\Users\{user}\.maplesoft
2015-05-17 10:07 - 2012-12-20 21:14 - 00000132 _____ () C:\Users\{user}\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2015-05-17 03:28 - 2012-10-14 17:12 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 03:28 - 2012-10-14 17:12 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 16:06 - 2014-08-24 13:29 - 00001456 _____ () C:\Users\{user}\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2015-05-16 01:59 - 2012-09-23 21:32 - 00000000 ____D () C:\Users\{user}\AppData\Roaming\vlc
2015-05-15 13:09 - 2013-08-18 19:30 - 00000000 ____D () C:\Users\{user}\AppData\Roaming\npm-cache
2015-05-15 12:38 - 2013-08-18 19:30 - 00000000 ____D () C:\Users\{user}\AppData\Roaming\npm
2015-05-15 09:50 - 2013-08-18 11:40 - 00000000 ____D () C:\Program Files (x86)\JetBrains
2015-05-14 14:13 - 2013-07-17 14:17 - 00000000 ____D () C:\Users\{user}\AppData\Roaming\TeamViewer
2015-05-13 04:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-13 03:25 - 2012-09-23 14:42 - 05333536 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 03:25 - 2012-09-16 20:34 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 03:25 - 2012-09-16 20:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 03:24 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 03:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 03:08 - 2012-09-17 17:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 03:07 - 2012-09-16 19:37 - 00002155 _____ () C:\Windows\epplauncher.mif
2015-05-13 03:07 - 2012-09-16 19:37 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-13 03:07 - 2012-09-16 19:37 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-13 03:07 - 2012-09-16 19:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-13 03:06 - 2013-07-25 21:07 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 03:03 - 2012-09-16 19:35 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 03:01 - 2012-09-16 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-11 20:43 - 2014-11-18 13:45 - 00000000 ____D () C:\Users\{user}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-09 17:35 - 2012-09-16 20:53 - 00000000 ____D () C:\Users\{user}\AppData\Local\CrashDumps
2015-04-25 12:50 - 2013-10-26 11:26 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-25 12:49 - 2013-07-22 19:46 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-25 12:49 - 2012-09-17 16:58 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-25 09:56 - 2014-11-02 19:39 - 00004736 ____H () C:\Users\{user}\_viminfo
2015-04-25 00:00 - 2015-04-24 07:09 - 00001079 _____ () C:\Users\{user}\26-2015-04-24.csv

==================== Files in the root of some directories =======

2012-12-20 21:14 - 2015-05-17 10:07 - 0000132 _____ () C:\Users\{user}\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2013-07-17 20:28 - 2013-07-17 21:27 - 0000116 _____ () C:\Users\{user}\AppData\Roaming\Camdata.ini
2013-07-17 20:28 - 2013-07-17 21:27 - 0000408 _____ () C:\Users\{user}\AppData\Roaming\CamLayout.ini
2013-07-17 20:28 - 2013-07-17 21:27 - 0000408 _____ () C:\Users\{user}\AppData\Roaming\CamShapes.ini
2013-07-17 20:28 - 2013-07-17 21:27 - 0004520 _____ () C:\Users\{user}\AppData\Roaming\CamStudio.cfg
2015-05-24 19:08 - 2015-05-24 19:08 - 0000600 _____ () C:\Users\{user}\AppData\Roaming\PUTTY.RND
2014-08-24 13:29 - 2015-05-16 16:06 - 0001456 _____ () C:\Users\{user}\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2013-07-17 17:51 - 2015-04-05 12:04 - 0006144 _____ () C:\Users\{user}\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-24 15:15 - 2015-05-24 19:09 - 0000600 _____ () C:\Users\{user}\AppData\Local\PUTTY.RND
2013-08-25 19:05 - 2013-08-25 19:05 - 0002286 _____ () C:\Users\{user}\AppData\Local\recently-used.xbel
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\{user}\AppData\Local\setup.txt
2013-12-23 22:13 - 2013-12-23 22:13 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-03-10 11:33 - 2013-03-10 11:33 - 0001534 _____ () C:\ProgramData\ss.ini
2010-01-14 15:01 - 2010-01-14 15:01 - 0000235 _____ () C:\ProgramData\UDATHXD.ini

Files to move or delete:
====================
C:\Users\{user}\appnimi-pdf-unlocker.dat


Some files in TEMP:
====================
C:\Users\{user}\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmjq2fe.dll
C:\Users\{user}\AppData\Local\Temp\Quarantine.exe
C:\Users\{user}\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 00:56

==================== End of log ============================
         

Alt 25.05.2015, 15:17   #12
Johannes85
 
Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes) - Standard

Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes)



frst
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
Ran by {user} (administrator) on {pc} on 25-05-2015 16:04:18
Running from C:\Users\{user}\Desktop
Loaded Profiles: {user} (Available Profiles: {user})
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.11\AsusFanControlService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\xampp\mysql\bin\mysqld.exe
(eTellicom) C:\Program Files (x86)\CommunicationsClients\osoausvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Chris Pietschmann (hxxp://pietschsoft.com)) C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Dyn, Inc.) C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(eTellicom) C:\Program Files (x86)\CommunicationsClients\osoupd.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [627360 2011-06-15] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-06-15] (Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519408 2013-07-18] (Acronis)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-04-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-04-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7843744 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104616 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [CommunicationsClients Auto Update Service] => C:\Program Files (x86)\CommunicationsClients\osoupd.exe [471552 2013-10-03] (eTellicom)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\...\Run: [AirVideoServer] => C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe [4923784 2010-09-22] ()
HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-10-25] (AMD)
HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [AirVideoServer] => C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe [4923784 2010-09-22] ()
Startup: C:\Users\{user}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-11-18]
ShortcutTarget: Dropbox.lnk -> C:\Users\{user}\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\{user}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HFS.lnk [2012-09-23]
ShortcutTarget: HFS.lnk -> C:\hfs.exe (rejetto)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{user}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{user}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{user}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{user}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{user}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{user}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{user}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\{user}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1AMPCBOK] -> {04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} =>  No File
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-25] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-06-15] (Atheros Commnucations)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-30] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2014-04-29] (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-25] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-30] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler: osf-roaming - {C57E9882-B128-4E07-BA2D-FF83B8989C76} - C:\Users\{user}\Microsoft Office 15\root\Office15\MSOSB.DLL No File
Tcpip\..\Interfaces\{3AEC974B-24E3-4475-83E1-C29A875A9870}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{C1CB1CEF-42D9-486D-A6F4-005DFD4EA7BE}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default
FF Homepage: google.de
FF Keyword.URL: https://www.google.de/#output=search&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1317513966-3781302880-2816950935-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll [2013-03-12] (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\searchplugins\gmx-suche.xml [2014-06-25]
FF SearchPlugin: C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\searchplugins\webde-suche.xml [2014-06-25]
FF Extension: Html Validator - C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2014-08-15]
FF Extension: Firebug - C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\firebug@software.joehewitt.com.xpi [2012-09-17]
FF Extension: Ghostery - C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\firefox@ghostery.com.xpi [2013-08-18]
FF Extension: FireGestures - C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\firegestures@xuldev.org.xpi [2012-09-21]
FF Extension: ProxTube - C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: JSONView - C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\jsonview@brh.numbera.com.xpi [2012-10-13]
FF Extension: Scriptish - C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\scriptish@erikvold.com.xpi [2013-12-30]
FF Extension: SQLite Manager - C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2015-01-01]
FF Extension: PAYBACK Internet Assistent fuer Firefox - C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\toolbar-ff@payback.de.xpi [2015-04-02]
FF Extension: YouTube to MP3 - C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\youtube2mp3@mondayx.de.xpi [2012-09-17]
FF Extension: Video DownloadHelper - C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: Web Developer - C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-09-17]
FF Extension: Adblock Plus - C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-17]
FF Extension: Tab Mix Plus - C:\Users\{user}\AppData\Roaming\Mozilla\Firefox\Profiles\psv85u7d.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-09-17]
FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-05-16]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-09-17]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\{user}\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Recognize It for Chrome) - C:\Users\{user}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bclaagbljldlbmihblajinlijckggkea [2012-10-14]
CHR Extension: (Web Developer) - C:\Users\{user}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2012-10-14]
CHR Extension: (YouTube) - C:\Users\{user}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-14]
CHR Extension: (Firebug Lite for Google Chrome™) - C:\Users\{user}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench [2012-10-14]
CHR Extension: (Adblock Plus) - C:\Users\{user}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-10-14]
CHR Extension: (Google Search) - C:\Users\{user}\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-14]
CHR Extension: (Tampermonkey) - C:\Users\{user}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2013-12-30]
CHR Extension: (Postman - REST Client (Packaged App)) - C:\Users\{user}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2015-05-16]
CHR Extension: (Bookmark Manager) - C:\Users\{user}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\{user}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-20]
CHR Extension: (YouTube to MP3 Converter) - C:\Users\{user}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldkainijooolihjoejfnponkcahmkafn [2012-10-14]
CHR Extension: (Refresh Monkey) - C:\Users\{user}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljngnafhejmefmijjoedbclkadhacebd [2015-05-16]
CHR Extension: (Ghostery) - C:\Users\{user}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2012-10-14]
CHR Extension: (Gmail) - C:\Users\{user}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apache2.4; c:\xampp\apache\bin\httpd.exe [22016 2012-06-06] (Apache Software Foundation) []
R3 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-29] () []
S3 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe [947328 2012-09-16] (ASUSTeK Computer Inc.)
S4 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.11\AsusFanControlService.exe [1430144 2011-10-06] (ASUSTeK Computer Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-06-15] (Atheros) []
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [80032 2011-06-15] (Atheros Commnucations) []
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-09-16] (Creative Labs) []
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) []
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 Dyn Updater; C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe [95608 2011-11-15] (Dyn, Inc.)
S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 mysql; c:\xampp\mysql\bin\mysqld.exe [8180224 2012-06-29] () []
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 OSO Update Service; C:\Program Files (x86)\CommunicationsClients\osoausvc.exe [487936 2013-09-14] (eTellicom) []
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) []
R2 Virtual Router; C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe [12288 2013-02-10] (Chris Pietschmann (hxxp://pietschsoft.com)) []
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACR122U; C:\Windows\System32\DRIVERS\acr122.sys [62976 2014-11-13] (Advanced Card Systems Ltd.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2012-09-16] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41704 2012-08-01] (AnchorFree Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R0 ocz10xx; C:\Windows\System32\drivers\ocz10xx.sys [139056 2012-04-05] (OCZ Technology Group, Inc.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-12-29] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2013-12-29] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-12-29] (Acronis International GmbH)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 16:04 - 2015-05-25 16:04 - 00032236 _____ () C:\Users\{user}\Desktop\FRST.txt
2015-05-25 16:03 - 2015-05-25 16:03 - 00000000 ____D () C:\Users\{user}\Desktop\FRST-OlderVersion
2015-05-25 15:55 - 2015-05-25 15:57 - 00000211 _____ () C:\Users\{user}\Desktop\eset.txt
2015-05-25 15:54 - 2015-05-25 15:54 - 00852630 _____ () C:\Users\{user}\Desktop\SecurityCheck.exe
2015-05-25 11:36 - 2015-05-25 11:36 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-25 11:35 - 2015-05-25 11:35 - 02347384 _____ (ESET) C:\Users\{user}\Desktop\esetsmartinstaller_deu.exe
2015-05-25 10:59 - 2015-05-25 10:59 - 00000000 ___RD () C:\Users\{user}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-05-25 09:53 - 2015-05-25 09:53 - 00000131 _____ () C:\Users\{user}\26-2015-05-25.csv
2015-05-25 00:00 - 2015-05-25 00:00 - 00000948 _____ () C:\Users\{user}\26-2015-05-24.csv
2015-05-24 19:08 - 2015-05-24 19:08 - 00000600 _____ () C:\Users\{user}\AppData\Roaming\PUTTY.RND
2015-05-24 15:15 - 2015-05-24 19:09 - 00000600 _____ () C:\Users\{user}\AppData\Local\PUTTY.RND
2015-05-24 10:59 - 2015-05-24 10:59 - 00005646 _____ () C:\Users\{user}\Desktop\JRT.txt
2015-05-24 10:57 - 2015-05-24 10:57 - 00006449 _____ () C:\Users\{user}\Desktop\AdwCleaner[S0].txt
2015-05-24 10:57 - 2015-05-24 10:57 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-{pc}-Windows-7-Professional-(64-bit).dat
2015-05-24 10:57 - 2015-05-24 10:57 - 00000000 ____D () C:\RegBackup
2015-05-24 10:48 - 2015-05-24 10:51 - 00000000 ____D () C:\AdwCleaner
2015-05-24 10:43 - 2015-05-24 10:45 - 00038416 _____ () C:\Users\{user}\Desktop\mbam.txt
2015-05-24 10:41 - 2015-05-24 10:41 - 02720636 _____ (Thisisu) C:\Users\{user}\Desktop\JRT.exe
2015-05-24 10:41 - 2015-05-24 10:41 - 02222592 _____ () C:\Users\{user}\Desktop\AdwCleaner_4.205.exe
2015-05-24 10:28 - 2015-05-25 10:59 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-24 10:28 - 2015-05-24 10:28 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-24 10:28 - 2015-05-24 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-24 10:28 - 2015-05-24 10:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-24 10:28 - 2015-05-24 10:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-24 10:28 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-24 10:28 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-24 10:28 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-24 10:26 - 2015-05-24 10:26 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\{user}\Desktop\mbam-setup-2.1.6.1022.exe
2015-05-23 10:23 - 2015-05-23 15:16 - 00000250 _____ () C:\Users\{user}\26-2015-05-23.csv
2015-05-23 09:36 - 2015-05-23 10:21 - 00060574 _____ () C:\Users\{user}\Desktop\dreiecke.pptx
2015-05-22 21:49 - 2015-05-23 19:01 - 00000000 ____D () C:\Users\{user}\Desktop\payback
2015-05-22 21:12 - 2015-05-22 21:12 - 00063243 _____ () C:\ComboFix.txt
2015-05-22 21:04 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-22 21:04 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-22 21:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-22 21:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-22 21:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-22 21:04 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-22 21:04 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-22 21:04 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-22 20:55 - 2015-05-22 21:12 - 00000000 ____D () C:\Qoobox
2015-05-22 20:55 - 2015-05-22 21:11 - 00000000 ____D () C:\Windows\erdnt
2015-05-22 20:50 - 2015-05-22 20:50 - 05627500 ____R (Swearware) C:\Users\{user}\Desktop\ComboFix.exe
2015-05-22 20:49 - 2015-05-22 21:25 - 00000490 _____ () C:\Users\{user}\26-2015-05-22.csv
2015-05-21 14:36 - 2015-05-21 14:36 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-21 12:43 - 2015-05-21 12:43 - 00024517 _____ () C:\Users\{user}\Desktop\Gmer_with_devices.txt
2015-05-21 12:38 - 2015-05-21 12:38 - 00024517 _____ () C:\Users\{user}\Desktop\Gmer.txt
2015-05-21 12:16 - 2015-05-21 12:16 - 00380416 _____ () C:\Users\{user}\Desktop\nnzspp5u.exe
2015-05-21 11:09 - 2015-05-21 19:17 - 00001801 _____ () C:\Users\{user}\26-2015-05-21.csv
2015-05-21 10:16 - 2015-05-24 11:03 - 00073346 _____ () C:\Users\{user}\Desktop\FRST_2.txt
2015-05-21 10:16 - 2015-05-21 13:31 - 00060580 _____ () C:\Users\{user}\Desktop\Addition.txt
2015-05-21 10:16 - 2015-05-21 13:11 - 00079302 _____ () C:\Users\{user}\Desktop\FRST_1.txt
2015-05-21 10:15 - 2015-05-25 16:04 - 00000000 ____D () C:\FRST
2015-05-21 10:14 - 2015-05-25 16:03 - 02108416 _____ (Farbar) C:\Users\{user}\Desktop\FRST64.exe
2015-05-21 10:13 - 2015-05-21 12:43 - 00000490 _____ () C:\Users\{user}\Desktop\defogger_disable.log
2015-05-21 10:13 - 2015-05-21 10:13 - 00000000 _____ () C:\Users\{user}\defogger_reenable
2015-05-21 10:12 - 2015-05-21 10:12 - 00050477 _____ () C:\Users\{user}\Desktop\Defogger.exe
2015-05-20 18:43 - 2015-05-20 18:43 - 00042945 _____ () C:\Users\{user}\Desktop\habermann.mw
2015-05-20 13:22 - 2015-05-20 19:23 - 00000741 _____ () C:\Users\{user}\26-2015-05-20.csv
2015-05-19 04:22 - 2015-05-19 21:57 - 00000492 _____ () C:\Users\{user}\26-2015-05-19.csv
2015-05-18 10:27 - 2015-05-18 21:12 - 00001539 _____ () C:\Users\{user}\26-2015-05-18.csv
2015-05-17 12:42 - 2015-05-17 17:00 - 00000363 _____ () C:\Users\{user}\26-2015-05-17.csv
2015-05-17 00:33 - 2015-05-17 20:12 - 00000000 ____D () C:\Users\{user}\AppData\Roaming\KeePass
2015-05-16 22:56 - 2015-05-16 22:56 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2015-05-16 22:56 - 2015-05-16 22:56 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2015-05-16 21:35 - 2015-05-16 21:35 - 00000000 ____D () C:\Users\{user}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-16 20:15 - 2015-05-21 01:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-16 01:54 - 2015-05-16 13:55 - 00000250 _____ () C:\Users\{user}\26-2015-05-16.csv
2015-05-16 00:00 - 2015-05-16 00:00 - 00001317 _____ () C:\Users\{user}\26-2015-05-15.csv
2015-05-15 12:43 - 2015-05-15 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2015-05-15 12:43 - 2015-05-15 12:43 - 00000000 ____D () C:\Program Files (x86)\Git
2015-05-15 09:50 - 2015-05-15 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2015-05-14 15:01 - 2015-05-14 21:42 - 00000852 _____ () C:\Users\{user}\26-2015-05-14.csv
2015-05-13 18:13 - 2015-05-13 18:23 - 00001198 _____ () C:\Users\{user}\26-2015-05-13.csv
2015-05-13 03:01 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:01 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 21:39 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 21:39 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 21:39 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 21:39 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 21:39 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 21:39 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 21:39 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 21:39 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 21:39 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 21:39 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 21:39 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 21:39 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 21:39 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 21:39 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 21:39 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 21:39 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 21:39 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 21:39 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 21:39 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 21:39 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 21:39 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 21:39 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 21:39 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 21:39 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 21:39 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 21:39 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 21:39 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 21:39 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 21:39 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 21:39 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 21:39 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 21:39 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 21:39 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 21:39 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 21:39 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 21:39 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 21:39 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 21:39 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 21:39 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 21:39 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 21:39 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 21:39 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 21:39 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 21:39 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 21:39 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 21:39 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 21:39 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 21:39 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 21:39 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 21:39 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 21:39 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 21:39 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 21:39 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 21:39 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 21:39 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 21:39 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 21:39 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 21:39 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 21:39 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 21:39 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 21:39 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 21:39 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 21:39 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 21:39 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 21:34 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-12 21:34 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 21:34 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 21:34 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-12 21:34 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-12 21:34 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 21:34 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-12 21:34 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 21:34 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 21:34 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-12 21:34 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-12 21:34 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 21:34 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-12 21:34 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-12 21:34 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 21:34 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-12 21:34 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-12 21:34 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-12 21:34 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-12 21:34 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-12 21:34 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 21:34 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-12 21:34 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-12 21:34 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 21:34 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 21:34 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-12 21:34 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-12 21:34 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 21:34 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-12 21:34 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-12 21:34 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-12 21:34 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 21:34 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-12 21:34 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 21:34 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 21:34 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 21:34 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 21:34 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 21:33 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 21:33 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 21:33 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 21:33 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 21:33 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 21:33 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 21:33 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 21:32 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-12 21:32 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-12 21:32 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 21:32 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-12 21:32 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-12 21:32 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-12 21:32 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 07:33 - 2015-05-12 12:53 - 00000131 _____ () C:\Users\{user}\26-2015-05-12.csv
2015-05-11 06:38 - 2015-05-11 21:07 - 00000611 _____ () C:\Users\{user}\26-2015-05-11.csv
2015-05-09 19:37 - 2015-05-09 19:37 - 00000612 _____ () C:\Users\{user}\26-2015-05-09.csv
2015-05-07 19:33 - 2015-05-07 23:18 - 00001088 _____ () C:\Users\{user}\26-2015-05-07.csv
2015-05-06 11:04 - 2015-05-07 00:00 - 00000735 _____ () C:\Users\{user}\26-2015-05-06.csv
2015-05-05 10:06 - 2015-05-05 10:06 - 00000131 _____ () C:\Users\{user}\26-2015-05-05.csv
2015-05-04 06:56 - 2015-05-04 07:06 - 00000249 _____ () C:\Users\{user}\26-2015-05-04.csv
2015-05-03 20:18 - 2015-05-03 20:18 - 00000720 _____ () C:\Users\{user}\26-2015-05-03.csv
2015-05-02 10:26 - 2015-05-02 15:03 - 00000251 _____ () C:\Users\{user}\26-2015-05-02.csv
2015-05-01 17:12 - 2015-05-01 18:27 - 00000853 _____ () C:\Users\{user}\26-2015-05-01.csv
2015-04-30 18:04 - 2015-04-30 19:15 - 00000250 _____ () C:\Users\{user}\26-2015-04-30.csv
2015-04-29 07:31 - 2015-04-29 19:59 - 00000968 _____ () C:\Users\{user}\26-2015-04-29.csv
2015-04-29 00:00 - 2015-04-29 00:00 - 00001278 _____ () C:\Users\{user}\26-2015-04-28.csv
2015-04-27 06:31 - 2015-04-27 21:41 - 00001777 _____ () C:\Users\{user}\26-2015-04-27.csv
2015-04-26 09:18 - 2015-04-26 19:49 - 00000842 _____ () C:\Users\{user}\26-2015-04-26.csv
2015-04-25 08:35 - 2015-04-25 10:09 - 00000131 _____ () C:\Users\{user}\26-2015-04-25.csv

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 16:03 - 2012-09-17 16:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-25 15:58 - 2012-09-16 18:43 - 01670699 _____ () C:\Windows\WindowsUpdate.log
2015-05-25 15:33 - 2012-10-14 17:12 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-25 13:31 - 2012-09-17 18:55 - 00000000 ____D () C:\jexepackres
2015-05-25 13:30 - 2012-09-16 18:44 - 00000000 ____D () C:\Users\{user}\AppData\Local\VirtualStore
2015-05-25 11:35 - 2012-09-23 14:42 - 00044285 _____ () C:\Windows\setupact.log
2015-05-25 11:35 - 2011-04-12 09:43 - 00700470 _____ () C:\Windows\system32\perfh007.dat
2015-05-25 11:35 - 2011-04-12 09:43 - 00150108 _____ () C:\Windows\system32\perfc007.dat
2015-05-25 11:35 - 2009-07-14 07:13 - 01624106 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-25 11:33 - 2015-04-24 18:26 - 00000000 ____D () C:\Users\{user}\Desktop\et4
2015-05-25 11:07 - 2009-07-14 06:45 - 00032000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-25 11:07 - 2009-07-14 06:45 - 00032000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-25 10:59 - 2015-02-13 14:49 - 00000000 ____D () C:\Users\{user}\AppData\Local\TSVNCache
2015-05-25 10:59 - 2014-11-18 13:44 - 00000000 ____D () C:\Users\{user}\AppData\Roaming\Dropbox
2015-05-25 10:59 - 2012-10-14 17:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-25 10:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-25 09:53 - 2014-06-25 10:31 - 00000000 ____D () C:\Users\{user}\AppData\Roaming\CC-Cache
2015-05-25 09:53 - 2012-09-16 18:43 - 00000000 ____D () C:\Users\{user}
2015-05-25 09:53 - 2010-12-30 13:19 - 00000000 ____D () C:\Users\{user}\Documents\Outlook-Dateien
2015-05-25 09:28 - 2015-02-13 14:10 - 00000000 ____D () C:\Users\{user}\Desktop\{surname}
2015-05-25 02:00 - 2014-06-26 08:19 - 00000000 ____D () C:\Users\{user}\AppData\Local\Adobe
2015-05-24 10:53 - 2012-10-28 11:07 - 00279152 _____ () C:\Windows\PFRO.log
2015-05-24 10:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-05-24 10:36 - 2014-02-08 19:40 - 00000000 ____D () C:\Program Files (x86)\AuroraCoin
2015-05-22 21:44 - 2012-12-23 12:41 - 00000000 ____D () C:\Temp
2015-05-22 21:12 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-22 21:10 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-22 21:09 - 2009-07-14 04:34 - 95158272 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-05-22 21:09 - 2009-07-14 04:34 - 47448064 _____ () C:\Windows\system32\config\components.bak
2015-05-22 21:09 - 2009-07-14 04:34 - 24117248 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-05-22 21:09 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-05-22 21:09 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-05-22 21:09 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-05-22 12:02 - 2012-09-27 12:00 - 00000203 _____ () C:\Windows\SysWOW64\cookieFileName
2015-05-21 19:17 - 2012-09-29 15:18 - 00000000 ____D () C:\Users\{user}\.jedit
2015-05-21 14:37 - 2012-09-17 21:41 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2015-05-21 14:37 - 2012-09-17 21:41 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2015-05-21 14:37 - 2012-09-17 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2015-05-21 12:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-21 12:33 - 2012-09-16 20:23 - 00000000 ____D () C:\Users\{user}\Documents\Bluetooth Folder
2015-05-21 12:27 - 2012-09-27 18:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-21 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-21 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-20 18:43 - 2012-09-30 15:25 - 00000000 ____D () C:\Users\{user}\.maplesoft
2015-05-17 10:07 - 2012-12-20 21:14 - 00000132 _____ () C:\Users\{user}\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2015-05-17 03:28 - 2012-10-14 17:12 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 03:28 - 2012-10-14 17:12 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 16:06 - 2014-08-24 13:29 - 00001456 _____ () C:\Users\{user}\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2015-05-16 01:59 - 2012-09-23 21:32 - 00000000 ____D () C:\Users\{user}\AppData\Roaming\vlc
2015-05-15 13:09 - 2013-08-18 19:30 - 00000000 ____D () C:\Users\{user}\AppData\Roaming\npm-cache
2015-05-15 12:38 - 2013-08-18 19:30 - 00000000 ____D () C:\Users\{user}\AppData\Roaming\npm
2015-05-15 09:50 - 2013-08-18 11:40 - 00000000 ____D () C:\Program Files (x86)\JetBrains
2015-05-14 14:13 - 2013-07-17 14:17 - 00000000 ____D () C:\Users\{user}\AppData\Roaming\TeamViewer
2015-05-13 04:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-13 03:25 - 2012-09-23 14:42 - 05333536 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 03:25 - 2012-09-16 20:34 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 03:25 - 2012-09-16 20:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 03:24 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 03:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 03:08 - 2012-09-17 17:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 03:07 - 2012-09-16 19:37 - 00002155 _____ () C:\Windows\epplauncher.mif
2015-05-13 03:07 - 2012-09-16 19:37 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-13 03:07 - 2012-09-16 19:37 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-13 03:07 - 2012-09-16 19:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-13 03:06 - 2013-07-25 21:07 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 03:03 - 2012-09-16 19:35 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 03:01 - 2012-09-16 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-11 20:43 - 2014-11-18 13:45 - 00000000 ____D () C:\Users\{user}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-09 17:35 - 2012-09-16 20:53 - 00000000 ____D () C:\Users\{user}\AppData\Local\CrashDumps
2015-04-25 12:50 - 2013-10-26 11:26 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-25 12:49 - 2013-07-22 19:46 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-25 12:49 - 2012-09-17 16:58 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-25 09:56 - 2014-11-02 19:39 - 00004736 ____H () C:\Users\{user}\_viminfo
2015-04-25 00:00 - 2015-04-24 07:09 - 00001079 _____ () C:\Users\{user}\26-2015-04-24.csv

==================== Files in the root of some directories =======

2012-12-20 21:14 - 2015-05-17 10:07 - 0000132 _____ () C:\Users\{user}\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2013-07-17 20:28 - 2013-07-17 21:27 - 0000116 _____ () C:\Users\{user}\AppData\Roaming\Camdata.ini
2013-07-17 20:28 - 2013-07-17 21:27 - 0000408 _____ () C:\Users\{user}\AppData\Roaming\CamLayout.ini
2013-07-17 20:28 - 2013-07-17 21:27 - 0000408 _____ () C:\Users\{user}\AppData\Roaming\CamShapes.ini
2013-07-17 20:28 - 2013-07-17 21:27 - 0004520 _____ () C:\Users\{user}\AppData\Roaming\CamStudio.cfg
2015-05-24 19:08 - 2015-05-24 19:08 - 0000600 _____ () C:\Users\{user}\AppData\Roaming\PUTTY.RND
2014-08-24 13:29 - 2015-05-16 16:06 - 0001456 _____ () C:\Users\{user}\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2013-07-17 17:51 - 2015-04-05 12:04 - 0006144 _____ () C:\Users\{user}\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-24 15:15 - 2015-05-24 19:09 - 0000600 _____ () C:\Users\{user}\AppData\Local\PUTTY.RND
2013-08-25 19:05 - 2013-08-25 19:05 - 0002286 _____ () C:\Users\{user}\AppData\Local\recently-used.xbel
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\{user}\AppData\Local\setup.txt
2013-12-23 22:13 - 2013-12-23 22:13 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-03-10 11:33 - 2013-03-10 11:33 - 0001534 _____ () C:\ProgramData\ss.ini
2010-01-14 15:01 - 2010-01-14 15:01 - 0000235 _____ () C:\ProgramData\UDATHXD.ini

Files to move or delete:
====================
C:\Users\{user}\appnimi-pdf-unlocker.dat


Some files in TEMP:
====================
C:\Users\{user}\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmjq2fe.dll
C:\Users\{user}\AppData\Local\Temp\Quarantine.exe
C:\Users\{user}\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 00:56

==================== End of log ============================
         

Alt 25.05.2015, 15:23   #13
Johannes85
 
Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes) - Standard

Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes)



addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by {user} at 2015-05-25 16:04:37
Running from C:\Users\{user}\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1317513966-3781302880-2816950935-500 - Administrator - Disabled)
Backup User (S-1-5-21-1317513966-3781302880-2816950935-1002 - Limited - Enabled)
Gast (S-1-5-21-1317513966-3781302880-2816950935-501 - Limited - Disabled)
{user} (S-1-5-21-1317513966-3781302880-2816950935-1000 - Administrator - Enabled) => C:\Users\{user}

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.1.28086 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Aangifte voor buitenlandse belastingplichtigen 2014 (HKLM-x32\...\Aangifte voor buitenlandse belastingplichtigen 2014) (Version:  - Belastingdienst)
Acronis True Image 2014 (HKLM-x32\...\{3ECDD663-5AF8-489B-9E3C-561F33A271BD}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden
Acronis True Image 2014 Media Add-on (HKLM-x32\...\{D9CB9C60-DA08-49E7-BA08-2C864D17A3D1}) (Version: 17.0.6614 - Acronis)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.14 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe CS6 Design and Web Premium (HKLM-x32\...\{402F6F2E-5683-491C-977D-0CA599A07CAF}) (Version: 6 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.2 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.02.16 - ASUSTeK Computer Inc.)
Air Video Server 2.4.3 (HKLM-x32\...\Air Video Server) (Version: 2.4.3 - InMethod, s.r.o.)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon.com Kindle Fire (HKLM\...\Kindle Fire Drivers) (Version:  - )
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Profiles (x32 Version: 2.0.4331.36041 - Ihr Firmenname) Hidden
ARTS PDF Aerialist 1.2.2.2 (HKLM-x32\...\ARTS PDF Aerialist 1.2.2.2) (Version: 1.2.2.2 - ARTS PDF)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.1.000 - Asmedia Technology)
Atheros Driver Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AusweisApp2 (HKLM-x32\...\{51F89243-B40E-470B-9B9D-ADD19B344E55}) (Version: 1.2.0 - Governikus GmbH & Co. KG)
AVI Splitter (HKLM-x32\...\AVI Splitter_is1) (Version:  - )
AviSplit Classic Version 1.43 (HKLM-x32\...\AviSplit Classic (Freeware)_is1) (Version:  - Bobyte software)
Backuptrans iPhone SMS Backup & Restore 2.13.01 (HKLM-x32\...\Backuptrans iPhone SMS Backup & Restore) (Version: 2.13.01 - Backuptrans)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.85 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
calibre 64bit (HKLM\...\{1BC00DD4-173E-4325-BDB7-48A076DFC1EF}) (Version: 1.29.0 - Kovid Goyal)
CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.2.3442 - CDBurnerXP)
CommunicationsClients (HKLM-x32\...\{65B40D5A-4F5A-417E-981C-1AF942463BEF}) (Version: 4.1.46 - Communications Clients)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.02 - Creative Technology Limited)
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.0 - REINER SCT)
DB Browser for SQLite (HKLM-x32\...\SqliteBrowser3) (Version: 3.4.0 - oldsch00l)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
Dropbox (HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
Dyn Updater (HKLM-x32\...\DynUpdater) (Version: 4.1.10 - Dyn, Inc.)
EPS Viewer (HKLM-x32\...\{32E05824-A0AC-4DFE-B965-5F52C28FBE9F}_is1) (Version:  - IdeaMK)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FastStone Image Viewer 4.6 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.6 - FastStone Soft)
FileMaker Pro 8.5 (HKLM-x32\...\{34F3877C-6399-4A89-98FD-C3FE32EEE25C}) (Version: 8.5.2.0 - FileMaker, Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.4.719 - Foxit Corporation)
Free Download Manager 3.9.4 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Freemake Audio Converter Version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
Freemake Video Converter Version 4.0.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.2 - Ellora Assets Corporation)
Git version 1.9.5-preview20150319 (HKLM-x32\...\Git_is1) (Version: 1.9.5-preview20150319 - The Git Development Community)
GnuWin32: LibArchive-2.4.12-1 (HKLM-x32\...\LibArchive-2.4.12-1_is1) (Version: 2.4.12-1 - GnuWin32)
GnuWin32: Wget-1.11.4-1 (HKLM-x32\...\Wget-1.11.4-1_is1) (Version: 1.11.4-1 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.05) (Version: 9.05 - Artifex Software Inc.)
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
HiPath 3000 Manager E  70.50.401.0 (HKLM-x32\...\{4736607E-57BF-11D4-9881-005004EDBBBD}) (Version:  - )
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Power Advisor (HKLM-x32\...\{DFB435B0-5F4A-4556-BBC9-A062AF526F59}) (Version: 6.2.0 - Hewlett-Packard Company)
HP Sizing Tool Update Components (HKLM-x32\...\{BC9A4617-6F5A-45D0-9947-05258AAE924A}) (Version: 11.7.0 - Hewlett-Packard Company)
HydraVision (x32 Version: 4.2.218.0 - Advanced Micro Devices, Inc.) Hidden
ID3-TagIT 3 (HKLM-x32\...\ID3-TagIT 3_is1) (Version: 3 - Michael Pluemper)
Intel(R) Network Connections 16.6.126.0 (HKLM\...\PROSetDX) (Version: 16.6.126.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
ISO2Disc 1.05 (HKLM-x32\...\ISO2Disc_is1) (Version:  - Top Password Software, Inc.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
jEdit 4.5.2 (HKLM\...\jEdit_is1) (Version: 4.5.2 - Contributors)
JetBrains PhpStorm 141.1000 (HKLM-x32\...\PhpStorm 141.1000) (Version: 141.1000 - JetBrains s.r.o.)
JustCloud  (HKLM\...\JustCloud) (Version:  - JustCloud)
KeePass Password Safe 2.29 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.29 - Dominik Reichl)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Maple 16 (HKLM\...\Maple 16) (Version:  - Maplesoft)
Maple 16 (HKLM-x32\...\Maple 16) (Version: 16.0.0.0 - Maplesoft)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1014 - Marvell)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{963E5FEB-1367-46B9-851D-A957F1A3747F}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Miro Video Converter (HKLM-x32\...\Miro Video Converter) (Version: 0.8.0 - Participatory Culture Foundation)
Mozilla Firefox 17.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 17.0.4 (x86 de)) (Version: 17.0.4 - Mozilla)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mp3tag v2.52 (HKLM-x32\...\Mp3tag) (Version: v2.52 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Myo Connect (HKLM-x32\...\Thalmic Labs Myo Connect) (Version: 0.5.1 - Thalmic Labs)
MySQL Workbench 6.1 CE (HKLM-x32\...\{AD95295B-0279-43B6-A873-F12A1D1CD146}) (Version: 6.1.7 - Oracle Corporation)
Node.js (HKLM\...\{862C0963-2F76-4BAA-B219-360DD390C85F}) (Version: 0.12.0 - Joyent, Inc. and other Node contributors)
NSIS Example2 (HKLM-x32\...\AuroraCoin) (Version:  - )
NX Client for Windows 3.5.0-9 (HKLM-x32\...\nxclient_is1) (Version: 3.5.0-9 - NoMachine)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Oscars Renamer PRO version 2.0.1 (HKLM-x32\...\{F011DFCF-9A61-491F-AB3C-F141FF0A88C5}_is1) (Version: 2.0.1 - Mediachance.com)
Passware Kit - 5.0.0 (HKLM-x32\...\Passware Kit - 5.0.0) (Version:  - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF Split And Merge Basic (HKLM-x32\...\{9A40D2F8-9458-458B-95E3-B57797C574E1}) (Version: 2.2.4 - Andrea Vacondio)
PDFtk - The PDF Toolkit version 2.02 (HKLM-x32\...\{C65EA7B8-FC21-4896-AD44-9CE952BB1255}_is1) (Version: 2.02 - PDF Labs)
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RapidSVN-0.12.1 (HKLM-x32\...\RapidSVN-0.12.1_is1) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.43 - Piriform)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Secure Download Manager (HKLM-x32\...\{1FED7EA0-9369-4E63-81BB-511F93441456}) (Version: 3.1.50 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SSH Secure Shell (HKLM-x32\...\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}) (Version:  - )
Stellarium 0.13.2 (HKLM\...\Stellarium_is1) (Version: 0.13.2 - Stellarium team)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.5.2 - Krzysztof Kowalczyk)
System Requirements Lab for Intel (HKLM-x32\...\{C71067FC-288F-4E0B-88C6-44DFDA8311E2}) (Version: 4.5.9.0 - Husdawg, LLC)
TeXnicCenter Version 1.0 Stable RC1 (HKLM-x32\...\TeXnicCenter_is1) (Version: Version 1.0 Stable RC1 - TeXnicCenter.org)
TortoiseSVN 1.8.10.26129 (64 bit) (HKLM\...\{A9E679EC-8FD4-49D8-A5A5-ACE462515A9E}) (Version: 1.8.26129 - TortoiseSVN)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.0 - Ghisler Software GmbH)
Transcribe! 8.40 (HKLM-x32\...\Transcribe!_is1) (Version: 8.40 - Seventh String Software)
UltraVnc (HKLM-x32\...\Ultravnc_is1) (Version: 1.1.0 - uvnc bvba)
Vim 7.4 (self-installing) (HKLM\...\Vim 7.4) (Version:  - )
Virtual Router v1.0 (HKLM-x32\...\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}) (Version: 1.0 - Chris Pietschmann)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 2.10.1.1735 - 1&1 Mail & Media GmbH)
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows-Treiberpaket - Amazon.com (WinUSB) KindleFireUsbDeviceClass  (08/20/2012 1.0.0000.00000) (HKLM\...\289137531F7C014BF296EFFBFC7E3748A293FEE9) (Version: 08/20/2012 1.0.0000.00000 - Amazon.com)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireshark 1.10.8 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.8 - The Wireshark developer community, hxxp://www.wireshark.org)
wx-devcpp 6.10.2 (4.9.9.2) (HKLM-x32\...\wx-devcpp) (Version:  - )
XAMPP 1.8.0 (HKLM-x32\...\xampp) (Version:  - )
Xming 6.9.0.31 (HKLM-x32\...\Xming_is1) (Version: 6.9.0.31 - Colin Harrison)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\{user}\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\{user}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\{user}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\{user}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\{user}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\{user}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\{user}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\{user}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\{user}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\{user}\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

21-05-2015 03:00:10 Windows Update
24-05-2015 12:00:22 Windows-Sicherung
25-05-2015 11:10:05 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-05-22 21:10 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {015976DA-C993-4DF6-8B8E-3B32D4A87C55} - System32\Tasks\{642F4CBC-71DF-4E7E-BB6C-21F78F5F78ED} => C:\Program Files (x86)\Maple\bin.win\maplew9.exe
Task: {0BE888DB-D21C-49BF-A3E0-7AD32A1A0098} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {12D6E77E-FFD1-4AEA-96C8-AC20BFB94FE6} - System32\Tasks\{7074D61B-26D4-455E-8F70-B136C175F4A0} => C:\Program Files (x86)\Network Notepad\netpad.exe
Task: {1551C0E1-70C3-4CB2-A544-9858D6633AF8} - System32\Tasks\Zählerstand C220 abfragen => C:\xampp\php\php.exe [2012-06-13] (The PHP Group)
Task: {1F4881F4-610E-4C13-B948-193246DEE430} - System32\Tasks\Zählerstand C360 abfragen => C:\xampp\php\php.exe [2012-06-13] (The PHP Group)
Task: {21C46FB2-E128-49A8-88D0-F58E9C32C16E} - System32\Tasks\Aktien => cmd.exe /c"C:\xampp\htdocs\aktien\nightly.cmd"
Task: {2D4C5652-DBB0-4367-984D-ACD8F480FF04} - System32\Tasks\{3E6B010C-6B3C-494B-B88E-F28439007BA9} => C:\Program Files (x86)\Maple\bin.win\maplew9.exe
Task: {35C8F96B-850F-4D54-830D-C5EC9D25E2F5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {43BC16C5-3C54-438B-82A0-7E8CF2231D03} - System32\Tasks\{660951AA-D8E7-48B7-87AD-0AB6D72BB6CA} => C:\Program Files (x86)\WorldOfGoo\WorldOfGoo.exe [2008-11-14] ()
Task: {5675C82D-AABF-4B3B-BF50-17B623429A48} - System32\Tasks\{E8E3D630-9AAB-4CEA-A070-54791364E6FD} => C:\Program Files (x86)\Maple\bin.win\maplew9.exe
Task: {686C2714-0C0E-493A-A0F0-230676A87847} - System32\Tasks\{DB5D777B-7E6F-4051-8403-95FCF90897C4} => pcalua.exe -a "C:\Program Files (x86)\Maple\Uninstall\Uninstall Maple 9.exe"
Task: {6AE3822B-D10C-4057-BE24-5C76FE96E71F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14] (Google Inc.)
Task: {75462D49-5223-43B7-8FA4-BE95A4FA9C38} - System32\Tasks\Zählerstand P951 abfragen => C:\xampp\php\php.exe [2012-06-13] (The PHP Group)
Task: {7772BAC0-AE14-4A70-A3C2-CD81769FBAFE} - System32\Tasks\{F0221D7C-20E9-4041-B682-BF1CD4E869C3} => pcalua.exe -a "C:\Users\{user}\Desktop\maple 8 - fullversion - serial\Windows\Windows\WindowsSetup.exe" -d "C:\Users\{user}\Desktop\maple 8 - fullversion - serial\Windows\Windows"
Task: {781588CA-D92D-4349-9D7F-24282A237906} - System32\Tasks\{FD90D8ED-0AC4-4F82-B2FD-7A36676617B6} => C:\Program Files (x86)\Maple\bin.win\maplew9.exe
Task: {89FA3568-0989-40FF-874A-3D24B819CB36} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {974505E9-AD2C-4BB8-A521-C748C1049560} - System32\Tasks\Rechnung => C:\xampp\php\php.exe [2012-06-13] (The PHP Group)
Task: {A4DADEB8-3B52-4D8E-AB62-3AAEDDC37947} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14] (Google Inc.)
Task: {A8BC3F37-DC96-4ED5-A21B-CC81CD1F6534} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {AB57A58E-6A40-4996-98A0-976AD6233AD3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {AECFDE29-F611-4423-BF68-2AD6F8DD90DB} - System32\Tasks\AdobeAAMUpdater-1.0-{pc}-{user} => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {B67448E3-3A12-40E9-A8E1-79E8D0E2F793} - System32\Tasks\{09046B1B-8B4B-4090-AEED-C6A06394543C} => C:\Users\{user}\Desktop\OJ8600_Basicx86_1315.exe
Task: {D4F2FF0E-2A0F-4BE9-BE40-797A44D68CFB} - System32\Tasks\{FAACFEFE-BF7D-4409-AE85-44C584FC62BD} => pcalua.exe -a "C:\Users\{user}\Desktop\maple\Windows\Windows\WindowsSetup.exe" -d "C:\Users\{user}\Desktop\maple\Windows\Windows"
Task: {D6E13892-BEC0-4275-BED4-3658348ACAAA} - System32\Tasks\{B0B07D09-C939-4517-9539-4CB8996677B1} => C:\Program Files (x86)\Maple\bin.win\maplew9.exe
Task: {E268E5AB-D7C2-4E64-9457-9C46EC5D3C3D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd)
Task: {E4155F56-447A-4DD1-989D-2952E7B537F7} - System32\Tasks\{7DB68139-FB61-4A68-8808-FCECCF217875} => C:\Program Files (x86)\Maple\bin.win\maplew9.exe
Task: {EAA86364-3F48-4C6B-8177-2DD091661D45} - System32\Tasks\{B01C8AD2-AF1F-4C77-AC9A-ED4BF5BFA4DF} => C:\Program Files (x86)\WorldOfGoo\WorldOfGoo.exe [2008-11-14] ()
Task: {FDC329F7-E5ED-480D-AEC6-651F14FB8DD3} - System32\Tasks\4Team updater => C:\Program Files (x86)\4Team Corporation\4Team-Updater\4Team-Updater.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2011-03-10 09:14 - 2013-03-23 15:51 - 00015360 _____ () C:\Windows\System32\KOAZ8A_L.DLL
2015-02-12 13:22 - 2015-02-12 13:22 - 00086016 _____ () C:\Windows\SysWOW64\redmonnt.dll
2012-06-29 15:59 - 2012-06-29 15:59 - 08180224 _____ () c:\xampp\mysql\bin\mysqld.exe
2014-12-17 22:31 - 2014-12-17 22:31 - 00076032 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2014-12-17 22:30 - 2014-12-17 22:30 - 00088832 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2013-10-01 11:32 - 2013-10-01 11:32 - 02818216 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2011-10-29 03:59 - 2011-10-29 03:59 - 00918448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
2012-05-10 15:16 - 2012-05-10 15:16 - 00108032 _____ () c:\xampp\apache\bin\pcre.dll
2012-06-06 14:30 - 2012-06-06 14:30 - 00067072 _____ () c:\xampp\apache\bin\zlib1.dll
2012-06-14 19:21 - 2012-06-14 19:21 - 00025088 _____ () C:\xampp\php\php5apache2_4.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-10 15:17 - 2007-05-31 08:38 - 00167936 ____N () C:\Windows\SysWOW64\SerialXP.dll
2012-05-10 15:16 - 2012-05-10 15:16 - 00108032 _____ () C:\xampp\apache\bin\pcre.dll
2012-06-06 14:30 - 2012-06-06 14:30 - 00067072 _____ () C:\xampp\apache\bin\zlib1.dll
2012-09-16 19:41 - 2007-09-13 18:05 - 00002560 _____ () C:\Windows\system32\CTXFIGER.DLL
2015-04-30 00:16 - 2015-04-30 00:16 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
2014-02-04 19:25 - 2014-02-04 19:25 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2014-02-04 19:25 - 2014-02-04 19:25 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2013-10-10 13:02 - 2013-10-10 13:02 - 00013120 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll
2012-09-16 19:42 - 2009-10-02 16:07 - 00176128 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2012-09-16 21:05 - 2015-05-25 10:59 - 00025600 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.18\PEbiosinterface32.dll
2012-09-16 20:50 - 2010-06-29 04:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.18\ATKEX.dll
2015-02-11 18:28 - 2015-02-11 18:28 - 00016384 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\bc9bcf53b97e0180a22783ef8b2567c2\PSIClient.ni.dll
2014-02-04 19:28 - 2014-02-04 19:28 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2014-12-17 21:53 - 2014-12-17 21:53 - 00065792 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
2014-12-17 21:53 - 2014-12-17 21:53 - 00071936 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\...\127.0.0.1 -> hxxp://127.0.0.1


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1317513966-3781302880-2816950935-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ASUS ShellProcess Execute => C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
MSCONFIG\startupreg: Myo Connect => "C:\Program Files (x86)\Thalmic Labs\Myo Connect\Myo Connect.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E6CE692F-0152-43F2-A651-60AA28D47E77}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
FirewallRules: [{B61E6549-2C65-43D1-AB0F-D08CB1E322C6}] => (Allow) LPort=5900
FirewallRules: [{C0B81259-3817-4C70-90A3-4C30AEDC5C5A}] => (Allow) LPort=5800
FirewallRules: [{74EB7205-1515-454F-807B-F0EC030CE85B}] => (Allow) C:\Program Files (x86)\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{CACA6FF3-3197-4218-9FE0-230D2B74A143}] => (Allow) C:\Program Files (x86)\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{C3A0C707-7B4D-4D2D-A5A0-1A5D92D0B078}] => (Allow) C:\Program Files (x86)\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{68D8EAF8-59ED-4784-ACFC-1285A3C40572}] => (Allow) C:\Program Files (x86)\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [TCP Query User{0EEC40B1-2551-45A2-B676-B7CB5C5D770A}C:\program files (x86)\nx client for windows\nxclient.exe] => (Allow) C:\program files (x86)\nx client for windows\nxclient.exe
FirewallRules: [UDP Query User{B77FD10A-FE48-4C05-B0AF-D3593AA3C5F9}C:\program files (x86)\nx client for windows\nxclient.exe] => (Allow) C:\program files (x86)\nx client for windows\nxclient.exe
FirewallRules: [TCP Query User{55554ACD-7B2A-4940-B5EC-2BBE6C3CD065}C:\program files (x86)\nx client for windows\bin\nxssh.exe] => (Allow) C:\program files (x86)\nx client for windows\bin\nxssh.exe
FirewallRules: [UDP Query User{72964D49-B23F-46C2-A658-5224383D3402}C:\program files (x86)\nx client for windows\bin\nxssh.exe] => (Allow) C:\program files (x86)\nx client for windows\bin\nxssh.exe
FirewallRules: [TCP Query User{E181F376-D5C4-4ADF-817F-C0B3714B178A}C:\program files (x86)\xming\xming.exe] => (Allow) C:\program files (x86)\xming\xming.exe
FirewallRules: [UDP Query User{C8C3B769-AC6A-4994-A385-9E0DF621DEC2}C:\program files (x86)\xming\xming.exe] => (Allow) C:\program files (x86)\xming\xming.exe
FirewallRules: [TCP Query User{76D7147D-B994-48D4-8967-17BAA3CC23A8}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{3959356A-7045-4155-B554-7964F9FD4DA1}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{D9909EC6-54B8-40A5-94FA-18AA50B949E1}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{FED3F621-1014-42DE-9199-C5AE3203773A}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{E30CC676-73E3-472A-A185-21298014A643}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6B214F23-4BB4-4E20-8552-E77DDA710352}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2D32E2CC-CF43-496E-AE33-AE1488682278}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0E13848B-A92E-4F86-8CB2-75E815760D45}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A421DBCA-2D84-468B-A6A9-8E8162FE4E77}] => (Allow) C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
FirewallRules: [{EF54AD10-4847-42CA-AA48-02BA34A9BF46}] => (Allow) C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
FirewallRules: [{671894E5-A286-402F-B180-92B526BBA4C4}] => (Allow) C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
FirewallRules: [{09957168-9F42-490A-A2D1-E78CF53FF870}] => (Allow) C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
FirewallRules: [TCP Query User{E6B7ADFF-1B68-4725-9350-0AED4CE73A0E}C:\program files (x86)\filemaker\filemaker pro 8.5\filemaker pro.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 8.5\filemaker pro.exe
FirewallRules: [UDP Query User{76C21AB7-3F5F-4347-8225-18788F0A35CE}C:\program files (x86)\filemaker\filemaker pro 8.5\filemaker pro.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 8.5\filemaker pro.exe
FirewallRules: [TCP Query User{6A820D8E-1146-46A0-82E6-1722AA5B0E92}C:\program files\totalcmd\totalcmd64.exe] => (Allow) C:\program files\totalcmd\totalcmd64.exe
FirewallRules: [UDP Query User{C5255C32-F2C8-4EDA-9196-823930B97F7E}C:\program files\totalcmd\totalcmd64.exe] => (Allow) C:\program files\totalcmd\totalcmd64.exe
FirewallRules: [TCP Query User{E0EB6F65-F04F-43F0-908D-0715C7FA093E}C:\hfs.exe] => (Allow) C:\hfs.exe
FirewallRules: [UDP Query User{28D0E2CF-DE27-43AA-8F8F-F8B10173921B}C:\hfs.exe] => (Allow) C:\hfs.exe
FirewallRules: [TCP Query User{39F2E585-EE9C-42C5-90D2-AC39E8D4A36F}C:\program files\windows sidebar\sidebar.exe] => (Allow) C:\program files\windows sidebar\sidebar.exe
FirewallRules: [UDP Query User{E8830896-28D6-42D9-B2BA-6CD7FD7D7B1E}C:\program files\windows sidebar\sidebar.exe] => (Allow) C:\program files\windows sidebar\sidebar.exe
FirewallRules: [TCP Query User{F242E69C-B1E1-4DA8-ACC2-F11904E46F3F}C:\program files\maple 16\jre\bin\maple.exe] => (Allow) C:\program files\maple 16\jre\bin\maple.exe
FirewallRules: [UDP Query User{887598C2-0BD1-4B85-8913-648B3AF2611B}C:\program files\maple 16\jre\bin\maple.exe] => (Allow) C:\program files\maple 16\jre\bin\maple.exe
FirewallRules: [TCP Query User{A00F40F9-4490-4A91-999C-69FCF521F7BC}C:\program files\maple 16\jre\bin\java.exe] => (Allow) C:\program files\maple 16\jre\bin\java.exe
FirewallRules: [UDP Query User{B8B1684E-0D82-4C37-85E4-7296AE934F42}C:\program files\maple 16\jre\bin\java.exe] => (Allow) C:\program files\maple 16\jre\bin\java.exe
FirewallRules: [{928320E1-1532-4D90-8E6A-BFE384778D4D}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{4F348571-A951-411E-9DA1-E1A2697E8D4C}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{9041BF8A-C869-4EA1-81C0-8C1D79D24440}C:\program files (x86)\jetbrains\phpstorm 7.0.1\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 7.0.1\bin\phpstorm.exe
FirewallRules: [UDP Query User{C6FEF07C-6922-4CF5-A315-3ECC1E59EDC5}C:\program files (x86)\jetbrains\phpstorm 7.0.1\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 7.0.1\bin\phpstorm.exe
FirewallRules: [{62BD67DA-516D-449A-901C-40F2AFE88D7C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{78F10D37-1353-4A33-B106-98D1665C047F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{76299CB1-6B75-49A9-91CA-B66DD651C5BC}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{22E5F75B-E8D7-4AA6-90C4-B900D1C78C51}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{4892C602-0CA2-429A-AA46-A1B771B77AD2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{7FC78A29-06F6-4FA5-B382-6E3CEB9F0CC8}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{B18625F5-8A90-4895-8D9A-029A6B2A3556}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{4EC9ADF9-4A8E-478F-B507-99C2E179DAA8}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{D5E7162B-8079-477B-9D57-8D8D35565C04}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{23B68863-BD44-4774-A722-FD8E2BF786ED}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{F83D032D-CC66-4173-B9A9-F1034ED05F01}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{13E4114F-F6EF-42A8-86FC-E85419ACA48F}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [TCP Query User{0F74A14C-1F04-4B12-BA9D-2CEAC1CA6688}C:\program files (x86)\auroracoin\auroracoin-qt.exe] => (Allow) C:\program files (x86)\auroracoin\auroracoin-qt.exe
FirewallRules: [UDP Query User{9E6B5866-4DAA-40C7-99F6-B87F2BA9D962}C:\program files (x86)\auroracoin\auroracoin-qt.exe] => (Allow) C:\program files (x86)\auroracoin\auroracoin-qt.exe
FirewallRules: [TCP Query User{2F901A03-CBAB-44C7-AF51-AA5A43C65A0B}C:\users\{user}\desktop\coino\coino-qt.exe] => (Allow) C:\users\{user}\desktop\coino\coino-qt.exe
FirewallRules: [UDP Query User{7EDD828A-8909-4AB3-8A42-80EA956DCA89}C:\users\{user}\desktop\coino\coino-qt.exe] => (Allow) C:\users\{user}\desktop\coino\coino-qt.exe
FirewallRules: [TCP Query User{B2A9F7F0-9141-4159-8DA2-5BA640BBF11D}C:\users\{user}\desktop\rpc\ronpaulcoin-qt.exe] => (Allow) C:\users\{user}\desktop\rpc\ronpaulcoin-qt.exe
FirewallRules: [UDP Query User{6424E736-8235-4709-B547-0AF63AC1E538}C:\users\{user}\desktop\rpc\ronpaulcoin-qt.exe] => (Allow) C:\users\{user}\desktop\rpc\ronpaulcoin-qt.exe
FirewallRules: [TCP Query User{271EF109-2FDD-497C-90D0-32B353CF1C9D}C:\users\{user}\desktop\hfs.exe] => (Block) C:\users\{user}\desktop\hfs.exe
FirewallRules: [UDP Query User{8997731F-10D7-4E11-AC0A-598E81BCD1A4}C:\users\{user}\desktop\hfs.exe] => (Block) C:\users\{user}\desktop\hfs.exe
FirewallRules: [TCP Query User{2C8FFA6B-788F-441C-B9BF-80D87A853B7A}C:\program files (x86)\jetbrains\phpstorm 138.1505\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 138.1505\bin\phpstorm.exe
FirewallRules: [UDP Query User{58492CD7-B68D-4B0D-8AE6-CE70DD044554}C:\program files (x86)\jetbrains\phpstorm 138.1505\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 138.1505\bin\phpstorm.exe
FirewallRules: [TCP Query User{2C00972D-0B2F-466A-8CD4-A8615FB1EE07}C:\xampp\php\php.exe] => (Allow) C:\xampp\php\php.exe
FirewallRules: [UDP Query User{F65A3D22-0F08-4BA3-A3E6-9AADADE61D53}C:\xampp\php\php.exe] => (Allow) C:\xampp\php\php.exe
FirewallRules: [{88496175-92D0-40AD-9C76-DF37A623A307}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{D242DE63-B906-4CA4-801B-BB3767B1A959}C:\program files (x86)\jetbrains\phpstorm 8.0.2\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 8.0.2\bin\phpstorm.exe
FirewallRules: [UDP Query User{149D3410-729B-48F8-A3AC-5BA23E27E627}C:\program files (x86)\jetbrains\phpstorm 8.0.2\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 8.0.2\bin\phpstorm.exe
FirewallRules: [{B5984E2B-B217-4211-8CC9-4F7465DA7173}] => (Allow) C:\Users\{user}\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{38F9B4FC-591E-4B5C-AADA-AF6433076E53}] => (Allow) C:\Users\{user}\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B2028365-CBB8-4EDA-BABE-DFD499BB3C9A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BEA93529-A069-45AD-B300-A67E72D0B15E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A8B7AD51-1D6D-46CE-9945-E56D14DF759A}C:\program files (x86)\free download manager\fdm.exe] => (Allow) C:\program files (x86)\free download manager\fdm.exe
FirewallRules: [UDP Query User{65D816A8-3CC6-4FCD-80CA-D166FC55F475}C:\program files (x86)\free download manager\fdm.exe] => (Allow) C:\program files (x86)\free download manager\fdm.exe
FirewallRules: [TCP Query User{45A5F8A1-9966-4CCF-86DB-935701436C18}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe
FirewallRules: [UDP Query User{F1C011FB-BCA9-48B9-B26E-07B247659047}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe
FirewallRules: [TCP Query User{7DE0CB75-85C4-4C48-BC82-8699C9F74DA4}C:\program files (x86)\jetbrains\phpstorm 8.0.2\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 8.0.2\bin\phpstorm.exe
FirewallRules: [UDP Query User{33697D60-9CA3-4490-8600-90388037EAA8}C:\program files (x86)\jetbrains\phpstorm 8.0.2\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 8.0.2\bin\phpstorm.exe
FirewallRules: [TCP Query User{3C341A16-9B6F-4D28-904B-3F358B841D07}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{277B1E46-8752-4E3E-BFB1-4F2A80807A72}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{832DB58B-B633-4EDA-8059-2918F48BA2B7}C:\users\{user}\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\{user}\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{D0792AF4-3C1F-45A8-9C89-E8ABB068A7D1}C:\users\{user}\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\{user}\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{B34263FC-9AE0-47D2-A926-5A0E0075D1E2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{50FA7AA4-6DA3-40FC-B67E-3CB1DF23BCF4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{189BC851-26F2-4451-8AD9-962C75DB5C79}C:\program files (x86)\jetbrains\phpstorm 141.473\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 141.473\bin\phpstorm.exe
FirewallRules: [UDP Query User{1F74910C-2FA5-40F4-A8D8-95277BCD9D28}C:\program files (x86)\jetbrains\phpstorm 141.473\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 141.473\bin\phpstorm.exe
FirewallRules: [{16348255-7588-4BC5-85BE-5A00927E3B0C}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
FirewallRules: [TCP Query User{1BC413A3-A254-439E-AC46-62CB61BC070C}C:\program files (x86)\jetbrains\phpstorm 141.1000\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 141.1000\bin\phpstorm.exe
FirewallRules: [UDP Query User{B186E552-E863-4F5D-BC4D-B6F1989C9C1C}C:\program files (x86)\jetbrains\phpstorm 141.1000\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 141.1000\bin\phpstorm.exe
FirewallRules: [TCP Query User{45A540EE-CD5C-4117-A611-E2DB05A2FD75}C:\program files (x86)\jetbrains\phpstorm 141.1000\jre\jre\bin\java.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 141.1000\jre\jre\bin\java.exe
FirewallRules: [UDP Query User{8A07933F-80F5-4102-AD85-EB8CE78FFF3C}C:\program files (x86)\jetbrains\phpstorm 141.1000\jre\jre\bin\java.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 141.1000\jre\jre\bin\java.exe
FirewallRules: [{0F54E348-05F3-40B8-81DD-25870C3ECFC8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: mv video hook driver2
Description: mv video hook driver2
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: UVNC BVBA
Service: mv2
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Atheros AR9002WB-1NG Wireless Network Adapter
Description: Atheros AR9002WB-1NG Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2015 01:50:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/25/2015 11:36:19 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/25/2015 11:36:17 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/25/2015 11:36:17 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/25/2015 11:35:51 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/25/2015 11:35:51 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/25/2015 10:59:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2015 00:41:24 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (05/25/2015 00:40:05 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/24/2015 10:54:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/25/2015 01:47:53 PM) (Source: volsnap) (EventID: 16) (User: )
Description: Die Schattenkopien von Volume "B:" wurden verworfen, weil die Bereitsstellungaufhebung von Volume "B:", das einen Schattenkopiespeicher für diese Schattenkopie enthält, erzwungen wurde.

Error: (05/25/2015 11:09:16 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (05/25/2015 11:09:15 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (05/25/2015 10:59:28 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (05/25/2015 10:59:28 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt

	Feature: %%886

	Fehlercode: 0x80070005

	Fehlerbeschreibung: Zugriff verweigert 

	Grund: %%892

Error: (05/25/2015 10:58:26 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (05/24/2015 10:58:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/24/2015 10:58:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/24/2015 10:58:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Acronis Sync Agent Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/24/2015 10:58:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage-Technologie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================
Error: (05/25/2015 01:50:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (05/25/2015 11:36:19 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\{user}\Desktop\esetsmartinstaller_deu.exe

Error: (05/25/2015 11:36:17 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\{user}\Desktop\esetsmartinstaller_deu.exe

Error: (05/25/2015 11:36:17 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\{user}\Desktop\esetsmartinstaller_deu.exe

Error: (05/25/2015 11:35:51 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\{user}\Desktop\esetsmartinstaller_deu.exe

Error: (05/25/2015 11:35:51 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\{user}\Desktop\esetsmartinstaller_deu.exe

Error: (05/25/2015 10:59:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2015 00:41:24 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\CommunicationsClients\OutlookIntegration\OLI.dll.ManifestC:\Program Files (x86)\CommunicationsClients\OutlookIntegration\OLI.dll.Manifest4

Error: (05/25/2015 00:40:05 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\ASUS\ai suite ii\asus mobilink\simulator\killproc.exe

Error: (05/24/2015 10:54:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2015-05-22 21:08:44.299
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-22 21:08:44.267
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3930K CPU @ 3.20GHz
Percentage of memory in use: 9%
Total physical RAM: 61388.67 MB
Available physical RAM: 55656.71 MB
Total Pagefile: 61386.88 MB
Available Pagefile: 55540.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive b: (Backup) (Fixed) (Total:1863.01 GB) (Free:1862.87 GB) NTFS
Drive c: () (Fixed) (Total:447.06 GB) (Free:359.09 GB) NTFS
Drive d: (Data) (Fixed) (Total:476.94 GB) (Free:265.04 GB) NTFS
Drive f: (Filesharing) (Fixed) (Total:5 GB) (Free:4.53 GB) NTFS
Drive g: (EOS_DIGITAL) (Removable) (Total:3.78 GB) (Free:3.13 GB) FAT32
Drive l: (Kingston USB3-Stick) (Removable) (Total:14.92 GB) (Free:14.83 GB) NTFS
Drive m: (Movies) (Fixed) (Total:1863.01 GB) (Free:1298.24 GB) NTFS
Drive n: (SanDisk USB3-Stick) (Fixed) (Total:58.43 GB) (Free:58.34 GB) NTFS
Drive o: (TREKSTORUSB) (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT32
Drive s: (Software) (Fixed) (Total:471.94 GB) (Free:407.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 447.2 GB) (Disk ID: 1ECE2817)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: 6F03043C)
Partition 1: (Not Active) - (Size=471.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: 6F03043B)
Partition 1: (Not Active) - (Size=476.9 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: EDA3CD21)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: BECFC4AC)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 3.8 GB) (Disk ID: 98D2A730)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0C)

========================================================
Disk: 10 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: 00001511)
Partition 1: (Active) - (Size=14.9 GB) - (Type=07 NTFS)

========================================================
Disk: 11 (Size: 58.4 GB) (Disk ID: DB7EA1FC)
Partition 1: (Not Active) - (Size=58.4 GB) - (Type=07 NTFS)

========================================================
Disk: 12 (Size: 967.5 MB) (Disk ID: 0217934C)
Partition 1: (Active) - (Size=967 MB) - (Type=0B)

==================== End of log ============================
         
Zu Deiner Frage:
"Noch Probleme?"

- Der Rechner läuft stabil. Ich merke keine böse Software mehr.

- Ich kann im Moment nicht mit anderen Rechnern (z.B. von der Arbeit aus) auf meine Oberfläche zugreifen, weil in irgendeinem Schritt mein (U)VNC-Dienst gekillt wurde.

- Ich weiß immer noch nicht, wo die Malware herkam, aber das ist wahrscheinlich auch nicht so leicht herauszufinden.

Wie immer: Ich warte geduldig auf den nächsten Schritt und bedanke mich mal wieder sehr herzlich.

Alt 26.05.2015, 06:33   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes) - Standard

Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes)



VNC neu installieren. Nachvollziehbar ist das leider nicht. Geht der VNC dann wieder?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.05.2015, 07:05   #15
Johannes85
 
Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes) - Standard

Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes)



Hallo schrauber!

Ich hab den VNC-Service neu installiert und dabei gleichzeitig die Version von VNC geupdatet. Jetzt läuft VNC wieder.

Kommt jetzt das große Aufräumen?

Liebe Grüße

Johannes

Antwort

Themen zu Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes)
anmeldung, antimalware, appdata, autostart, browser, code, control, delta-homes, dienst, einstellungen, firefox, forum, internet, meldung, microsoft, namen, neue, nicht mehr, picexa, programm, programme, rechner, seite, seiten, software, startseite, verlauf



Ähnliche Themen: Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes)


  1. Delta-Homes.com redirect entfernen
    Anleitungen, FAQs & Links - 11.10.2015 (2)
  2. delta-homes
    Plagegeister aller Art und deren Bekämpfung - 24.08.2015 (22)
  3. Win 8.1: Picexa, Delta-homes, LuckySearches, protectservice, Xtab Malware?
    Plagegeister aller Art und deren Bekämpfung - 19.06.2015 (5)
  4. delta-homes als Startseite
    Log-Analyse und Auswertung - 04.06.2015 (19)
  5. Winzipper und delta homes
    Log-Analyse und Auswertung - 28.05.2015 (19)
  6. Windows 8.1: Adware (delta-homes) und SpyHunter entfernen
    Plagegeister aller Art und deren Bekämpfung - 28.05.2015 (9)
  7. Plötzlich Software "picexa.exe" installiert, "delta-homes.com" als Startseite in sämtlichen Browsern
    Log-Analyse und Auswertung - 10.04.2015 (11)
  8. Delta Homes, noch nicht Entfernt.
    Plagegeister aller Art und deren Bekämpfung - 30.03.2015 (7)
  9. DELTA- Homes geht net weg
    Plagegeister aller Art und deren Bekämpfung - 22.12.2014 (13)
  10. Delta-homes hijack
    Plagegeister aller Art und deren Bekämpfung - 17.12.2014 (9)
  11. Den Trojaner Delta Homes von meinem PC entfernen
    Log-Analyse und Auswertung - 02.04.2014 (13)
  12. Delta-Homes bzw. QV06 in IE, FF und Chrome
    Plagegeister aller Art und deren Bekämpfung - 14.12.2013 (9)
  13. Delta-Homes im Firefox nicht zu entfernen
    Log-Analyse und Auswertung - 27.10.2013 (4)
  14. Delta Homes wie bekomme ich es weg?
    Plagegeister aller Art und deren Bekämpfung - 25.08.2013 (5)
  15. Firefox: Delta Homes
    Plagegeister aller Art und deren Bekämpfung - 11.07.2013 (13)

Zum Thema Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes) - Hallo liebes Forum, heute morgen habe ich auf meinem Rechner die Software Picexa.exe gefunden. Ich habe diese NICHT selbst installiert. Außerdem waren in meinen Browsern Firefox und Chrome die Startseiten, - Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes)...
Archiv
Du betrachtest: Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.