Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.06.2015, 15:19   #1
Picard
 
Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL - Standard

Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL



Hallo liebes Trojaner-Board,

vor einigen Jahren habt Ihr mir schon mal super geholfen und mir wertvolle Tools näher gebracht. So kam ich über die Jahre gut alleine zurecht. Doch diesmal ist es wieder mal ein schwerwiegenderer Fall, den ich alleine nicht beheben kann:

Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start (64-bit) mit MSN-Deutschland-Website mit sonderbarer URL (oder manchmal blockiert K9-Webprotection diese sonderbare automatische Startseite).

Ich habe schon in der Erfahrung gebracht, dass Firefox keine automatische Startfunktion hat, daher gehe ich davon aus, dass ein Malware-Problem vorliegt. Diverse Bereinigungen haben aber nichts gebracht. Daher wende ich mich an Euch.

Ich habe heute und morgen frei und kann, muss und will das gerne in dieser Zeit erledigen. Werde also immer zeitnah antworten, falls Ihr mir hilfreiche Hinweise zum Vorgehen gebt und werde Sie eins zu eins umsetzen. Cosinus hat mir letztes Mal super strukturiert geholfen. Ich nehme aber auch mit jedem anderem Experten von Euch vorlieb. Danke schon mal - mit großer Bitte um Hilfe!

Viele Grüße
Picard

Alt 15.06.2015, 15:43   #2
Warlord711
/// TB-Ausbilder
 
Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL - Standard

Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL



Hallo Picard



Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Hier findest du die Anleitung für Hilfesuchende
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scans durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg.

Wir arbeiten hier alle freiwillig und meist auch nur in unserer Freizeit. Daher kann es bei Antworten zu Verzögerungen kommen.
Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist.


Führe sämtliche Tools mit administrativen Rechten aus, Vista, Win7,Win8 User mit Rechtsklick "als Administrator starten".

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Cursor zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 15.06.2015, 16:14   #3
Picard
 
Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL - Standard

Schritt 1 und 2: Defogger und FRST64 - Logs und Addition



Hallo Timo, danke für Deine prompte Antwort!
Trojaner-Board, wie letztes Mal auch, einfach klasse!

Ich vergaß eingangs zu erwähnen: Die Startseite in FF ist eigentlich google.de. Deshalb verwundert es umso mehr, dass sich FF mit MSN Deutschland automatisch öffnet - nicht nur, dass er sich überhaupt beim Windowsstart automatisch öffnet.

Hier die Logs:

1. Defogger (ohne Fehlermeldung, dennoch zur Sicherheit mit Log):

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:51 on 15/06/2015 (Picard)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
2. FRST64: FRST.txt


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Picard (administrator) on ENTERPRISE on 15-06-2015 16:56:04
Running from C:\Users\Picard\Desktop
Loaded Profiles: Picard (Available Profiles: Picard)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
() C:\Program Files\NetDrive\nd2svc.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Flux Software LLC) C:\Users\Picard\AppData\Local\FluxSoftware\Flux\flux.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [903384 2013-07-24] (Conexant Systems, Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [478984 2012-12-15] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM-x32\...\Run: [BCSSync] => C:\MS Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Jabra Direct] => C:\Program Files (x86)\Jabra\Direct\JabraDirect.exe [918016 2015-03-17] (GN Netcom A/S)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Atheros Communications)
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [429792 2013-04-11] (AppEx Networks Corporation)
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Run: [f.lux] => C:\Users\Picard\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-15] (SUPERAntiSpyware)
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\MountPoints2: {cda14533-ddda-11e4-be8e-689423c584e4} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\MountPoints2: {cda1453a-ddda-11e4-be8e-689423c584e4} - "E:\AutoRun.exe" 
SSODL: EldosMountNotificator-cbfs5 - {7A35CB49-0B54-4454-8B23-20588639589D} - C:\WINDOWS\system32\cbfsMntNtf5.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs5 - {7A35CB49-0B54-4454-8B23-20588639589D} - C:\WINDOWS\SysWOW64\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs5] -> {A36E313B-FFD9-44BD-9C0F-4F2ED9A8AE3F} => C:\WINDOWS\system32\cbfsMntNtf5.dll [2015-05-22] (EldoS Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs5] -> {A36E313B-FFD9-44BD-9C0F-4F2ED9A8AE3F} => C:\WINDOWS\SysWOW64\cbfsMntNtf5.dll [2015-05-22] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\MS Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\MS Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\MS Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\MS Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\MS Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.de
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.de
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2305788995-4209846984-3758418705-1001 -> {045ADA50-4597-4A09-9AF5-EE389F7EF7A6} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\MS Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-14] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\MS Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-02-24] (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-14] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - &CAS Info@Click - {69128F97-9C35-4881-9ED4-5A23A97A2E3D} - C:\Program Files (x86)\CAS-PIA\InfoClick\icDeskBar.dll [2014-06-03] (CAS Software AG)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Picard\AppData\Roaming\Mozilla\Firefox\Profiles\lcxsgorf.default-1434301459440
FF DefaultSearchEngine: LEO Eng-Deu
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-18] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-12-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @cas.de/InfoClick -> C:\Program Files (x86)\CAS-PIA\InfoClick\npInfoClick.dll [2014-06-03] (CAS Software AG)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\MSOFFI~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\MSOFFI~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-12-15] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2305788995-4209846984-3758418705-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Extension: Adblock Plus - C:\Users\Picard\AppData\Roaming\Mozilla\Firefox\Profiles\lcxsgorf.default-1434301459440\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-14]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\Program Files (x86)\Free Download Manager\Firefox\Extension
FF Extension: Free Download Manager plugin - C:\Program Files (x86)\Free Download Manager\Firefox\Extension [2015-03-31]
FF HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\ProgramData\Free Download Manager\Firefox\Extensions\1.7.3.1
FF Extension: Free Download Manager plugin - C:\ProgramData\Free Download Manager\Firefox\Extensions\1.7.3.1 [2015-04-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [File not signed]
R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2647256 2014-01-24] (Blue Coat Systems, Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-25] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-06] (ELAN Microelectronics Corp.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-06-14] (SurfRight B.V.)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 Microsoft SharePoint Workspace Audit Service; C:\MS Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2013-01-28] ()
R2 NetDrive2_Service_NetDrive2; C:\Program Files\NetDrive\nd2svc.exe [638008 2015-06-05] ()
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-03] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2014-07-26] (Dritek System INC.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
R2 bckd; C:\Windows\System32\drivers\bckd.sys [126168 2014-01-24] (Blue Coat Systems, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 cbfs5; C:\WINDOWS\system32\drivers\cbfs5.sys [422080 2015-05-22] (EldoS Corporation)
S3 JabraDFU; C:\Windows\System32\Drivers\JabraBcDfuX64.sys [39288 2015-03-03] (GN Netcom A/S)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2014-07-26] (Dritek System Inc.)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-15 16:56 - 2015-06-15 16:56 - 00024480 ____C C:\Users\Picard\Desktop\FRST.txt
2015-06-15 16:52 - 2015-06-15 16:52 - 00063162 ____C C:\Users\Picard\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board.htm
2015-06-15 16:51 - 2015-06-15 16:52 - 00000476 ____C C:\Users\Picard\Desktop\defogger_disable.log
2015-06-15 16:51 - 2015-06-15 16:51 - 00000000 ____C C:\Users\Picard\defogger_reenable
2015-06-15 16:33 - 2015-06-15 16:33 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\SUPERAntiSpyware.com
2015-06-15 16:32 - 2015-06-15 16:33 - 00000000 ___DC C:\Program Files\SUPERAntiSpyware
2015-06-15 16:32 - 2015-06-15 16:32 - 00001828 ____C C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-06-15 16:32 - 2015-06-15 16:32 - 00000000 ___DC C:\ProgramData\SUPERAntiSpyware.com
2015-06-15 16:32 - 2015-06-15 16:32 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-06-15 15:42 - 2015-06-15 15:42 - 00000077 ____C C:\WINDOWS\setupact.log
2015-06-15 15:42 - 2015-06-15 15:42 - 00000000 ____C C:\WINDOWS\setuperr.log
2015-06-15 15:41 - 2015-06-15 15:42 - 05097616 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-15 07:23 - 2015-06-15 07:23 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-15 07:23 - 2015-06-15 07:23 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-15 07:23 - 2015-06-15 07:23 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-15 06:40 - 2015-06-15 16:07 - 00121095 ____C C:\WINDOWS\WindowsUpdate.log
2015-06-14 23:31 - 2015-06-14 23:30 - 00450771 ___RC C:\WINDOWS\system32\Drivers\etc\hosts.20150614-233136.backup
2015-06-14 23:30 - 2013-08-22 15:25 - 00000824 ____C C:\WINDOWS\system32\Drivers\etc\hosts.20150614-233012.backup
2015-06-14 23:25 - 2015-06-14 23:25 - 00000000 ___DC C:\Users\Picard\Documents\ProcAlyzer Dumps
2015-06-14 22:20 - 2015-06-15 06:13 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy
2015-06-14 22:20 - 2015-06-14 22:25 - 00000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-06-14 22:20 - 2015-06-14 22:20 - 00000000 ___DC C:\WINDOWS\System32\Tasks\Safer-Networking
2015-06-14 22:20 - 2013-09-20 10:49 - 00021040 ____C (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2015-06-14 22:02 - 2015-06-15 16:45 - 02109952 ____C (Farbar) C:\Users\Picard\Desktop\FRST64.exe
2015-06-14 22:02 - 2015-06-14 20:38 - 00781312 ___RC C:\Users\Picard\Desktop\delfix_1.010.exe
2015-06-14 22:02 - 2015-06-14 20:38 - 00448512 ___RC (OldTimer Tools) C:\Users\Picard\Desktop\TFC.exe
2015-06-14 22:02 - 2015-06-14 20:38 - 00050477 ___RC C:\Users\Picard\Desktop\Defogger.exe
2015-06-14 22:02 - 2015-06-14 20:28 - 01107968 ___RC C:\Users\Picard\Desktop\RSIT.exe
2015-06-14 22:02 - 2015-06-14 20:28 - 00380416 ___RC C:\Users\Picard\Desktop\Gmer-19357.exe
2015-06-14 22:02 - 2015-06-14 20:27 - 01137360 ___RC (F-Secure Corporation) C:\Users\Picard\Desktop\fsbl.exe
2015-06-14 22:02 - 2015-06-14 19:35 - 52822240 ___RC (Microsoft Corporation) C:\Users\Picard\Desktop\Windows-KB890830-x64-V5.25.exe
2015-06-14 22:02 - 2015-06-14 19:01 - 01988928 ___RC (Kaspersky Lab) C:\Users\Picard\Desktop\kss15.0.0.737en_ru_de_fr_es_it_zh-hans_pl_tr_nl_cs_7691.exe
2015-06-14 22:02 - 2015-06-14 19:00 - 172834064 ___RC (Microsoft Corporation) C:\Users\Picard\Desktop\msert.exe
2015-06-14 22:02 - 2015-06-14 19:00 - 00388608 ___RC (Trend Micro Inc.) C:\Users\Picard\Desktop\HijackThis.exe
2015-06-14 22:02 - 2015-06-14 18:57 - 22171408 ___RC (SUPERAntiSpyware) C:\Users\Picard\Desktop\SUPERAntiSpyware.exe
2015-06-14 21:24 - 2015-06-14 21:23 - 00097888 ____C (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-06-14 21:23 - 2015-06-14 21:23 - 00000000 ___DC C:\Program Files (x86)\Java
2015-06-14 20:46 - 2015-06-14 20:55 - 00000000 ___DC C:\Program Files (x86)\trend micro
2015-06-14 20:46 - 2015-06-14 20:46 - 00000000 ___DC C:\rsit
2015-06-14 20:03 - 2015-06-14 20:03 - 00001098 ____C C:\WINDOWS\system32\.crusader
2015-06-14 20:01 - 2015-06-14 20:01 - 00001982 ____C C:\WINDOWS\system32\start.txt
2015-06-14 15:14 - 1998-04-24 00:00 - 00368912 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbar332.dll
2015-06-14 12:47 - 2015-06-14 19:56 - 00000000 __HDC C:\Drm
2015-06-10 21:52 - 2015-05-27 16:35 - 24917504 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 21:52 - 2015-05-27 16:08 - 19607040 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 21:52 - 2015-05-23 05:15 - 00503808 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 21:52 - 2015-05-23 05:14 - 00341504 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 21:52 - 2015-05-23 05:10 - 02278912 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 21:52 - 2015-05-23 05:05 - 00664064 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 21:52 - 2015-05-23 05:04 - 00620032 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 21:52 - 2015-05-23 04:48 - 00076288 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 21:52 - 2015-05-23 04:47 - 04305920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 21:52 - 2015-05-23 04:47 - 00285696 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 21:52 - 2015-05-23 04:47 - 00128000 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 21:52 - 2015-05-23 04:43 - 00880128 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 21:52 - 2015-05-23 04:38 - 00689152 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 21:52 - 2015-05-23 04:38 - 00327168 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 21:52 - 2015-05-23 04:37 - 02052608 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 21:52 - 2015-05-23 04:28 - 12829696 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 21:52 - 2015-05-23 04:28 - 01042944 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 21:52 - 2015-05-23 04:20 - 01950720 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 21:52 - 2015-05-23 04:16 - 01309696 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 21:52 - 2015-05-23 04:14 - 00710144 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 21:52 - 2015-05-22 21:00 - 02885632 ____C (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 21:52 - 2015-05-22 21:00 - 00584192 ____C (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 21:52 - 2015-05-22 21:00 - 00417792 ____C (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 21:52 - 2015-05-22 20:52 - 06026240 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 21:52 - 2015-05-22 20:48 - 00633856 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 21:52 - 2015-05-22 20:47 - 00816640 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 21:52 - 2015-05-22 20:47 - 00814080 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 21:52 - 2015-05-22 20:24 - 00092160 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 21:52 - 2015-05-22 20:23 - 00145408 ____C (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 21:52 - 2015-05-22 20:21 - 00316928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 21:52 - 2015-05-22 20:15 - 01032704 ____C (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 21:52 - 2015-05-22 20:09 - 00262144 ____C (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 21:52 - 2015-05-22 20:08 - 00374272 ____C (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 21:52 - 2015-05-22 20:06 - 00801280 ____C (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 21:52 - 2015-05-22 20:05 - 02125824 ____C (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 21:52 - 2015-05-22 19:57 - 14404096 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 21:52 - 2015-05-22 19:50 - 02426880 ____C (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 21:52 - 2015-05-22 19:49 - 02865152 ____C (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 21:52 - 2015-05-22 19:38 - 01545728 ____C (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 21:52 - 2015-05-22 19:26 - 00800768 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 21:50 - 2015-05-21 18:47 - 04177920 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-10 21:50 - 2015-04-25 04:34 - 00653824 ____C (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 21:50 - 2015-04-25 04:33 - 00549888 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-08 23:39 - 2015-06-14 14:09 - 00000000 ___DC C:\Program Files\HitmanPro
2015-06-08 23:38 - 2015-06-14 20:03 - 00000000 ___DC C:\ProgramData\HitmanPro
2015-06-08 23:32 - 2015-06-08 23:32 - 00000207 ____C C:\WINDOWS\tweaking.com-regbackup-ENTERPRISE-Windows-8.1-(64-bit).dat
2015-06-08 23:32 - 2015-06-08 23:32 - 00000000 ___DC C:\RegBackup
2015-06-08 23:25 - 2015-06-14 21:26 - 00000000 ___DC C:\AdwCleaner
2015-06-08 23:14 - 2015-06-15 16:56 - 00000000 ___DC C:\FRST
2015-06-08 03:33 - 2015-06-08 03:33 - 00000000 ___DC C:\Program Files (x86)\WinHTTrack
2015-06-06 13:16 - 2015-06-06 13:16 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\UBitMenu
2015-06-06 12:15 - 2015-06-06 12:15 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\NetDrive2
2015-06-06 12:09 - 2015-06-08 22:11 - 00000000 ___DC C:\ProgramData\NetDrive2
2015-06-06 12:09 - 2015-06-06 12:09 - 00000000 ___DC C:\Program Files\NetDrive
2015-06-06 12:09 - 2015-05-22 12:17 - 00123688 ____C (EldoS Corporation) C:\WINDOWS\system32\cbfsNetRdr5.dll
2015-06-06 12:09 - 2015-05-22 12:17 - 00009000 ____C (EldoS Corporation) C:\WINDOWS\system32\elevtmsg.dll
2015-06-06 12:09 - 2015-05-22 12:16 - 00224040 ____C (EldoS Corporation) C:\WINDOWS\SysWOW64\cbfsNetRdr5.dll
2015-06-06 12:09 - 2015-05-22 12:16 - 00186152 ____C (EldoS Corporation) C:\WINDOWS\system32\cbfsMntNtf5.dll
2015-06-06 12:09 - 2015-05-22 12:15 - 00159528 ____C (EldoS Corporation) C:\WINDOWS\SysWOW64\cbfsMntNtf5.dll
2015-06-06 12:09 - 2015-05-22 11:55 - 00422080 ____C (EldoS Corporation) C:\WINDOWS\system32\Drivers\cbfs5.sys
2015-06-05 10:58 - 2015-06-05 10:58 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\iterate_GmbH
2015-06-05 09:46 - 2015-06-05 09:46 - 00000000 _SHDC C:\Users\Picard\wc
2015-06-05 09:46 - 2015-06-05 09:46 - 00000000 _SHDC C:\Users\Picard\AppData\Roaming\wyUpdate AU
2015-06-05 09:46 - 2015-06-05 09:46 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\Cyberduck
2015-06-05 09:27 - 2015-06-14 21:46 - 00000000 ___DC C:\Users\Picard\Documents\Outlook-Dateien
2015-06-05 08:59 - 2015-06-05 08:59 - 00001255 ____C C:\WINDOWS\system32\TeamViewer10_Hooks.log
2015-06-04 08:20 - 2015-05-25 15:23 - 00036864 ____C (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-04 08:20 - 2015-05-25 15:07 - 01430528 ____C (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-04 08:20 - 2015-05-22 15:08 - 00700416 ____C (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-04 08:20 - 2015-05-21 15:08 - 01119232 ____C (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-04 08:20 - 2015-05-21 15:08 - 01020928 ____C (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-04 08:20 - 2015-05-21 15:08 - 00756736 ____C (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-04 08:20 - 2015-05-21 15:08 - 00422912 ____C (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-04 08:20 - 2015-05-21 15:08 - 00193536 ____C (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-04 08:20 - 2015-05-21 15:08 - 00045568 ____C (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-04 08:20 - 2015-05-16 00:01 - 00133288 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-06-04 08:20 - 2015-05-15 23:05 - 00066048 ____C (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-06-04 08:20 - 2015-05-15 22:47 - 00355328 ____C (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-06-04 08:20 - 2015-05-15 22:23 - 00027136 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-06-04 08:20 - 2015-05-15 21:42 - 03682304 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-06-04 08:20 - 2015-05-15 21:32 - 00035840 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-06-04 08:20 - 2015-05-15 21:31 - 00140288 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-06-04 08:20 - 2015-05-15 21:28 - 02223104 ____C (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-06-04 08:20 - 2015-05-15 21:28 - 00408064 ____C (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-06-04 08:20 - 2015-05-15 21:28 - 00095744 ____C (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-06-04 08:20 - 2015-05-15 21:27 - 00891904 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-06-04 08:20 - 2015-05-15 21:21 - 00124928 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-06-04 08:20 - 2015-05-15 21:21 - 00029696 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-06-04 08:20 - 2015-05-15 21:19 - 00721920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-06-04 08:20 - 2015-05-15 21:19 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-06-04 08:20 - 2015-04-17 00:07 - 00227328 ____C (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-04 00:10 - 2015-06-04 08:37 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2015-06-02 10:29 - 2015-06-02 10:29 - 00000000 ___DC C:\Users\Picard\AppData\Local\GWX
2015-05-27 10:38 - 2015-06-05 11:31 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\Zoiper
2015-05-27 10:33 - 2015-05-27 10:33 - 00000000 ___DC C:\Program Files (x86)\Zoiper
2015-05-27 10:18 - 2015-05-27 10:18 - 00000000 ___DC C:\Users\Picard\AppData\Local\GN_Netcom_A_S
2015-05-27 10:15 - 2015-05-27 10:15 - 00000000 ___DC C:\ProgramData\Jabra
2015-05-27 10:05 - 2015-05-27 10:05 - 00000094 ____C C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-05-27 10:05 - 2015-05-27 10:05 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\Jabra
2015-05-27 10:03 - 2015-06-06 12:11 - 00000000 ___DC C:\ProgramData\Package Cache
2015-05-27 10:03 - 2015-05-27 10:03 - 00000000 ___DC C:\Program Files (x86)\Jabra
2015-05-27 09:58 - 2015-06-06 12:04 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\InfoClick
2015-05-27 09:58 - 2015-05-27 09:58 - 00000000 ___DC C:\ProgramData\InfoClick
2015-05-27 09:58 - 2015-05-27 09:58 - 00000000 ___DC C:\Program Files (x86)\CAS-PIA
2015-05-27 09:56 - 2015-05-27 09:58 - 00000000 ___DC C:\Program Files (x86)\CAS-Software
2015-05-27 09:56 - 2015-05-27 09:57 - 00000000 ___DC C:\Users\Picard\AppData\Local\Downloaded Installations
2015-05-27 09:43 - 2015-05-27 09:43 - 00000000 ___DC C:\WINDOWS\PCHEALTH
2015-05-27 09:43 - 2015-05-27 09:43 - 00000000 ___DC C:\Program Files (x86)\Microsoft Synchronization Services
2015-05-27 09:43 - 2015-05-27 09:43 - 00000000 ___DC C:\Program Files (x86)\Microsoft Sync Framework
2015-05-27 09:43 - 2015-05-27 09:43 - 00000000 ___DC C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-05-27 09:43 - 2014-08-14 14:12 - 00517632 ____C (www.ipcom.at) C:\WINDOWS\system32\siptapi.tsp
2015-05-27 09:42 - 2015-05-27 09:42 - 00000000 ___DC C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-05-27 09:40 - 2015-05-27 09:40 - 00000000 ___DC C:\Program Files\Microsoft Office
2015-05-27 09:40 - 2015-05-27 09:40 - 00000000 ___DC C:\Program Files (x86)\Microsoft Analysis Services
2015-05-27 09:39 - 2015-05-27 09:43 - 00000000 ___DC C:\MS Office
2015-05-27 09:39 - 2015-05-27 09:39 - 00000000 _RHDC C:\MSOCache
2015-05-27 08:51 - 2015-05-27 09:03 - 00000000 ___DC C:\Program Files (x86)\Google
2015-05-27 08:51 - 2015-05-27 09:02 - 00000000 ___DC C:\Users\Picard\AppData\Local\Google
2015-05-26 22:07 - 2015-06-05 09:27 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\TeamViewer
2015-05-26 22:07 - 2015-05-20 19:15 - 00035112 ____C (TeamViewer GmbH) C:\WINDOWS\system32\Drivers\teamviewervpn.sys
2015-05-26 22:06 - 2015-06-09 10:39 - 00000000 ___DC C:\Program Files (x86)\TeamViewer
2015-05-26 20:44 - 2015-05-26 20:44 - 00000000 ___DC C:\Program Files\Microsoft Silverlight
2015-05-26 20:44 - 2015-05-26 20:44 - 00000000 ___DC C:\Program Files (x86)\Microsoft Silverlight
2015-05-26 20:43 - 2015-04-09 00:41 - 00158720 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-05-26 20:43 - 2015-04-09 00:07 - 00410336 ____C C:\WINDOWS\system32\ApnDatabase.xml
2015-05-26 20:43 - 2015-04-02 00:42 - 03097600 ____C (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-05-26 20:43 - 2015-04-02 00:30 - 02483712 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-05-26 20:43 - 2015-03-20 05:49 - 00309760 ____C (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-05-26 20:43 - 2015-03-20 05:08 - 00477184 ____C (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-05-26 20:43 - 2015-03-20 04:37 - 00367104 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-05-26 20:43 - 2015-03-20 04:07 - 01091072 ____C (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-05-26 20:43 - 2015-03-02 03:43 - 00222208 ____C (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-05-26 20:43 - 2015-03-02 03:21 - 00207872 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-05-26 20:42 - 2015-04-16 08:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-05-26 20:42 - 2015-04-14 00:37 - 00275968 ____C (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-05-26 20:42 - 2015-04-14 00:34 - 00180224 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-05-26 20:42 - 2015-04-10 02:40 - 01249280 ____C (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-05-26 20:42 - 2015-04-10 02:17 - 01018880 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-05-26 20:42 - 2015-04-01 06:21 - 00337408 ____C (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-05-26 20:42 - 2015-04-01 06:18 - 00468480 ____C (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-05-26 20:42 - 2015-04-01 06:17 - 00248832 ____C (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-05-26 20:42 - 2015-04-01 06:08 - 00774144 ____C (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-05-26 20:42 - 2015-04-01 05:46 - 03633664 ____C (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-05-26 20:42 - 2015-04-01 05:17 - 02551808 ____C (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-05-26 20:42 - 2015-04-01 05:17 - 00903168 ____C (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-05-26 20:42 - 2015-04-01 04:53 - 00391680 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-05-26 20:42 - 2015-04-01 04:53 - 00272896 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-05-26 20:42 - 2015-04-01 04:45 - 02749952 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-05-26 20:42 - 2015-04-01 04:45 - 00699392 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-05-26 20:42 - 2015-04-01 04:14 - 01920000 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-05-26 20:42 - 2015-04-01 04:12 - 00710144 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-15 16:51 - 2014-08-24 11:19 - 00000000 ___DC C:\Users\Picard
2015-06-15 16:36 - 2015-05-01 20:54 - 00000884 ____C C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-15 16:02 - 2013-08-22 17:36 - 00000000 ___DC C:\WINDOWS\system32\sru
2015-06-15 15:49 - 2014-08-24 12:14 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5DF3FC2E-3DF6-4C72-8F97-0A77B81A3A5B}
2015-06-15 15:42 - 2013-08-22 16:45 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2015-06-15 15:41 - 2014-09-08 12:18 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\ClassicShell
2015-06-15 15:41 - 2014-08-24 13:09 - 02580686 ____C C:\Users\Public\CAFADEBUG.log
2015-06-15 08:22 - 2014-07-26 21:55 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2305788995-4209846984-3758418705-1001
2015-06-15 08:04 - 2015-03-31 17:42 - 00000000 ___DC C:\Program Files\Blue Coat K9 Web Protection
2015-06-15 07:57 - 2012-07-26 09:59 - 00000000 ___DC C:\WINDOWS\CbsTemp
2015-06-15 06:37 - 2014-08-24 13:13 - 00000000 ___DC C:\Users\Picard\AppData\Local\CrashDumps
2015-06-15 06:26 - 2015-03-29 10:52 - 00000000 __HDC C:\Shared
2015-06-14 22:22 - 2015-03-31 17:58 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sicherheit
2015-06-14 22:21 - 2015-03-29 20:39 - 00000000 __RDC C:\Quick Launch
2015-06-14 21:24 - 2015-04-03 18:59 - 00000000 ___DC C:\ProgramData\Oracle
2015-06-14 21:21 - 2014-07-26 22:20 - 00000000 ___DC C:\Users\Picard\Documents\Bluetooth Folder
2015-06-14 19:23 - 2015-03-31 17:11 - 00136408 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-14 17:52 - 2015-03-29 07:48 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System
2015-06-14 16:53 - 2015-03-31 16:16 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\Free Download Manager
2015-06-14 16:50 - 2015-04-01 17:37 - 00000000 _SHDC C:\Users\Picard\AppData\Local\EmieBrowserModeList
2015-06-14 16:50 - 2014-08-24 12:14 - 00000000 _SHDC C:\Users\Picard\AppData\Local\EmieUserList
2015-06-14 16:50 - 2014-08-24 12:14 - 00000000 _SHDC C:\Users\Picard\AppData\Local\EmieSiteList
2015-06-14 16:27 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-14 16:16 - 2013-08-22 17:36 - 00000000 ___DC C:\WINDOWS\AppReadiness
2015-06-14 15:12 - 2015-03-31 17:13 - 00000000 ___DC C:\Users\Picard\Documents\Calibre-Bibliothek
2015-06-14 15:05 - 2015-03-28 21:50 - 00000000 ___DC C:\Users\Picard\AppData\Local\Deployment
2015-06-14 14:26 - 2014-03-18 12:03 - 01776918 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-14 14:26 - 2014-03-18 11:25 - 00765582 ____C C:\WINDOWS\system32\perfh007.dat
2015-06-14 14:26 - 2014-03-18 11:25 - 00159366 ____C C:\WINDOWS\system32\perfc007.dat
2015-06-11 11:15 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-11 09:16 - 2013-08-22 17:36 - 00000000 ___DC C:\WINDOWS\PolicyDefinitions
2015-06-10 22:26 - 2015-03-29 11:38 - 00000000 ___DC C:\ProgramData\Microsoft Help
2015-06-10 22:22 - 2014-08-22 17:42 - 00000000 ___DC C:\WINDOWS\system32\MRT
2015-06-10 22:15 - 2014-08-22 17:42 - 140135120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-10 22:12 - 2012-07-26 07:26 - 00000199 ____C C:\WINDOWS\win.ini
2015-06-09 21:28 - 2015-03-29 11:38 - 00000000 ___DC C:\Users\Picard\AppData\Local\Microsoft Help
2015-06-09 14:47 - 2014-03-18 11:40 - 00000000 ___DC C:\Program Files\Windows Journal
2015-06-08 22:59 - 2015-03-31 17:09 - 00000000 ___DC C:\Program Files\CCleaner
2015-06-08 22:59 - 2015-03-29 07:47 - 00000000 __RDC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet
2015-06-06 12:15 - 2014-07-26 21:48 - 00000000 ___DC C:\Users\Picard\AppData\Local\VirtualStore
2015-06-05 12:10 - 2015-03-28 17:38 - 00000000 __RDC C:\Program Files (x86)\Skype
2015-06-05 11:16 - 2015-03-29 07:54 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro
2015-06-05 09:59 - 2013-08-22 17:36 - 00000000 ___DC C:\WINDOWS\system32\NDF
2015-06-05 08:52 - 2015-04-09 02:45 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\vlc
2015-06-04 08:37 - 2014-09-08 09:00 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-04 08:35 - 2015-04-08 12:32 - 00000000 ___DC C:\WINDOWS\system32\appraiser
2015-06-04 08:35 - 2015-03-28 19:42 - 00000000 __SDC C:\WINDOWS\system32\CompatTel
2015-06-03 18:18 - 2015-03-28 19:58 - 00792568 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-03 18:18 - 2015-03-28 19:58 - 00178168 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-27 13:12 - 2014-09-08 10:51 - 00000000 ___DC C:\Program Files (x86)\Microsoft Office
2015-05-27 09:41 - 2013-08-22 17:36 - 00000000 ___DC C:\Program Files\Common Files\microsoft shared
2015-05-27 09:40 - 2014-03-18 11:40 - 00000000 ___DC C:\WINDOWS\ShellNew
2015-05-27 09:06 - 2015-03-31 12:12 - 00000000 ___DC C:\Program Files (x86)\WinZip
2015-05-27 04:26 - 2015-03-31 17:10 - 00000000 ___DC C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-26 20:51 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-05-26 20:21 - 2015-03-29 20:54 - 00000000 ___DC C:\Users\Picard\AppData\Local\clear.fi
2015-05-26 20:21 - 2013-03-12 18:59 - 00000000 ___DC C:\Program Files (x86)\Acer
2015-05-26 20:11 - 2014-08-24 11:32 - 00000000 ___DC C:\Program Files (x86)\MSBuild
2015-05-22 05:54 - 2015-03-28 21:11 - 00003108 ____C C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2305788995-4209846984-3758418705-1001
2015-05-22 05:54 - 2015-03-28 21:11 - 00000000 __RDC C:\Users\Picard\OneDrive
2015-05-20 21:51 - 2015-03-28 19:44 - 00000000 __SDC C:\WINDOWS\SysWOW64\GWX
2015-05-20 21:51 - 2015-03-28 19:44 - 00000000 __SDC C:\WINDOWS\system32\GWX
2015-05-18 07:15 - 2015-05-01 20:54 - 00003772 ____C C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-05-18 07:15 - 2015-03-28 20:37 - 00000000 ___DC C:\Users\Picard\AppData\Local\Adobe
2015-05-16 23:50 - 2015-04-11 19:05 - 00000000 ___DC C:\Users\Picard\Documents\My Kindle Content

==================== Files in the root of some directories =======

2014-07-26 20:45 - 2014-07-26 20:45 - 0000000 ___HC () C:\ProgramData\DP45977C.lfl
2015-05-27 10:05 - 2015-05-27 10:05 - 0000094 ____C () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\Picard\AppData\Local\Temp\k9-webprotection-4.4.276.exe


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\clauth1.dll
C:\Windows\SysWOW64\clauth2.dll
C:\Windows\SysWOW64\nsprs.dll
C:\Windows\SysWOW64\serauth1.dll
C:\Windows\SysWOW64\serauth2.dll
C:\Windows\SysWOW64\ssprs.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-15 16:37

==================== End of log ============================
         
--- --- ---

--- --- ---



3. FRST64: Addition.txt

Additional FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Picard at 2015-06-15 16:57:11
Running from C:\Users\Picard\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2305788995-4209846984-3758418705-500 - Administrator - Disabled)
Picard (S-1-5-21-2305788995-4209846984-3758418705-1001 - Administrator - Enabled) => C:\Users\Picard
Gast (S-1-5-21-2305788995-4209846984-3758418705-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3011 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3012 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3125 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3204 - Acer Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 20.2.42.43579 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 20.2.42.43579 - Alcor Micro Corp.) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon Kindle (HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Amazon Kindle) (Version:  - Amazon)
AMD Catalyst Install Manager (HKLM\...\{1B906F85-EA56-5379-F10B-1BA6530240DC}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.5 - Atheros Communications Inc.)
Avaya IP Integration (x32 Version: 1.0.9987.0 - GN Netcom A/S) Hidden
Avaya one-X Integration (x32 Version: 1.0.10041.0 - GN Netcom A/S) Hidden
Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden
Basic Support (x32 Version: 1.0.9944.0 - GN Netcom A/S) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BIZ 2300 Family (x32 Version: 1.0.9881.0 - GN Netcom A/S) Hidden
BIZ 2400 II (x32 Version: 1.0.9855.0 - GN Netcom A/S) Hidden
BIZ2400_II_CCSetup (x32 Version: 1.0.9722.0 - GN Netcom A/S) Hidden
BIZ2400_LINK280 (x32 Version: 1.0.9672.0 - GN Netcom A/S) Hidden
Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.4.276 - Blue Coat Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadsoft Integration (x32 Version: 1.0.9989.0 - GN Netcom A/S) Hidden
calibre 64bit (HKLM\...\{39CE621D-C455-4054-8824-712AAAE0C60C}) (Version: 2.22.0 - Kovid Goyal)
CallManager (x32 Version: 1.0.9717.0 - GN) Hidden
CAS Info@Click (HKLM-x32\...\InfoClick) (Version: 3.0 - CAS Software AG)
CAS PIA Add-Ins (HKLM-x32\...\{370D68EE-D2B7-42D8-A368-A85A300CDF25}) (Version: 5.0 - CAS Software AG)
CAS Smart Add-on (HKLM-x32\...\{BE3AAA51-EAF6-4BD7-B458-9A3D7306075C}) (Version: 1.0.2 - CAS Software AG)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Cisco IP Communicator Integration (x32 Version: 1.0.9990.0 - GN Netcom A/S) Hidden
Cisco Jabber Integration (x32 Version: 1.0.10028.0 - GN Netcom A/S) Hidden
Cisco UC Integration (x32 Version: 1.0.9992.0 - GN Netcom A/S) Hidden
Cisco WebEx Connect Integration (x32 Version: 1.0.9993.0 - GN Netcom A/S) Hidden
Cisco WebEx Connect Integration (x32 Version: 1.0.9994.0 - GN Netcom A/S) Hidden
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3112 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3109 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.2128 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2112 - CyberLink Corp.) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.4.51 - Conexant)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
DFUDriverSetupX64Setup (x32 Version: 1.0.10046.0 - GN Netcom A/S) Hidden
DIAL 550 (x32 Version: 1.0.9655.0 - GN Netcom A/S) Hidden
Djvu2Pdf (HKLM\...\Djvu2Pdf) (Version:  - )
ETDWare PS/2-X64 11.6.27.201_WHQL (HKLM\...\Elantech) (Version: 11.6.27.201 - ELAN Microelectronic Corp.)
EVOLVE20_LINKSetup (x32 Version: 1.0.9882.0 - GN Netcom A/S) Hidden
EVOLVE65Setup (x32 Version: 1.0.9673.0 - GN Netcom A/S) Hidden
f.lux (HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Flux) (Version:  - )
FirmwareUpdater (x32 Version: 1.0.10046.0 - GN) Hidden
Free Download Manager 3.9.4 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
FreeFileSync 6.5 (HKLM-x32\...\FreeFileSync) (Version: 6.5 - Zenju)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
GN2000 Family (x32 Version: 1.0.9657.0 - GN Netcom A/S) Hidden
GO 6470 (x32 Version: 1.0.9674.0 - GN Netcom A/S) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
HANDSET450Setup (x32 Version: 1.0.9659.0 - GN Netcom A/S) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.241 - SurfRight B.V.)
IBM Sametime Integration (x32 Version: 1.0.10059.0 - GN Netcom A/S) Hidden
IBM SPSS Amos 20 (HKLM-x32\...\{58C50F5A-B7E2-4149-8911-B14CEC825F57}) (Version: 20.0.0 - IBM Corp)
IBM SPSS Statistics 21 (HKLM-x32\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Jabra Direct (HKLM-x32\...\{027afb1d-95e4-46ac-94ae-c126fd8c613c}) (Version: 3.0.10078.0 - GN Netcom A/S)
JabraDirect (x32 Version: 3.0.10078.0 - GN Netcom A/S) Hidden
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
JpcsSdkDeviceService (x32 Version: 1.0.9811.0 - GN Netcom A/S) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)
LINK 265 (x32 Version: 1.0.9879.0 - GN Netcom A/S) Hidden
LINK 30/32/33/41 Setup (x32 Version: 1.0.9732.0 - GN Netcom A/S) Hidden
LINK 360 (x32 Version: 1.0.9948.0 - GN Netcom A/S) Hidden
LINK180aSetup (x32 Version: 1.0.9660.0 - GN Netcom A/S) Hidden
LINK220_220ASetup (x32 Version: 1.0.9675.0 - GN Netcom A/S) Hidden
LINK230_260Setup (x32 Version: 1.0.9880.0 - GN Netcom A/S) Hidden
LINK350Setup (x32 Version: 1.0.9676.0 - GN Netcom A/S) Hidden
LINK850Setup (x32 Version: 1.0.9666.0 - GN Netcom A/S) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Acer Incorporated)
Lync Integration (x32 Version: 1.0.9995.0 - GN Netcom A/S) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Maintenance (x32 Version: 10.0.0.0 - GN Netcom A/S) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office 2010 Primary Interop Assemblies (HKLM-x32\...\{90140000-1146-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1150 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.20.00.03 - Huawei Technologies Co.,Ltd)
Motion (x32 Version: 1.0.9681.0 - GN Netcom A/S) Hidden
MOTIONOFFICE (x32 Version: 1.0.9677.0 - GN Netcom A/S) Hidden
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
NEC SP 350 Integration (x32 Version: 1.0.9996.0 - GN Netcom A/S) Hidden
NetDrive2 (HKLM-x32\...\NetDrive2) (Version: 2.5.0.0 - Bdrive Inc.)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9014 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9014 - NTI Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{276FD4A2-030F-8A24-7DFE-9B1384131BCD}) (Version: 1.00.0000 - Ihr Firmenname)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3202 - Acer)
Opera Mail 1.0 (HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Opera 1.0.1040) (Version: 1.0.1040 - Opera Software ASA)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Pdf995 (HKLM-x32\...\Pdf995) (Version: 15.1s - )
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.312.1 - Tracker Software Products Ltd)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PRO 920 and 930 (x32 Version: 1.0.9734.0 - GN Netcom A/S) Hidden
PRO 94X0 Family (x32 Version: 1.0.9668.0 - GN Netcom A/S) Hidden
PRO925_935Setup (x32 Version: 1.0.9678.0 - GN Netcom A/S) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
SDK Integration (x32 Version: 1.0.8564.0 - GN Netcom A/S) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shoretel Integration (x32 Version: 1.0.10047.0 - GN Netcom A/S) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype Integration (x32 Version: 1.0.9999.0 - GN Netcom A/S) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SPEAK 510 Family (x32 Version: 1.0.9679.0 - GN Netcom A/S) Hidden
SPEAK410Setup (x32 Version: 1.0.9636.0 - GN Netcom A/S) Hidden
SPEAK450Setup (x32 Version: 1.0.9637.0 - GN Netcom A/S) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
STEALTH Setup (x32 Version: 1.0.9952.0 - GN Netcom A/S) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)
Supreme (x32 Version: 1.0.9680.0 - GN Netcom A/S) Hidden
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43174 - TeamViewer)
TreeSize Free V3.3.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software)
UBitMenuDE (HKLM-x32\...\{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1) (Version: 01.04 - UBit Schweiz AG)
UC VOICE A Family (x32 Version: 1.0.9669.0 - GN Netcom A/S) Hidden
UC Voice Family (x32 Version: 1.0.9670.0 - GN Netcom A/S) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
Winamp (nur entfernen) (HKLM-x32\...\Winamp) (Version:  - )
WinHTTrack Website Copier 3.48-21 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.48.21 - HTTrack)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinWget version 0.20 beta (HKLM-x32\...\WinWget_is1) (Version: 0.20 - WinWget Team)
WinZip (HKLM-x32\...\WinZip) (Version:  8.1  (4331) - WinZip Computing, Inc.)
Zoiper (HKLM-x32\...\Zoiper) (Version: 3.60 - Securax LTD)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2305788995-4209846984-3758418705-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Picard\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

14-06-2015 20:02:28 Prüfpunkt von HitmanPro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2015-06-14 23:31 - 00450771 ___RC C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {13C16FCC-A0F9-4D65-A4BE-70FAFDE7C858} - \CreateChoiceProcessTask No Task File <==== ATTENTION
Task: {2114BBA4-AD52-43D3-9AC2-C5978DA9C9F9} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-10-23] (Acer Incorporated)
Task: {2C1E71A3-6AB7-4BB8-8E48-DCA2ECCAD2F7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-18] (Adobe Systems Incorporated)
Task: {3CE8EB79-3AC9-4B7C-B3DB-0BDB3278EE02} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-23] ()
Task: {3F0DF8EB-0D03-4CEE-8B2B-8DBA7520BA3B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {4700B987-B11B-4187-9952-32E5A7056B14} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-11-06] ()
Task: {515503D6-640E-47F9-8A3A-0E7E7CE2C6EF} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {557E66B3-3894-407D-BBB1-5041E3616645} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {5988A580-7FE2-4C4C-910C-DB38D88536C8} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {61129729-D897-441B-97A6-98D59861F639} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {635F0967-47B2-4EC0-8ABE-787122F9BFEB} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {6445E2BB-DCC0-4518-83D9-4CE6FE74F1AB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {8C87D317-26B4-4675-A93B-ECF9F179F30A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {9B21F4D0-BF6C-4FBD-988E-F961C71B255C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {A9D50077-EC97-450F-B62B-153EE4528F04} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {AD6F4FB2-9B72-47EF-8C55-846A824909D7} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {AF83580F-0ADE-4F0F-9AAB-BCABC0D67426} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {D49D2B68-5781-41E4-B6BB-E4E0513B49C4} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-23] ()
Task: {E2DDB078-9CF7-4079-83E4-EB8E57F9E819} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2305788995-4209846984-3758418705-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {E91D4F9F-838E-4B2F-A7F8-D36C003201A1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {E9491759-7664-4A24-A3A6-0B4446B8F165} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-20] (CyberLink)
Task: {ED63E010-0997-4013-8116-2D1226804981} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-31 15:18 - 2014-03-05 11:18 - 00040448 ____C () C:\WINDOWS\System32\pdf995mon64.dll
2015-03-31 15:01 - 2012-06-21 07:25 - 00113152 ____C () C:\WINDOWS\System32\redmon64.dll
2015-05-26 22:12 - 2015-05-20 19:15 - 00020240 ____C () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 ____C () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-03-29 11:26 - 2008-06-20 00:41 - 00062464 ____C () C:\Program Files (x86)\WinRAR\rarext64.dll
2012-06-22 03:12 - 2012-06-22 03:12 - 01407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-11 18:36 - 2013-01-28 04:49 - 00239184 ____C () C:\ProgramData\MobileBrServ\mbbservice.exe
2015-06-05 02:02 - 2015-06-05 02:02 - 00638008 ____C () C:\Program Files\NetDrive\nd2svc.exe
2013-09-07 01:48 - 2013-09-07 01:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 01:45 - 2013-09-07 01:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 01:52 - 2013-09-07 01:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2012-08-23 00:04 - 2012-08-23 00:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2012-08-23 00:04 - 2012-08-23 00:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2015-06-05 02:03 - 2015-06-05 02:03 - 01103360 ____C () C:\Program Files\NetDrive\libxml2.dll
2015-06-05 02:03 - 2015-06-05 02:03 - 00120320 ____C () C:\Program Files\NetDrive\jansson.dll
2015-06-05 02:03 - 2015-06-05 02:03 - 00068096 ____C () C:\Program Files\NetDrive\zlib.dll
2015-06-05 02:03 - 2015-06-05 02:03 - 00207360 ____C () C:\Program Files\NetDrive\libevent.dll
2012-11-03 01:38 - 2012-11-03 01:38 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-11-03 01:38 - 2012-11-03 01:38 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2015-06-14 22:20 - 2014-05-13 12:04 - 00109400 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-06-14 22:20 - 2014-05-13 12:04 - 00167768 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-06-14 22:20 - 2014-05-13 12:04 - 00416600 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-06-14 22:20 - 2012-08-23 10:38 - 00574840 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-06-14 22:20 - 2012-04-03 17:06 - 00565640 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\Control Panel\Desktop\\Wallpaper -> C:\Shared\Anwendungen\Wallpapers\Kleines_Schiff.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "Jabra Direct"
HKLM\...\StartupApproved\Run32: => "SDTray"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{11329D15-BCA5-4C91-AA6D-0A6FB8085916}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{6455D0A8-DC99-4775-BC4E-EA699611F8F4}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{DC869994-02D5-49B5-9A26-46E7D5F713D5}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{01AD020D-3E4E-4A14-9154-E990358F8130}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{2D7C30A0-A7A5-408F-B7F4-8DBA9C2709A6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{D833FC70-D583-4138-AECF-1EE924098ED3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{CFBC7B5D-DAEC-448E-8A63-6541C67C6811}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{B0DB795B-2846-48AA-BACF-BCADDB1DF052}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{A6A64E2B-3E6E-450A-9F69-168559B97464}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{BD85B436-C120-42E1-8A68-E34BF682CAAA}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{0D740EA6-013F-430B-A2A6-29A9E0B3F9E4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{A0F69C6F-08B3-4CF7-AC10-A430CF10A528}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{C8F31CA8-9EE8-4491-9747-47A512ABA240}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{2907AD28-9C38-4014-B1E4-79A93A36C61F}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{CF95C412-5B20-42EA-B1DE-80BC27773112}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{0B78C0A5-C366-4523-B856-376030B03B57}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe
FirewallRules: [{CDFF2BA1-22E6-4A2F-8EB8-4BB8CB7F9644}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
FirewallRules: [{F826BDB2-4D85-4ED4-A7A4-FA1367019B31}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe
FirewallRules: [{1CED0610-C6AB-4CF2-A8DB-6EF66FC54C4F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DC8B11B0-E2B0-4884-BDD8-A945982E448A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{21D8CCDB-0FDE-4FE1-A831-57CEB179F051}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{13FBB834-E7C7-4C9B-B8B0-B0497590723F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{3C1062C6-FF05-4E71-9ADC-3CE378AD770B}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\21\stats.com
FirewallRules: [{1F888926-BC8D-4301-BDE6-FEA7B42A5B18}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\21\WinWrapIDE.exe
FirewallRules: [{DE1F7C9E-24D5-4D3F-85F9-2B9C19AE6C34}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\21\stats.exe
FirewallRules: [{C1A64706-146E-47CB-84D1-B3BEA1F81AD4}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\21\stats.com
FirewallRules: [{10CF9880-1926-4AD2-9F0B-42D3CF0D14E0}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\21\WinWrapIDE.exe
FirewallRules: [{E2AE439A-AF74-467D-A940-DBC780D290E6}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\21\stats.exe
FirewallRules: [TCP Query User{37D73434-1781-4B67-A5A5-7ED74C3D7BF3}C:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe] => (Block) C:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe
FirewallRules: [UDP Query User{77A5B468-1A08-4D04-96D5-C15A70FE458C}C:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe] => (Block) C:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe
FirewallRules: [{B158B0F9-359E-49B9-8CAB-281D2AA49E28}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E44FD9F2-B490-42B5-997C-90778B894DD8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7C6AC574-51F9-4BEA-802C-3D563D50A8DD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2F9019FD-7EAD-4204-8D42-C2104BA2BEB8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5934C2AE-9EFF-4B37-9E18-C1DE43AE87D5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{DC1BAA46-7404-4877-9602-7BCCE972C354}C:\program files (x86)\free download manager\fdm.exe] => (Allow) C:\program files (x86)\free download manager\fdm.exe
FirewallRules: [UDP Query User{FDBF3235-E287-40AF-A46A-EEE729D4D738}C:\program files (x86)\free download manager\fdm.exe] => (Allow) C:\program files (x86)\free download manager\fdm.exe
FirewallRules: [{EC6580CF-4356-44AF-8F44-E8CFAFB3F7BF}] => (Allow) C:\MS Office\Office14\GROOVE.EXE
FirewallRules: [{D7B99E07-E678-4ACD-A080-0D2CBE89683E}] => (Allow) C:\MS Office\Office14\GROOVE.EXE
FirewallRules: [{E2C371F6-0FE7-4B1B-A7E7-D7A48C9EF4DC}] => (Allow) C:\MS Office\Office14\ONENOTE.EXE
FirewallRules: [{4465FEFE-0503-4212-9672-9F564C5188E2}] => (Allow) C:\MS Office\Office14\ONENOTE.EXE
FirewallRules: [{8B28194E-4709-45FE-A3AB-80EA49D57FE0}] => (Allow) C:\MS Office\Office14\outlook.exe
FirewallRules: [TCP Query User{8D375253-646C-4486-903C-CC9F5361E68A}C:\program files (x86)\zoiper\zoiper.exe] => (Allow) C:\program files (x86)\zoiper\zoiper.exe
FirewallRules: [UDP Query User{C85F612E-22DF-4FA3-9E05-C4299CC22921}C:\program files (x86)\zoiper\zoiper.exe] => (Allow) C:\program files (x86)\zoiper\zoiper.exe
FirewallRules: [{8A082332-C8FA-4FC8-B825-6BC7013FD5C7}] => (Allow) C:\program files (x86)\zoiper\zoiper.exe
FirewallRules: [{BF6A31F7-B68F-4830-81A9-336987E04A6E}] => (Allow) C:\program files (x86)\zoiper\zoiper.exe
FirewallRules: [{410E2ABD-9645-44D4-9C53-43C14CCAE903}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3B5EFD74-7430-4846-82E3-28A939FDD673}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3AF02505-3738-4702-9847-05695B07887B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F7B07F1C-DC42-4A32-AC51-6A98FF555189}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E43923AD-A2E2-457B-B0F1-FDD7F611164D}] => (Allow) C:\Program Files\NetDrive\nd2svc.exe
FirewallRules: [{CD6C1497-2AB0-4311-8B6E-C173BB9C450E}] => (Allow) C:\Program Files\NetDrive\nd2svc.exe
FirewallRules: [{CAE65509-114C-4555-AE68-105AF8502B56}] => (Allow) C:\Program Files\NetDrive\NetDrive2.exe
FirewallRules: [{A1043754-F8E0-46B9-B0BD-9BB629B5ABBA}] => (Allow) C:\Program Files\NetDrive\NetDrive2.exe
FirewallRules: [{0678C01B-8267-4BCE-A1ED-B18F48848C0B}] => (Allow) C:\Program Files\NetDrive\nd2cmd.exe
FirewallRules: [{633B4B81-62AF-432E-8A43-4C69A470AB4D}] => (Allow) C:\Program Files\NetDrive\nd2cmd.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/15/2015 03:43:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/15/2015 03:39:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (06/15/2015 03:42:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AMD FUEL Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (06/15/2015 03:42:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst AMD FUEL Service erreicht.

Error: (06/15/2015 08:15:11 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ePower Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/15/2015 08:15:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/15/2015 08:15:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/15/2015 08:15:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Dritek RF Button Command Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 3000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/15/2015 08:15:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NTI IScheduleSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/15/2015 08:15:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NetDrive2_Service_NetDrive2" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/15/2015 08:15:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Mobile Broadband HL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/15/2015 08:15:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Machine Debug Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================
Error: (06/15/2015 03:43:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

Error: (06/15/2015 03:39:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe


CodeIntegrity Errors:
===================================
  Date: 2015-06-15 16:40:11.456
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-15 08:24:23.851
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-15 07:55:38.819
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-15 03:24:49.793
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-11 10:19:01.302
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-09 12:09:24.682
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-09 09:08:56.983
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-09 09:08:56.630
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-09 09:08:55.586
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-09 09:08:55.242
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: AMD A8-4555M APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 20%
Total physical RAM: 5578.27 MB
Available physical RAM: 4409.32 MB
Total Pagefile: 6474.27 MB
Available Pagefile: 5005.31 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: (ENTERPRISE) (Fixed) (Total:681.89 GB) (Free:265.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: CC577C9F)

Partition: GPT Partition Type.

==================== End of log ============================
         
--- --- ---

--- --- ---


Wurde alles ohne Fehlermeldungen unter Adminrechten ausgeführt.

Ist die Malware erkennbar?

Danke Dir!
__________________

Geändert von Picard (15.06.2015 um 16:23 Uhr)

Alt 15.06.2015, 17:32   #4
Warlord711
/// TB-Ausbilder
 
Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL - Standard

Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL



Hast du zufälligerweise die "sonderbare" URL notiert ?


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Starte noch einmal FRST.
  • Setze zusätzlich den Haken bei shortcut.txt und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt und shortcut.txt[/COLOR] erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 15.06.2015, 19:31   #5
Picard
 
Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL - Standard

Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL



Hi Timo,

die "sonderbare URL" lautet:

h t t p : / / w w w . m s n . c o m / d e - d e / ? o c i d = w i s p r

Die eigentliche URL von MSN Deutschland lautet lt. Google:

h t t p : / / w w w . m s n . c o m / d e - d e

Ich weiß nicht, ob der Anhang "/?ocid=wispr" ein Indiz für Maleware ist. M.E. ist der beständige Autostart von FF ein Indiz dafür, weil FF m.W. keine integrierte Autostartfunktion besitzt und ich diese nicht eingegeben habe. Im Autostartmenü ist auch kein FF hinterlegt. Unter msconfig auch nicht.

Nachdem ich AdwCleaner ausgeführt habe unten das entsprechende Logfile. Bleibt noch zu bemerken, dass nach dem Neustart (nach Ausführung von AdwCleaner) FF auch wieder mit o.g. URL automatisch bei Windowsstart startete. Was mir auch auffällt, ist, dass die Symbole der Desktopicons zwei mal geladen werden. Also sie sind ganz normal nach dem Start da, dann werden noch einige Systrayprogramme geladen und die Icons werden kurz weiß und kommen dann wieder. Irgendwie ist der ganze Startprozess von Windows etwas hakelig und dann geht noch FF mit MSN DE automatisch auf obwohl eigentlich Google.de die definierte Startseite ist. Von meiner früheren Erfahrung mit Malware habe ich in Erinnerung, dass auch hier der Startprozess von Windows genauso hakelig war und das Desktop ebenso zweimal geladen wurde, wie beschrieben - in meiner Laiensprache formuliert. Jedenfalls kommt es mir so vor.

Hier das AdwCleaner-Log:

Code:
ATTFilter
# AdwCleaner v4.206 - Bericht erstellt 15/06/2015 um 18:48:00
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-14.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Picard - ENTERPRISE
# Gestarted von : C:\Users\Picard\Desktop\AdwCleaner_4.206.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 de)


*************************

AdwCleaner[R0].txt - [974 Bytes] - [08/06/2015 23:25:49]
AdwCleaner[R1].txt - [895 Bytes] - [09/06/2015 10:03:08]
AdwCleaner[R2].txt - [1091 Bytes] - [14/06/2015 16:57:37]
AdwCleaner[R3].txt - [1130 Bytes] - [14/06/2015 21:25:03]
AdwCleaner[R4].txt - [1248 Bytes] - [15/06/2015 18:45:35]
AdwCleaner[S0].txt - [986 Bytes] - [08/06/2015 23:28:44]
AdwCleaner[S1].txt - [953 Bytes] - [09/06/2015 10:05:04]
AdwCleaner[S2].txt - [1104 Bytes] - [14/06/2015 17:02:33]
AdwCleaner[S3].txt - [1190 Bytes] - [14/06/2015 21:26:30]
AdwCleaner[S4].txt - [1169 Bytes] - [15/06/2015 18:48:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1228  Bytes] ##########
         
Ich mache noch mit den übrigen Schritten weiter und poste dann wieder, wenn ich alles beisammen habe. Malwarebytes ist installiert. Muss ich das deinstallieren und unter de neuen Pfad re-installieren??

Danke soweit! Leider besteht der Fehler, wie gesagt, immer noch.

Hier der Inhalt der JRT.txt:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.7 (06.15.2015:1)
OS: Windows 8.1 x64
Ran by Picard on 15.06.2015 at 19:11:47,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.06.2015 at 19:15:13,52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Bin mir ziemlich sicher, dass ich MBAM damals unter dem vorgegebenen Pfad installiert habe? Wie lautet dieser denn üblicherweise? Dann kann ich das ggf. prüfen. Starte jetzte jedenfalls mal den Suchlauf. Bisherige Scans sind ja leider ernüchternd.

Selbst, wenn die MSN-URL stimmt, dürfte sich FF nicht automatisch bei jedem Start öffnen bzw. müsste sich mit Google.de öffnen, das habe ich inzwischen mehrfach in den Einstellungen überprüft. Auch mittels "about:config" in der Adressleiste von FF.

Hier das MBAM-Log:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 15.06.2015
Suchlauf-Zeit: 19:28:40
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.15.04
Rootkit Datenbank: v2015.06.15.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Picard

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 394748
Verstrichene Zeit: 36 Min, 8 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
...und schließlich die FRST-Logs:

1. FRST-Log

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Picard (administrator) on ENTERPRISE on 15-06-2015 20:16:56
Running from C:\Users\Picard\Desktop
Loaded Profiles: Picard (Available Profiles: Picard)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [903384 2013-07-24] (Conexant Systems, Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [478984 2012-12-15] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM-x32\...\Run: [BCSSync] => C:\MS Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Jabra Direct] => C:\Program Files (x86)\Jabra\Direct\JabraDirect.exe [918016 2015-03-17] (GN Netcom A/S)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Atheros Communications)
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [429792 2013-04-11] (AppEx Networks Corporation)
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Run: [f.lux] => C:\Users\Picard\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-15] (SUPERAntiSpyware)
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\MountPoints2: {cda14533-ddda-11e4-be8e-689423c584e4} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\MountPoints2: {cda1453a-ddda-11e4-be8e-689423c584e4} - "E:\AutoRun.exe" 
SSODL: EldosMountNotificator-cbfs5 - {7A35CB49-0B54-4454-8B23-20588639589D} - C:\WINDOWS\system32\cbfsMntNtf5.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs5 - {7A35CB49-0B54-4454-8B23-20588639589D} - C:\WINDOWS\SysWOW64\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs5] -> {A36E313B-FFD9-44BD-9C0F-4F2ED9A8AE3F} => C:\WINDOWS\system32\cbfsMntNtf5.dll [2015-05-22] (EldoS Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs5] -> {A36E313B-FFD9-44BD-9C0F-4F2ED9A8AE3F} => C:\WINDOWS\SysWOW64\cbfsMntNtf5.dll [2015-05-22] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\MS Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\MS Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\MS Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\MS Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\MS Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.de
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.de
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2305788995-4209846984-3758418705-1001 -> {045ADA50-4597-4A09-9AF5-EE389F7EF7A6} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\MS Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-14] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\MS Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-02-24] (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-14] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - &CAS Info@Click - {69128F97-9C35-4881-9ED4-5A23A97A2E3D} - C:\Program Files (x86)\CAS-PIA\InfoClick\icDeskBar.dll [2014-06-03] (CAS Software AG)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Picard\AppData\Roaming\Mozilla\Firefox\Profiles\lcxsgorf.default-1434301459440
FF DefaultSearchEngine: LEO Eng-Deu
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-18] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-12-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @cas.de/InfoClick -> C:\Program Files (x86)\CAS-PIA\InfoClick\npInfoClick.dll [2014-06-03] (CAS Software AG)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\MSOFFI~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\MSOFFI~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-12-15] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2305788995-4209846984-3758418705-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Extension: Adblock Plus - C:\Users\Picard\AppData\Roaming\Mozilla\Firefox\Profiles\lcxsgorf.default-1434301459440\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-14]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\Program Files (x86)\Free Download Manager\Firefox\Extension
FF Extension: Free Download Manager plugin - C:\Program Files (x86)\Free Download Manager\Firefox\Extension [2015-03-31]
FF HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\ProgramData\Free Download Manager\Firefox\Extensions\1.7.3.1
FF Extension: Free Download Manager plugin - C:\ProgramData\Free Download Manager\Firefox\Extensions\1.7.3.1 [2015-04-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [File not signed]
R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2647256 2014-01-24] (Blue Coat Systems, Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-25] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated)
S2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-06] (ELAN Microelectronics Corp.)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-06-14] (SurfRight B.V.)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 Microsoft SharePoint Workspace Audit Service; C:\MS Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
S2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2013-01-28] ()
S2 NetDrive2_Service_NetDrive2; C:\Program Files\NetDrive\nd2svc.exe [638008 2015-06-05] ()
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-03] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2014-07-26] (Dritek System INC.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
R2 bckd; C:\Windows\System32\drivers\bckd.sys [126168 2014-01-24] (Blue Coat Systems, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 cbfs5; C:\WINDOWS\system32\drivers\cbfs5.sys [422080 2015-05-22] (EldoS Corporation)
S3 JabraDFU; C:\Windows\System32\Drivers\JabraBcDfuX64.sys [39288 2015-03-03] (GN Netcom A/S)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2014-07-26] (Dritek System Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-15 20:12 - 2015-06-15 20:14 - 00001200 ____C C:\Users\Picard\Desktop\mbam.txt
2015-06-15 19:15 - 2015-06-15 19:17 - 00000590 ____C C:\Users\Picard\Desktop\JRT.txt
2015-06-15 18:50 - 2015-06-15 19:02 - 00001300 ____C C:\Users\Picard\Desktop\AdwCleaner[S4].txt
2015-06-15 18:42 - 2015-06-15 18:42 - 21546080 ____C (Malwarebytes Corporation ) C:\Users\Picard\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-15 18:42 - 2015-06-15 18:42 - 02945429 ____C (Thisisu) C:\Users\Picard\Desktop\JRT.exe
2015-06-15 18:42 - 2015-06-15 18:42 - 00191804 ____C C:\Users\Picard\Desktop\Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL - Trojaner-Board.htm
2015-06-15 18:41 - 2015-06-15 18:41 - 02231296 ____C C:\Users\Picard\Desktop\AdwCleaner_4.206.exe
2015-06-15 17:02 - 2015-06-15 17:04 - 00045795 ____C C:\Users\Picard\Desktop\Addition - Kopie.txt
2015-06-15 16:59 - 2015-06-15 17:02 - 00052653 ____C C:\Users\Picard\Desktop\FRST - Kopie.txt
2015-06-15 16:57 - 2015-06-15 16:58 - 00045818 ____C C:\Users\Picard\Desktop\Addition.txt
2015-06-15 16:56 - 2015-06-15 20:16 - 00022249 ____C C:\Users\Picard\Desktop\FRST.txt
2015-06-15 16:52 - 2015-06-15 16:52 - 00063162 ____C C:\Users\Picard\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board.htm
2015-06-15 16:51 - 2015-06-15 16:52 - 00000476 ____C C:\Users\Picard\Desktop\defogger_disable.log
2015-06-15 16:51 - 2015-06-15 16:51 - 00000000 ____C C:\Users\Picard\defogger_reenable
2015-06-15 16:33 - 2015-06-15 16:33 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\SUPERAntiSpyware.com
2015-06-15 16:32 - 2015-06-15 16:33 - 00000000 ___DC C:\Program Files\SUPERAntiSpyware
2015-06-15 16:32 - 2015-06-15 16:32 - 00001828 ____C C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-06-15 16:32 - 2015-06-15 16:32 - 00000000 ___DC C:\ProgramData\SUPERAntiSpyware.com
2015-06-15 16:32 - 2015-06-15 16:32 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-06-15 15:42 - 2015-06-15 18:48 - 00000154 ____C C:\WINDOWS\setupact.log
2015-06-15 15:42 - 2015-06-15 15:42 - 00000000 ____C C:\WINDOWS\setuperr.log
2015-06-15 15:41 - 2015-06-15 15:42 - 05097616 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-15 07:23 - 2015-06-15 07:23 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-15 07:23 - 2015-06-15 07:23 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-15 07:23 - 2015-06-15 07:23 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-15 06:40 - 2015-06-15 19:05 - 00139587 ____C C:\WINDOWS\WindowsUpdate.log
2015-06-14 23:31 - 2015-06-14 23:30 - 00450771 ___RC C:\WINDOWS\system32\Drivers\etc\hosts.20150614-233136.backup
2015-06-14 23:30 - 2013-08-22 15:25 - 00000824 ____C C:\WINDOWS\system32\Drivers\etc\hosts.20150614-233012.backup
2015-06-14 23:25 - 2015-06-14 23:25 - 00000000 ___DC C:\Users\Picard\Documents\ProcAlyzer Dumps
2015-06-14 22:20 - 2015-06-15 06:13 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy
2015-06-14 22:20 - 2015-06-14 22:25 - 00000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-06-14 22:20 - 2015-06-14 22:20 - 00000000 ___DC C:\WINDOWS\System32\Tasks\Safer-Networking
2015-06-14 22:20 - 2013-09-20 10:49 - 00021040 ____C (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2015-06-14 22:02 - 2015-06-15 16:45 - 02109952 ____C (Farbar) C:\Users\Picard\Desktop\FRST64.exe
2015-06-14 22:02 - 2015-06-14 20:38 - 00781312 ___RC C:\Users\Picard\Desktop\delfix_1.010.exe
2015-06-14 22:02 - 2015-06-14 20:38 - 00448512 ___RC (OldTimer Tools) C:\Users\Picard\Desktop\TFC.exe
2015-06-14 22:02 - 2015-06-14 20:38 - 00050477 ___RC C:\Users\Picard\Desktop\Defogger.exe
2015-06-14 22:02 - 2015-06-14 20:28 - 01107968 ___RC C:\Users\Picard\Desktop\RSIT.exe
2015-06-14 22:02 - 2015-06-14 20:28 - 00380416 ___RC C:\Users\Picard\Desktop\Gmer-19357.exe
2015-06-14 22:02 - 2015-06-14 20:27 - 01137360 ___RC (F-Secure Corporation) C:\Users\Picard\Desktop\fsbl.exe
2015-06-14 22:02 - 2015-06-14 19:35 - 52822240 ___RC (Microsoft Corporation) C:\Users\Picard\Desktop\Windows-KB890830-x64-V5.25.exe
2015-06-14 22:02 - 2015-06-14 19:01 - 01988928 ___RC (Kaspersky Lab) C:\Users\Picard\Desktop\kss15.0.0.737en_ru_de_fr_es_it_zh-hans_pl_tr_nl_cs_7691.exe
2015-06-14 22:02 - 2015-06-14 19:00 - 172834064 ___RC (Microsoft Corporation) C:\Users\Picard\Desktop\msert.exe
2015-06-14 22:02 - 2015-06-14 19:00 - 00388608 ___RC (Trend Micro Inc.) C:\Users\Picard\Desktop\HijackThis.exe
2015-06-14 22:02 - 2015-06-14 18:57 - 22171408 ___RC (SUPERAntiSpyware) C:\Users\Picard\Desktop\SUPERAntiSpyware.exe
2015-06-14 21:24 - 2015-06-14 21:23 - 00097888 ____C (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-06-14 21:23 - 2015-06-14 21:23 - 00000000 ___DC C:\Program Files (x86)\Java
2015-06-14 20:46 - 2015-06-14 20:55 - 00000000 ___DC C:\Program Files (x86)\trend micro
2015-06-14 20:46 - 2015-06-14 20:46 - 00000000 ___DC C:\rsit
2015-06-14 20:03 - 2015-06-14 20:03 - 00001098 ____C C:\WINDOWS\system32\.crusader
2015-06-14 20:01 - 2015-06-14 20:01 - 00001982 ____C C:\WINDOWS\system32\start.txt
2015-06-14 15:14 - 1998-04-24 00:00 - 00368912 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbar332.dll
2015-06-14 12:47 - 2015-06-14 19:56 - 00000000 __HDC C:\Drm
2015-06-10 21:52 - 2015-05-27 16:35 - 24917504 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 21:52 - 2015-05-27 16:08 - 19607040 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 21:52 - 2015-05-23 05:15 - 00503808 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 21:52 - 2015-05-23 05:14 - 00341504 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 21:52 - 2015-05-23 05:10 - 02278912 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 21:52 - 2015-05-23 05:05 - 00664064 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 21:52 - 2015-05-23 05:04 - 00620032 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 21:52 - 2015-05-23 04:48 - 00076288 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 21:52 - 2015-05-23 04:47 - 04305920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 21:52 - 2015-05-23 04:47 - 00285696 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 21:52 - 2015-05-23 04:47 - 00128000 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 21:52 - 2015-05-23 04:43 - 00880128 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 21:52 - 2015-05-23 04:38 - 00689152 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 21:52 - 2015-05-23 04:38 - 00327168 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 21:52 - 2015-05-23 04:37 - 02052608 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 21:52 - 2015-05-23 04:28 - 12829696 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 21:52 - 2015-05-23 04:28 - 01042944 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 21:52 - 2015-05-23 04:20 - 01950720 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 21:52 - 2015-05-23 04:16 - 01309696 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 21:52 - 2015-05-23 04:14 - 00710144 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 21:52 - 2015-05-22 21:00 - 02885632 ____C (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 21:52 - 2015-05-22 21:00 - 00584192 ____C (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 21:52 - 2015-05-22 21:00 - 00417792 ____C (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 21:52 - 2015-05-22 20:52 - 06026240 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 21:52 - 2015-05-22 20:48 - 00633856 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 21:52 - 2015-05-22 20:47 - 00816640 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 21:52 - 2015-05-22 20:47 - 00814080 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 21:52 - 2015-05-22 20:24 - 00092160 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 21:52 - 2015-05-22 20:23 - 00145408 ____C (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 21:52 - 2015-05-22 20:21 - 00316928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 21:52 - 2015-05-22 20:15 - 01032704 ____C (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 21:52 - 2015-05-22 20:09 - 00262144 ____C (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 21:52 - 2015-05-22 20:08 - 00374272 ____C (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 21:52 - 2015-05-22 20:06 - 00801280 ____C (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 21:52 - 2015-05-22 20:05 - 02125824 ____C (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 21:52 - 2015-05-22 19:57 - 14404096 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 21:52 - 2015-05-22 19:50 - 02426880 ____C (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 21:52 - 2015-05-22 19:49 - 02865152 ____C (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 21:52 - 2015-05-22 19:38 - 01545728 ____C (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 21:52 - 2015-05-22 19:26 - 00800768 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 21:50 - 2015-05-21 18:47 - 04177920 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-10 21:50 - 2015-04-25 04:34 - 00653824 ____C (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 21:50 - 2015-04-25 04:33 - 00549888 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-08 23:39 - 2015-06-14 14:09 - 00000000 ___DC C:\Program Files\HitmanPro
2015-06-08 23:38 - 2015-06-14 20:03 - 00000000 ___DC C:\ProgramData\HitmanPro
2015-06-08 23:32 - 2015-06-08 23:32 - 00000207 ____C C:\WINDOWS\tweaking.com-regbackup-ENTERPRISE-Windows-8.1-(64-bit).dat
2015-06-08 23:32 - 2015-06-08 23:32 - 00000000 ___DC C:\RegBackup
2015-06-08 23:25 - 2015-06-15 19:07 - 00000000 ___DC C:\AdwCleaner
2015-06-08 23:14 - 2015-06-15 20:17 - 00000000 ___DC C:\FRST
2015-06-08 03:33 - 2015-06-08 03:33 - 00000000 ___DC C:\Program Files (x86)\WinHTTrack
2015-06-06 13:16 - 2015-06-06 13:16 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\UBitMenu
2015-06-06 12:15 - 2015-06-06 12:15 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\NetDrive2
2015-06-06 12:09 - 2015-06-08 22:11 - 00000000 ___DC C:\ProgramData\NetDrive2
2015-06-06 12:09 - 2015-06-06 12:09 - 00000000 ___DC C:\Program Files\NetDrive
2015-06-06 12:09 - 2015-05-22 12:17 - 00123688 ____C (EldoS Corporation) C:\WINDOWS\system32\cbfsNetRdr5.dll
2015-06-06 12:09 - 2015-05-22 12:17 - 00009000 ____C (EldoS Corporation) C:\WINDOWS\system32\elevtmsg.dll
2015-06-06 12:09 - 2015-05-22 12:16 - 00224040 ____C (EldoS Corporation) C:\WINDOWS\SysWOW64\cbfsNetRdr5.dll
2015-06-06 12:09 - 2015-05-22 12:16 - 00186152 ____C (EldoS Corporation) C:\WINDOWS\system32\cbfsMntNtf5.dll
2015-06-06 12:09 - 2015-05-22 12:15 - 00159528 ____C (EldoS Corporation) C:\WINDOWS\SysWOW64\cbfsMntNtf5.dll
2015-06-06 12:09 - 2015-05-22 11:55 - 00422080 ____C (EldoS Corporation) C:\WINDOWS\system32\Drivers\cbfs5.sys
2015-06-05 10:58 - 2015-06-05 10:58 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\iterate_GmbH
2015-06-05 09:46 - 2015-06-05 09:46 - 00000000 _SHDC C:\Users\Picard\wc
2015-06-05 09:46 - 2015-06-05 09:46 - 00000000 _SHDC C:\Users\Picard\AppData\Roaming\wyUpdate AU
2015-06-05 09:46 - 2015-06-05 09:46 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\Cyberduck
2015-06-05 09:27 - 2015-06-14 21:46 - 00000000 ___DC C:\Users\Picard\Documents\Outlook-Dateien
2015-06-05 08:59 - 2015-06-05 08:59 - 00001255 ____C C:\WINDOWS\system32\TeamViewer10_Hooks.log
2015-06-04 08:20 - 2015-05-25 15:23 - 00036864 ____C (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-04 08:20 - 2015-05-25 15:07 - 01430528 ____C (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-04 08:20 - 2015-05-22 15:08 - 00700416 ____C (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-04 08:20 - 2015-05-21 15:08 - 01119232 ____C (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-04 08:20 - 2015-05-21 15:08 - 01020928 ____C (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-04 08:20 - 2015-05-21 15:08 - 00756736 ____C (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-04 08:20 - 2015-05-21 15:08 - 00422912 ____C (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-04 08:20 - 2015-05-21 15:08 - 00193536 ____C (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-04 08:20 - 2015-05-21 15:08 - 00045568 ____C (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-04 08:20 - 2015-05-16 00:01 - 00133288 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-06-04 08:20 - 2015-05-15 23:05 - 00066048 ____C (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-06-04 08:20 - 2015-05-15 22:47 - 00355328 ____C (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-06-04 08:20 - 2015-05-15 22:23 - 00027136 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-06-04 08:20 - 2015-05-15 21:42 - 03682304 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-06-04 08:20 - 2015-05-15 21:32 - 00035840 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-06-04 08:20 - 2015-05-15 21:31 - 00140288 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-06-04 08:20 - 2015-05-15 21:28 - 02223104 ____C (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-06-04 08:20 - 2015-05-15 21:28 - 00408064 ____C (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-06-04 08:20 - 2015-05-15 21:28 - 00095744 ____C (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-06-04 08:20 - 2015-05-15 21:27 - 00891904 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-06-04 08:20 - 2015-05-15 21:21 - 00124928 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-06-04 08:20 - 2015-05-15 21:21 - 00029696 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-06-04 08:20 - 2015-05-15 21:19 - 00721920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-06-04 08:20 - 2015-05-15 21:19 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-06-04 08:20 - 2015-04-17 00:07 - 00227328 ____C (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-04 00:10 - 2015-06-04 08:37 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2015-06-02 10:29 - 2015-06-02 10:29 - 00000000 ___DC C:\Users\Picard\AppData\Local\GWX
2015-05-27 10:38 - 2015-06-05 11:31 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\Zoiper
2015-05-27 10:33 - 2015-05-27 10:33 - 00000000 ___DC C:\Program Files (x86)\Zoiper
2015-05-27 10:18 - 2015-05-27 10:18 - 00000000 ___DC C:\Users\Picard\AppData\Local\GN_Netcom_A_S
2015-05-27 10:15 - 2015-05-27 10:15 - 00000000 ___DC C:\ProgramData\Jabra
2015-05-27 10:05 - 2015-05-27 10:05 - 00000094 ____C C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-05-27 10:05 - 2015-05-27 10:05 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\Jabra
2015-05-27 10:03 - 2015-06-06 12:11 - 00000000 ___DC C:\ProgramData\Package Cache
2015-05-27 10:03 - 2015-05-27 10:03 - 00000000 ___DC C:\Program Files (x86)\Jabra
2015-05-27 09:58 - 2015-06-06 12:04 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\InfoClick
2015-05-27 09:58 - 2015-05-27 09:58 - 00000000 ___DC C:\ProgramData\InfoClick
2015-05-27 09:58 - 2015-05-27 09:58 - 00000000 ___DC C:\Program Files (x86)\CAS-PIA
2015-05-27 09:56 - 2015-05-27 09:58 - 00000000 ___DC C:\Program Files (x86)\CAS-Software
2015-05-27 09:56 - 2015-05-27 09:57 - 00000000 ___DC C:\Users\Picard\AppData\Local\Downloaded Installations
2015-05-27 09:43 - 2015-05-27 09:43 - 00000000 ___DC C:\WINDOWS\PCHEALTH
2015-05-27 09:43 - 2015-05-27 09:43 - 00000000 ___DC C:\Program Files (x86)\Microsoft Synchronization Services
2015-05-27 09:43 - 2015-05-27 09:43 - 00000000 ___DC C:\Program Files (x86)\Microsoft Sync Framework
2015-05-27 09:43 - 2015-05-27 09:43 - 00000000 ___DC C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-05-27 09:43 - 2014-08-14 14:12 - 00517632 ____C (www.ipcom.at) C:\WINDOWS\system32\siptapi.tsp
2015-05-27 09:42 - 2015-05-27 09:42 - 00000000 ___DC C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-05-27 09:40 - 2015-05-27 09:40 - 00000000 ___DC C:\Program Files\Microsoft Office
2015-05-27 09:40 - 2015-05-27 09:40 - 00000000 ___DC C:\Program Files (x86)\Microsoft Analysis Services
2015-05-27 09:39 - 2015-05-27 09:43 - 00000000 ___DC C:\MS Office
2015-05-27 09:39 - 2015-05-27 09:39 - 00000000 _RHDC C:\MSOCache
2015-05-27 08:51 - 2015-05-27 09:03 - 00000000 ___DC C:\Program Files (x86)\Google
2015-05-27 08:51 - 2015-05-27 09:02 - 00000000 ___DC C:\Users\Picard\AppData\Local\Google
2015-05-26 22:07 - 2015-06-05 09:27 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\TeamViewer
2015-05-26 22:07 - 2015-05-20 19:15 - 00035112 ____C (TeamViewer GmbH) C:\WINDOWS\system32\Drivers\teamviewervpn.sys
2015-05-26 22:06 - 2015-06-09 10:39 - 00000000 ___DC C:\Program Files (x86)\TeamViewer
2015-05-26 20:44 - 2015-05-26 20:44 - 00000000 ___DC C:\Program Files\Microsoft Silverlight
2015-05-26 20:44 - 2015-05-26 20:44 - 00000000 ___DC C:\Program Files (x86)\Microsoft Silverlight
2015-05-26 20:43 - 2015-04-09 00:41 - 00158720 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-05-26 20:43 - 2015-04-09 00:07 - 00410336 ____C C:\WINDOWS\system32\ApnDatabase.xml
2015-05-26 20:43 - 2015-04-02 00:42 - 03097600 ____C (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-05-26 20:43 - 2015-04-02 00:30 - 02483712 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-05-26 20:43 - 2015-03-20 05:49 - 00309760 ____C (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-05-26 20:43 - 2015-03-20 05:08 - 00477184 ____C (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-05-26 20:43 - 2015-03-20 04:37 - 00367104 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-05-26 20:43 - 2015-03-20 04:07 - 01091072 ____C (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-05-26 20:43 - 2015-03-02 03:43 - 00222208 ____C (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-05-26 20:43 - 2015-03-02 03:21 - 00207872 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-05-26 20:42 - 2015-04-16 08:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-05-26 20:42 - 2015-04-14 00:37 - 00275968 ____C (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-05-26 20:42 - 2015-04-14 00:34 - 00180224 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-05-26 20:42 - 2015-04-10 02:40 - 01249280 ____C (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-05-26 20:42 - 2015-04-10 02:17 - 01018880 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-05-26 20:42 - 2015-04-01 06:21 - 00337408 ____C (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-05-26 20:42 - 2015-04-01 06:18 - 00468480 ____C (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-05-26 20:42 - 2015-04-01 06:17 - 00248832 ____C (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-05-26 20:42 - 2015-04-01 06:08 - 00774144 ____C (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-05-26 20:42 - 2015-04-01 05:46 - 03633664 ____C (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-05-26 20:42 - 2015-04-01 05:17 - 02551808 ____C (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-05-26 20:42 - 2015-04-01 05:17 - 00903168 ____C (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-05-26 20:42 - 2015-04-01 04:53 - 00391680 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-05-26 20:42 - 2015-04-01 04:53 - 00272896 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-05-26 20:42 - 2015-04-01 04:45 - 02749952 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-05-26 20:42 - 2015-04-01 04:45 - 00699392 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-05-26 20:42 - 2015-04-01 04:14 - 01920000 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-05-26 20:42 - 2015-04-01 04:12 - 00710144 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-15 20:15 - 2015-03-28 21:50 - 00000000 ___DC C:\Users\Picard\AppData\Local\Deployment
2015-06-15 20:00 - 2013-08-22 17:36 - 00000000 ___DC C:\WINDOWS\system32\sru
2015-06-15 19:46 - 2014-07-26 21:55 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2305788995-4209846984-3758418705-1001
2015-06-15 19:36 - 2015-05-01 20:54 - 00000884 ____C C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-15 19:28 - 2015-03-31 17:11 - 00136408 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-15 19:12 - 2014-08-24 13:09 - 02588214 ____C C:\Users\Public\CAFADEBUG.log
2015-06-15 19:08 - 2014-07-26 22:20 - 00000000 ___DC C:\Users\Picard\Documents\Bluetooth Folder
2015-06-15 19:05 - 2014-09-08 12:18 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\ClassicShell
2015-06-15 18:48 - 2013-08-22 16:45 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2015-06-15 16:51 - 2014-08-24 11:19 - 00000000 ___DC C:\Users\Picard
2015-06-15 15:49 - 2014-08-24 12:14 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5DF3FC2E-3DF6-4C72-8F97-0A77B81A3A5B}
2015-06-15 08:04 - 2015-03-31 17:42 - 00000000 ___DC C:\Program Files\Blue Coat K9 Web Protection
2015-06-15 07:57 - 2012-07-26 09:59 - 00000000 ___DC C:\WINDOWS\CbsTemp
2015-06-15 06:37 - 2014-08-24 13:13 - 00000000 ___DC C:\Users\Picard\AppData\Local\CrashDumps
2015-06-15 06:26 - 2015-03-29 10:52 - 00000000 __HDC C:\Shared
2015-06-14 22:22 - 2015-03-31 17:58 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sicherheit
2015-06-14 22:21 - 2015-03-29 20:39 - 00000000 __RDC C:\Quick Launch
2015-06-14 21:24 - 2015-04-03 18:59 - 00000000 ___DC C:\ProgramData\Oracle
2015-06-14 17:52 - 2015-03-29 07:48 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System
2015-06-14 16:53 - 2015-03-31 16:16 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\Free Download Manager
2015-06-14 16:50 - 2015-04-01 17:37 - 00000000 _SHDC C:\Users\Picard\AppData\Local\EmieBrowserModeList
2015-06-14 16:50 - 2014-08-24 12:14 - 00000000 _SHDC C:\Users\Picard\AppData\Local\EmieUserList
2015-06-14 16:50 - 2014-08-24 12:14 - 00000000 _SHDC C:\Users\Picard\AppData\Local\EmieSiteList
2015-06-14 16:27 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-14 16:16 - 2013-08-22 17:36 - 00000000 ___DC C:\WINDOWS\AppReadiness
2015-06-14 15:12 - 2015-03-31 17:13 - 00000000 ___DC C:\Users\Picard\Documents\Calibre-Bibliothek
2015-06-14 14:26 - 2014-03-18 12:03 - 01776918 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-14 14:26 - 2014-03-18 11:25 - 00765582 ____C C:\WINDOWS\system32\perfh007.dat
2015-06-14 14:26 - 2014-03-18 11:25 - 00159366 ____C C:\WINDOWS\system32\perfc007.dat
2015-06-11 11:15 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-11 09:16 - 2013-08-22 17:36 - 00000000 ___DC C:\WINDOWS\PolicyDefinitions
2015-06-10 22:26 - 2015-03-29 11:38 - 00000000 ___DC C:\ProgramData\Microsoft Help
2015-06-10 22:22 - 2014-08-22 17:42 - 00000000 ___DC C:\WINDOWS\system32\MRT
2015-06-10 22:15 - 2014-08-22 17:42 - 140135120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-10 22:12 - 2012-07-26 07:26 - 00000199 ____C C:\WINDOWS\win.ini
2015-06-09 21:28 - 2015-03-29 11:38 - 00000000 ___DC C:\Users\Picard\AppData\Local\Microsoft Help
2015-06-09 14:47 - 2014-03-18 11:40 - 00000000 ___DC C:\Program Files\Windows Journal
2015-06-08 22:59 - 2015-03-31 17:09 - 00000000 ___DC C:\Program Files\CCleaner
2015-06-08 22:59 - 2015-03-29 07:47 - 00000000 __RDC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet
2015-06-06 12:15 - 2014-07-26 21:48 - 00000000 ___DC C:\Users\Picard\AppData\Local\VirtualStore
2015-06-05 12:10 - 2015-03-28 17:38 - 00000000 __RDC C:\Program Files (x86)\Skype
2015-06-05 11:16 - 2015-03-29 07:54 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro
2015-06-05 09:59 - 2013-08-22 17:36 - 00000000 ___DC C:\WINDOWS\system32\NDF
2015-06-05 08:52 - 2015-04-09 02:45 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\vlc
2015-06-04 08:37 - 2014-09-08 09:00 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-04 08:35 - 2015-04-08 12:32 - 00000000 ___DC C:\WINDOWS\system32\appraiser
2015-06-04 08:35 - 2015-03-28 19:42 - 00000000 __SDC C:\WINDOWS\system32\CompatTel
2015-06-03 18:18 - 2015-03-28 19:58 - 00792568 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-03 18:18 - 2015-03-28 19:58 - 00178168 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-27 13:12 - 2014-09-08 10:51 - 00000000 ___DC C:\Program Files (x86)\Microsoft Office
2015-05-27 09:41 - 2013-08-22 17:36 - 00000000 ___DC C:\Program Files\Common Files\microsoft shared
2015-05-27 09:40 - 2014-03-18 11:40 - 00000000 ___DC C:\WINDOWS\ShellNew
2015-05-27 09:06 - 2015-03-31 12:12 - 00000000 ___DC C:\Program Files (x86)\WinZip
2015-05-27 04:26 - 2015-03-31 17:10 - 00000000 ___DC C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-26 20:51 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-05-26 20:21 - 2015-03-29 20:54 - 00000000 ___DC C:\Users\Picard\AppData\Local\clear.fi
2015-05-26 20:21 - 2013-03-12 18:59 - 00000000 ___DC C:\Program Files (x86)\Acer
2015-05-26 20:11 - 2014-08-24 11:32 - 00000000 ___DC C:\Program Files (x86)\MSBuild
2015-05-22 05:54 - 2015-03-28 21:11 - 00003108 ____C C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2305788995-4209846984-3758418705-1001
2015-05-22 05:54 - 2015-03-28 21:11 - 00000000 __RDC C:\Users\Picard\OneDrive
2015-05-20 21:51 - 2015-03-28 19:44 - 00000000 __SDC C:\WINDOWS\SysWOW64\GWX
2015-05-20 21:51 - 2015-03-28 19:44 - 00000000 __SDC C:\WINDOWS\system32\GWX
2015-05-18 07:15 - 2015-05-01 20:54 - 00003772 ____C C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-05-18 07:15 - 2015-03-28 20:37 - 00000000 ___DC C:\Users\Picard\AppData\Local\Adobe
2015-05-16 23:50 - 2015-04-11 19:05 - 00000000 ___DC C:\Users\Picard\Documents\My Kindle Content

==================== Files in the root of some directories =======

2014-07-26 20:45 - 2014-07-26 20:45 - 0000000 ___HC () C:\ProgramData\DP45977C.lfl
2015-05-27 10:05 - 2015-05-27 10:05 - 0000094 ____C () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\Picard\AppData\Local\Temp\k9-webprotection-4.4.276.exe


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\clauth1.dll
C:\Windows\SysWOW64\clauth2.dll
C:\Windows\SysWOW64\nsprs.dll
C:\Windows\SysWOW64\serauth1.dll
C:\Windows\SysWOW64\serauth2.dll
C:\Windows\SysWOW64\ssprs.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-15 19:47

==================== End of log ============================
         


Geändert von Picard (15.06.2015 um 19:30 Uhr)

Alt 15.06.2015, 19:32   #6
Picard
 
Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL - Standard

Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL



2. Addition

[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Picard at 2015-06-15 20:18:06
Running from C:\Users\Picard\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2305788995-4209846984-3758418705-500 - Administrator - Disabled)
Picard (S-1-5-21-2305788995-4209846984-3758418705-1001 - Administrator - Enabled) => C:\Users\Picard
Gast (S-1-5-21-2305788995-4209846984-3758418705-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3011 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3012 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3125 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3204 - Acer Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 20.2.42.43579 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 20.2.42.43579 - Alcor Micro Corp.) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon Kindle (HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Amazon Kindle) (Version:  - Amazon)
AMD Catalyst Install Manager (HKLM\...\{1B906F85-EA56-5379-F10B-1BA6530240DC}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.5 - Atheros Communications Inc.)
Avaya IP Integration (x32 Version: 1.0.9987.0 - GN Netcom A/S) Hidden
Avaya one-X Integration (x32 Version: 1.0.10041.0 - GN Netcom A/S) Hidden
Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden
Basic Support (x32 Version: 1.0.9944.0 - GN Netcom A/S) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BIZ 2300 Family (x32 Version: 1.0.9881.0 - GN Netcom A/S) Hidden
BIZ 2400 II (x32 Version: 1.0.9855.0 - GN Netcom A/S) Hidden
BIZ2400_II_CCSetup (x32 Version: 1.0.9722.0 - GN Netcom A/S) Hidden
BIZ2400_LINK280 (x32 Version: 1.0.9672.0 - GN Netcom A/S) Hidden
Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.4.276 - Blue Coat Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadsoft Integration (x32 Version: 1.0.9989.0 - GN Netcom A/S) Hidden
calibre 64bit (HKLM\...\{39CE621D-C455-4054-8824-712AAAE0C60C}) (Version: 2.22.0 - Kovid Goyal)
CallManager (x32 Version: 1.0.9717.0 - GN) Hidden
CAS Info@Click (HKLM-x32\...\InfoClick) (Version: 3.0 - CAS Software AG)
CAS PIA Add-Ins (HKLM-x32\...\{370D68EE-D2B7-42D8-A368-A85A300CDF25}) (Version: 5.0 - CAS Software AG)
CAS Smart Add-on (HKLM-x32\...\{BE3AAA51-EAF6-4BD7-B458-9A3D7306075C}) (Version: 1.0.2 - CAS Software AG)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Cisco IP Communicator Integration (x32 Version: 1.0.9990.0 - GN Netcom A/S) Hidden
Cisco Jabber Integration (x32 Version: 1.0.10028.0 - GN Netcom A/S) Hidden
Cisco UC Integration (x32 Version: 1.0.9992.0 - GN Netcom A/S) Hidden
Cisco WebEx Connect Integration (x32 Version: 1.0.9993.0 - GN Netcom A/S) Hidden
Cisco WebEx Connect Integration (x32 Version: 1.0.9994.0 - GN Netcom A/S) Hidden
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3112 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3109 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.2128 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2112 - CyberLink Corp.) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.4.51 - Conexant)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
DFUDriverSetupX64Setup (x32 Version: 1.0.10046.0 - GN Netcom A/S) Hidden
DIAL 550 (x32 Version: 1.0.9655.0 - GN Netcom A/S) Hidden
Djvu2Pdf (HKLM\...\Djvu2Pdf) (Version:  - )
ETDWare PS/2-X64 11.6.27.201_WHQL (HKLM\...\Elantech) (Version: 11.6.27.201 - ELAN Microelectronic Corp.)
EVOLVE20_LINKSetup (x32 Version: 1.0.9882.0 - GN Netcom A/S) Hidden
EVOLVE65Setup (x32 Version: 1.0.9673.0 - GN Netcom A/S) Hidden
f.lux (HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Flux) (Version:  - )
FirmwareUpdater (x32 Version: 1.0.10046.0 - GN) Hidden
Free Download Manager 3.9.4 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
FreeFileSync 6.5 (HKLM-x32\...\FreeFileSync) (Version: 6.5 - Zenju)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
GN2000 Family (x32 Version: 1.0.9657.0 - GN Netcom A/S) Hidden
GO 6470 (x32 Version: 1.0.9674.0 - GN Netcom A/S) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
HANDSET450Setup (x32 Version: 1.0.9659.0 - GN Netcom A/S) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.241 - SurfRight B.V.)
IBM Sametime Integration (x32 Version: 1.0.10059.0 - GN Netcom A/S) Hidden
IBM SPSS Amos 20 (HKLM-x32\...\{58C50F5A-B7E2-4149-8911-B14CEC825F57}) (Version: 20.0.0 - IBM Corp)
IBM SPSS Statistics 21 (HKLM-x32\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Jabra Direct (HKLM-x32\...\{027afb1d-95e4-46ac-94ae-c126fd8c613c}) (Version: 3.0.10078.0 - GN Netcom A/S)
JabraDirect (x32 Version: 3.0.10078.0 - GN Netcom A/S) Hidden
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
JpcsSdkDeviceService (x32 Version: 1.0.9811.0 - GN Netcom A/S) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)
LINK 265 (x32 Version: 1.0.9879.0 - GN Netcom A/S) Hidden
LINK 30/32/33/41 Setup (x32 Version: 1.0.9732.0 - GN Netcom A/S) Hidden
LINK 360 (x32 Version: 1.0.9948.0 - GN Netcom A/S) Hidden
LINK180aSetup (x32 Version: 1.0.9660.0 - GN Netcom A/S) Hidden
LINK220_220ASetup (x32 Version: 1.0.9675.0 - GN Netcom A/S) Hidden
LINK230_260Setup (x32 Version: 1.0.9880.0 - GN Netcom A/S) Hidden
LINK350Setup (x32 Version: 1.0.9676.0 - GN Netcom A/S) Hidden
LINK850Setup (x32 Version: 1.0.9666.0 - GN Netcom A/S) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Acer Incorporated)
Lync Integration (x32 Version: 1.0.9995.0 - GN Netcom A/S) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Maintenance (x32 Version: 10.0.0.0 - GN Netcom A/S) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office 2010 Primary Interop Assemblies (HKLM-x32\...\{90140000-1146-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1150 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.20.00.03 - Huawei Technologies Co.,Ltd)
Motion (x32 Version: 1.0.9681.0 - GN Netcom A/S) Hidden
MOTIONOFFICE (x32 Version: 1.0.9677.0 - GN Netcom A/S) Hidden
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
NEC SP 350 Integration (x32 Version: 1.0.9996.0 - GN Netcom A/S) Hidden
NetDrive2 (HKLM-x32\...\NetDrive2) (Version: 2.5.0.0 - Bdrive Inc.)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9014 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9014 - NTI Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{276FD4A2-030F-8A24-7DFE-9B1384131BCD}) (Version: 1.00.0000 - Ihr Firmenname)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3202 - Acer)
Opera Mail 1.0 (HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Opera 1.0.1040) (Version: 1.0.1040 - Opera Software ASA)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Pdf995 (HKLM-x32\...\Pdf995) (Version: 15.1s - )
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.312.1 - Tracker Software Products Ltd)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PRO 920 and 930 (x32 Version: 1.0.9734.0 - GN Netcom A/S) Hidden
PRO 94X0 Family (x32 Version: 1.0.9668.0 - GN Netcom A/S) Hidden
PRO925_935Setup (x32 Version: 1.0.9678.0 - GN Netcom A/S) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
SDK Integration (x32 Version: 1.0.8564.0 - GN Netcom A/S) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shoretel Integration (x32 Version: 1.0.10047.0 - GN Netcom A/S) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype Integration (x32 Version: 1.0.9999.0 - GN Netcom A/S) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SPEAK 510 Family (x32 Version: 1.0.9679.0 - GN Netcom A/S) Hidden
SPEAK410Setup (x32 Version: 1.0.9636.0 - GN Netcom A/S) Hidden
SPEAK450Setup (x32 Version: 1.0.9637.0 - GN Netcom A/S) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
STEALTH Setup (x32 Version: 1.0.9952.0 - GN Netcom A/S) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)
Supreme (x32 Version: 1.0.9680.0 - GN Netcom A/S) Hidden
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43174 - TeamViewer)
TreeSize Free V3.3.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software)
UBitMenuDE (HKLM-x32\...\{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1) (Version: 01.04 - UBit Schweiz AG)
UC VOICE A Family (x32 Version: 1.0.9669.0 - GN Netcom A/S) Hidden
UC Voice Family (x32 Version: 1.0.9670.0 - GN Netcom A/S) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
Winamp (nur entfernen) (HKLM-x32\...\Winamp) (Version:  - )
WinHTTrack Website Copier 3.48-21 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.48.21 - HTTrack)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinWget version 0.20 beta (HKLM-x32\...\WinWget_is1) (Version: 0.20 - WinWget Team)
WinZip (HKLM-x32\...\WinZip) (Version:  8.1  (4331) - WinZip Computing, Inc.)
Zoiper (HKLM-x32\...\Zoiper) (Version: 3.60 - Securax LTD)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2305788995-4209846984-3758418705-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Picard\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

14-06-2015 20:02:28 Prüfpunkt von HitmanPro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2015-06-14 23:31 - 00450771 ___RC C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {13C16FCC-A0F9-4D65-A4BE-70FAFDE7C858} - \CreateChoiceProcessTask No Task File <==== ATTENTION
Task: {2114BBA4-AD52-43D3-9AC2-C5978DA9C9F9} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-10-23] (Acer Incorporated)
Task: {2C1E71A3-6AB7-4BB8-8E48-DCA2ECCAD2F7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-18] (Adobe Systems Incorporated)
Task: {332B73F0-13F2-4FD3-8CD8-027284E21F63} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {3CE8EB79-3AC9-4B7C-B3DB-0BDB3278EE02} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-23] ()
Task: {3F0DF8EB-0D03-4CEE-8B2B-8DBA7520BA3B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {4700B987-B11B-4187-9952-32E5A7056B14} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-11-06] ()
Task: {515503D6-640E-47F9-8A3A-0E7E7CE2C6EF} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {557E66B3-3894-407D-BBB1-5041E3616645} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {5988A580-7FE2-4C4C-910C-DB38D88536C8} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {635F0967-47B2-4EC0-8ABE-787122F9BFEB} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {6445E2BB-DCC0-4518-83D9-4CE6FE74F1AB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {8C87D317-26B4-4675-A93B-ECF9F179F30A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {9B21F4D0-BF6C-4FBD-988E-F961C71B255C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {A9D50077-EC97-450F-B62B-153EE4528F04} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {AD6F4FB2-9B72-47EF-8C55-846A824909D7} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {AF83580F-0ADE-4F0F-9AAB-BCABC0D67426} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {D49D2B68-5781-41E4-B6BB-E4E0513B49C4} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-23] ()
Task: {E2DDB078-9CF7-4079-83E4-EB8E57F9E819} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2305788995-4209846984-3758418705-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {E91D4F9F-838E-4B2F-A7F8-D36C003201A1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {E9491759-7664-4A24-A3A6-0B4446B8F165} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-20] (CyberLink)
Task: {ED63E010-0997-4013-8116-2D1226804981} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 ____C () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-06-22 03:12 - 2012-06-22 03:12 - 01407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2015-03-29 11:26 - 2008-06-20 00:41 - 00062464 ____C () C:\Program Files (x86)\WinRAR\rarext64.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-31 15:18 - 2014-03-05 11:18 - 00040448 ____C () C:\WINDOWS\System32\pdf995mon64.dll
2015-03-31 15:01 - 2012-06-21 07:25 - 00113152 ____C () C:\WINDOWS\System32\redmon64.dll
2015-05-26 22:12 - 2015-05-20 19:15 - 00020240 ____C () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2015-06-14 22:20 - 2014-05-13 12:04 - 00109400 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-06-14 22:20 - 2014-05-13 12:04 - 00167768 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-06-14 22:20 - 2014-05-13 12:04 - 00416600 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-06-14 22:20 - 2012-08-23 10:38 - 00574840 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-06-14 22:20 - 2012-04-03 17:06 - 00565640 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\Control Panel\Desktop\\Wallpaper -> C:\Shared\Anwendungen\Wallpapers\Kleines_Schiff.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "Jabra Direct"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{11329D15-BCA5-4C91-AA6D-0A6FB8085916}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{6455D0A8-DC99-4775-BC4E-EA699611F8F4}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{DC869994-02D5-49B5-9A26-46E7D5F713D5}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{01AD020D-3E4E-4A14-9154-E990358F8130}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{2D7C30A0-A7A5-408F-B7F4-8DBA9C2709A6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{D833FC70-D583-4138-AECF-1EE924098ED3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{CFBC7B5D-DAEC-448E-8A63-6541C67C6811}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{B0DB795B-2846-48AA-BACF-BCADDB1DF052}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{A6A64E2B-3E6E-450A-9F69-168559B97464}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{BD85B436-C120-42E1-8A68-E34BF682CAAA}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{0D740EA6-013F-430B-A2A6-29A9E0B3F9E4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{A0F69C6F-08B3-4CF7-AC10-A430CF10A528}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{C8F31CA8-9EE8-4491-9747-47A512ABA240}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{2907AD28-9C38-4014-B1E4-79A93A36C61F}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{CF95C412-5B20-42EA-B1DE-80BC27773112}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{0B78C0A5-C366-4523-B856-376030B03B57}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe
FirewallRules: [{CDFF2BA1-22E6-4A2F-8EB8-4BB8CB7F9644}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
FirewallRules: [{F826BDB2-4D85-4ED4-A7A4-FA1367019B31}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe
FirewallRules: [{1CED0610-C6AB-4CF2-A8DB-6EF66FC54C4F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DC8B11B0-E2B0-4884-BDD8-A945982E448A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{21D8CCDB-0FDE-4FE1-A831-57CEB179F051}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{13FBB834-E7C7-4C9B-B8B0-B0497590723F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{3C1062C6-FF05-4E71-9ADC-3CE378AD770B}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\21\stats.com
FirewallRules: [{1F888926-BC8D-4301-BDE6-FEA7B42A5B18}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\21\WinWrapIDE.exe
FirewallRules: [{DE1F7C9E-24D5-4D3F-85F9-2B9C19AE6C34}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\21\stats.exe
FirewallRules: [{C1A64706-146E-47CB-84D1-B3BEA1F81AD4}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\21\stats.com
FirewallRules: [{10CF9880-1926-4AD2-9F0B-42D3CF0D14E0}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\21\WinWrapIDE.exe
FirewallRules: [{E2AE439A-AF74-467D-A940-DBC780D290E6}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\21\stats.exe
FirewallRules: [TCP Query User{37D73434-1781-4B67-A5A5-7ED74C3D7BF3}C:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe] => (Block) C:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe
FirewallRules: [UDP Query User{77A5B468-1A08-4D04-96D5-C15A70FE458C}C:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe] => (Block) C:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe
FirewallRules: [{B158B0F9-359E-49B9-8CAB-281D2AA49E28}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E44FD9F2-B490-42B5-997C-90778B894DD8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7C6AC574-51F9-4BEA-802C-3D563D50A8DD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2F9019FD-7EAD-4204-8D42-C2104BA2BEB8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5934C2AE-9EFF-4B37-9E18-C1DE43AE87D5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{DC1BAA46-7404-4877-9602-7BCCE972C354}C:\program files (x86)\free download manager\fdm.exe] => (Allow) C:\program files (x86)\free download manager\fdm.exe
FirewallRules: [UDP Query User{FDBF3235-E287-40AF-A46A-EEE729D4D738}C:\program files (x86)\free download manager\fdm.exe] => (Allow) C:\program files (x86)\free download manager\fdm.exe
FirewallRules: [{EC6580CF-4356-44AF-8F44-E8CFAFB3F7BF}] => (Allow) C:\MS Office\Office14\GROOVE.EXE
FirewallRules: [{D7B99E07-E678-4ACD-A080-0D2CBE89683E}] => (Allow) C:\MS Office\Office14\GROOVE.EXE
FirewallRules: [{E2C371F6-0FE7-4B1B-A7E7-D7A48C9EF4DC}] => (Allow) C:\MS Office\Office14\ONENOTE.EXE
FirewallRules: [{4465FEFE-0503-4212-9672-9F564C5188E2}] => (Allow) C:\MS Office\Office14\ONENOTE.EXE
FirewallRules: [{8B28194E-4709-45FE-A3AB-80EA49D57FE0}] => (Allow) C:\MS Office\Office14\outlook.exe
FirewallRules: [TCP Query User{8D375253-646C-4486-903C-CC9F5361E68A}C:\program files (x86)\zoiper\zoiper.exe] => (Allow) C:\program files (x86)\zoiper\zoiper.exe
FirewallRules: [UDP Query User{C85F612E-22DF-4FA3-9E05-C4299CC22921}C:\program files (x86)\zoiper\zoiper.exe] => (Allow) C:\program files (x86)\zoiper\zoiper.exe
FirewallRules: [{8A082332-C8FA-4FC8-B825-6BC7013FD5C7}] => (Allow) C:\program files (x86)\zoiper\zoiper.exe
FirewallRules: [{BF6A31F7-B68F-4830-81A9-336987E04A6E}] => (Allow) C:\program files (x86)\zoiper\zoiper.exe
FirewallRules: [{410E2ABD-9645-44D4-9C53-43C14CCAE903}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3B5EFD74-7430-4846-82E3-28A939FDD673}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3AF02505-3738-4702-9847-05695B07887B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F7B07F1C-DC42-4A32-AC51-6A98FF555189}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E43923AD-A2E2-457B-B0F1-FDD7F611164D}] => (Allow) C:\Program Files\NetDrive\nd2svc.exe
FirewallRules: [{CD6C1497-2AB0-4311-8B6E-C173BB9C450E}] => (Allow) C:\Program Files\NetDrive\nd2svc.exe
FirewallRules: [{CAE65509-114C-4555-AE68-105AF8502B56}] => (Allow) C:\Program Files\NetDrive\NetDrive2.exe
FirewallRules: [{A1043754-F8E0-46B9-B0BD-9BB629B5ABBA}] => (Allow) C:\Program Files\NetDrive\NetDrive2.exe
FirewallRules: [{0678C01B-8267-4BCE-A1ED-B18F48848C0B}] => (Allow) C:\Program Files\NetDrive\nd2cmd.exe
FirewallRules: [{633B4B81-62AF-432E-8A43-4C69A470AB4D}] => (Allow) C:\Program Files\NetDrive\nd2cmd.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/15/2015 06:50:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/15/2015 03:43:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/15/2015 03:39:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (06/15/2015 07:12:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Blue Coat K9 Web Protection" wurde unerwartet beendet. Dies ist bereits 4 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/15/2015 07:12:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/15/2015 07:12:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ePower Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/15/2015 07:12:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Dritek RF Button Command Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 3000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/15/2015 07:12:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NTI IScheduleSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/15/2015 07:12:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NetDrive2_Service_NetDrive2" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/15/2015 07:12:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Mobile Broadband HL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/15/2015 07:12:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Machine Debug Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/15/2015 07:12:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Elan Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/15/2015 07:12:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Dritek WMI Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 3000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office:
=========================
Error: (06/15/2015 06:50:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

Error: (06/15/2015 03:43:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

Error: (06/15/2015 03:39:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe


CodeIntegrity Errors:
===================================
  Date: 2015-06-15 19:52:24.912
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-15 16:40:11.456
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-15 08:24:23.851
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-15 07:55:38.819
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-15 03:24:49.793
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-11 10:19:01.302
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-09 12:09:24.682
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-09 09:08:56.983
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-09 09:08:56.630
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-09 09:08:55.586
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: AMD A8-4555M APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 20%
Total physical RAM: 5578.27 MB
Available physical RAM: 4415.32 MB
Total Pagefile: 6474.27 MB
Available Pagefile: 5118.97 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (ENTERPRISE) (Fixed) (Total:681.89 GB) (Free:265.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: CC577C9F)

Partition: GPT Partition Type.

==================== End of log ============================
         
--- --- ---


3. Shortcuts:

Code:
ATTFilter
Users shortcut scan result (x64) Version:13-06-2015
Ran by Picard at 2015-06-15 20:19:51
Running from C:\Users\Picard\Desktop
Boot Mode: Normal
==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)



Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Choice.lnk -> C:\Windows\BrowserChoice\html\default.html 

()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camera.lnk -> C:\Windows\Camera\Camera.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk -> C:\Windows\FileManager\FileManager.exe 

(Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe 

(Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotosApp.lnk -> C:\Windows\FileManager\PhotosApp.exe (Microsoft 

Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Store.lnk -> C:\Windows\WinStore\WinStore.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Easy Transfer.lnk -> C:\Windows

\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\FreeFileSync.lnk -> C:\Program Files\FreeFileSync

\FreeFileSync.exe (freefilesync.sourceforge.net)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\RealtimeSync.lnk -> C:\Program Files\FreeFileSync

\RealtimeSync.exe (freefilesync.sourceforge.net)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\TreeSize Free\TreeSize Free (Administrator).lnk -> C:

\Program Files (x86)\JAM Software\TreeSize Free\TreeSizeFree.exe (JAM Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\TreeSize Free\TreeSize Free deinstallieren.lnk -> C:

\Program Files (x86)\JAM Software\TreeSize Free\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\TreeSize Free\TreeSize Free Hilfe.lnk -> C:\Program Files 

(x86)\JAM Software\TreeSize Free\TreeSizeFree.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\System Tools\Command Prompt.lnk -> C:\Windows

\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\System Tools\Windows Easy Transfer.lnk -> C:\Windows

\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\System Tools\Windows PowerShell.lnk -> C:\Windows

\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\System Tools\Windows.Defender.lnk -> C:\Program Files

\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\NetDrive2\NetDrive2.lnk -> C:\Program Files\NetDrive

\NetDrive2.exe (Bdrive Inc)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\NetDrive2\Uninstall.lnk -> C:\Program Files\NetDrive

\Uninstall.exe (Bdrive Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Hersteller\EgisTec\MyWinLocker.lnk -> C:\Program Files 

(x86)\EgisTec MyWinLocker\EgisMgtConsole.exe (Egis Technology Inc. )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Hersteller\Dolby\Dolby Demo.lnk -> C:\Dolby 

PCEE4\pcee4d.exe (Dolby Laboratories Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Hersteller\Dolby\Dolby Profile.lnk -> C:\Dolby 

PCEE4\pcee4e.exe (Dolby Laboratories Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Hersteller\CyberLink MediaEspresso 6.5\CyberLink 

MediaEspresso 6.5.lnk -> C:\Program Files (x86)\CyberLink\MediaEspresso\MediaEspresso.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Hersteller\AMD Quick Stream\AMD Quick Stream.lnk -> C:

\Program Files\AMD Quick Stream\AMDQuickStream.exe (AppEx Networks Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Hersteller\AMD Catalyst Control Center\AMD Catalyst Control 

Center.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Hersteller\Acer\Acer Backup Manager.lnk -> C:\Program Files 

(x86)\NTI\Acer Backup Manager\BackupManager.exe (NTI Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Hersteller\Acer\Acer Device Fast-lane.lnk -> C:\Program 

Files\Acer\Acer Device Fast-lane\DeviceFastLaneUI.exe (Acer Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Hersteller\Acer\Acer Instant Update Utility.lnk -> C:

\Program Files\Acer\Acer Instant Service\InstantUpdate\InstantUpdateUtility.exe (Microsoft)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Hersteller\Acer\Acer Power Button.lnk -> C:\Program Files

\Acer\Acer Power Management\ePowerButton.exe (Acer Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Hersteller\Acer\Acer Power Management.lnk -> C:\Program 

Files\Acer\Acer Power Management\ePowerUI.exe (Acer Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Hersteller\Acer\Acer Quick Guide.lnk -> C:\OEM\Preload

\Autorun\GUI\Acer Quick Guide\00\LaunchPDF.exe (Acer)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Hersteller\Acer\Acer Recovery Management.lnk -> C:\Program 

Files\Acer\Acer Recovery Management\eRecoveryUI.exe (Acer Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Hersteller\Acer\Acer User's Manual.lnk -> C:\OEM\Preload

\Autorun\GUI\Acer User's Manual\00\LaunchPDF.exe (Acer)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Hersteller\Acer\AcerCloud Docs.lnk -> C:\Program Files 

(x86)\Acer\AcerCloud Docs\AcerCloud Docs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Hersteller\Acer\AcerCloud.lnk -> C:\Program Files 

(x86)\Acer\Acer Cloud\acpanel_win.exe (Acer Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Hersteller\Acer\clear.fi Media.lnk -> C:\Program Files 

(x86)\Acer\clear.fi Media\ClearfiMedia.exe (Acer Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Hersteller\Acer\clear.fi Photo.lnk -> C:\Program Files 

(x86)\Acer\clear.fi Photo\ClearfiPhoto.exe (Acer Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Hersteller\Acer\Identity Card.lnk -> C:\Program Files 

(x86)\Acer\Identity Card\IDCard.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Hersteller\Acer\Live Updater.lnk -> C:\Program Files 

(x86)\Acer\Live Updater\updater.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Flux\Flux.lnk -> C:\Users\Picard\AppData\Local

\FluxSoftware\Flux\flux.exe (Flux Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Flux\Uninstall.lnk -> C:\Users\Picard\AppData\Local

\FluxSoftware\Flux\uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Classic Shell\Classic Explorer Settings.lnk -> C:\Program 

Files\Classic Shell\ClassicExplorerSettings.exe (IvoSoft)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Classic Shell\Classic IE Settings.lnk -> C:\Program Files

\Classic Shell\ClassicIE_32.exe (IvoSoft)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Classic Shell\Classic Shell Help.lnk -> C:\Program Files

\Classic Shell\ClassicShell.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Classic Shell\Classic Shell Readme.lnk -> C:\Program Files

\Classic Shell\ClassicShellReadme.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Classic Shell\Classic Shell Update.lnk -> C:\Program Files

\Classic Shell\ClassicShellUpdate.exe (IvoSoft)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe 

(Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Accessories\Math Input Panel.lnk -> C:\Program Files\Common 

Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe 

(Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe 

(Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Accessories\Remote Desktop Connection.lnk -> C:\Windows

\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Accessories\Snipping Tool.lnk -> C:\Windows

\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Accessories\Sound Recorder.lnk -> C:\Windows

\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Accessories\Steps Recorder.lnk -> C:\Windows

\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Accessories\Sticky Notes.lnk -> C:\Windows

\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Accessories\Windows Fax and Scan.lnk -> C:\Windows

\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT

\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Accessories\XPS Viewer.lnk -> C:\Windows

\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program 

Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Accessories\System Tools\Character Map.lnk -> C:\Windows

\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Accessibility\Magnify.lnk -> C:\Windows

\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Accessibility\Narrator.lnk -> C:\Windows

\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Accessibility\On-Screen Keyboard.lnk -> C:\Windows

\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk -> C:

\Program Files\SUPERAntiSpyware\RUNSAS.EXE (SUPERAdBlocker.com and SUPERAntiSpyware.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Free Edition.lnk -> C:\Program 

Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sicherheit\Spybot - Search & Destroy 2\Create System Report.lnk -> 

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLogReport.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sicherheit\Spybot - Search & Destroy 2\File Scan.lnk -> C:\Program 

Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sicherheit\Spybot - Search & Destroy 2\Immunization.lnk -> C:

\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sicherheit\Spybot - Search & Destroy 2\Rootkit Scan.lnk -> C:

\Program Files (x86)\Spybot - Search & Destroy 2\SDRootAlyzer.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sicherheit\Spybot - Search & Destroy 2\Spybot-S&D Start Center.lnk 

-> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sicherheit\Spybot - Search & Destroy 2\System Scan.lnk -> C:

\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sicherheit\Spybot - Search & Destroy 2\Tray Icon (Live 

Protection).lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sicherheit\Spybot - Search & Destroy 2\Uninstall Spybot-S&D.lnk -> 

C:\Program Files (x86)\Spybot - Search & Destroy 2\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sicherheit\ Malwarebytes Anti-Malware \ Malwarebytes Anti-Malware  

entfernen.lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sicherheit\ Malwarebytes Anti-Malware \ Malwarebytes Anti-Malware  

Notifications.lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sicherheit\ Malwarebytes Anti-Malware \ Malwarebytes Anti-Malware .lnk 

-> C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sicherheit\ Malwarebytes Anti-Malware \Tools\Malwarebytes Anti-

Malware Chameleon.lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sicherheit\HitmanPro\HitmanPro.lnk -> C:\Program Files\HitmanPro

\HitmanPro.exe (SurfRight B.V.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sicherheit\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner

\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sicherheit\Blue Coat K9 Web Protection\Uninstall Blue Coat K9 Web 

Protection.lnk -> C:\Program Files\Blue Coat K9 Web Protection\uninst.exe (Blue Coat Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia\Apple Software Update.lnk -> C:\Windows\Installer

\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia\Winamp\Chronik.lnk -> C:\Program Files (x86)\Winamp

\whatsnew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia\Winamp\Winamp entfernen.lnk -> C:\Program Files 

(x86)\Winamp\deinstwa.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia\Winamp\Winamp.lnk -> C:\Program Files (x86)\Winamp

\winamp.exe (Nullsoft)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia\VideoLAN\Documentation.lnk -> C:\Program Files 

(x86)\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia\VideoLAN\Release Notes.lnk -> C:\Program Files 

(x86)\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia\VideoLAN\VideoLAN Website.lnk -> C:\Program Files 

(x86)\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia\VideoLAN\VLC media player.lnk -> C:\Program Files 

(x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia\NTI Media Maker 9\NTI Media Maker 9.lnk -> C:\Program 

Files (x86)\NTI\NTI Media Maker 9\LauncherLoader.exe (NTI Corporation.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia\iTunes\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe 

(Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia\iTunes\Über iTunes.lnk -> C:\Program Files\iTunes

\iTunes.Resources\de.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia\IrfanView\About IrfanView.lnk -> C:\Program Files 

(x86)\IrfanView\i_about.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia\IrfanView\Available Languages.lnk -> C:\Program Files 

(x86)\IrfanView\i_languages.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia\IrfanView\Available PlugIns.lnk -> C:\Program Files 

(x86)\IrfanView\i_plugins.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia\IrfanView\Command line Options.lnk -> C:\Program Files 

(x86)\IrfanView\i_options.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia\IrfanView\IrfanView 4.38.lnk -> C:\Program Files 

(x86)\IrfanView\i_view32.exe (Irfan Skiljan)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia\IrfanView\IrfanView Help.lnk -> C:\Program Files 

(x86)\IrfanView\i_view32.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia\IrfanView\What's New.lnk -> C:\Program Files 

(x86)\IrfanView\i_changes.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia\Djvu2Pdf\Uninstall.lnk -> C:\Program Files (x86)\PD4ML

\Djvu2Pdf\uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia\calibre 64bit - E-book Management\calibre 64bit - E-

book management.lnk -> C:\Program Files\Calibre2\calibre.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia\calibre 64bit - E-book Management\E-book viewer 

64bit.lnk -> C:\Program Files\Calibre2\ebook-viewer.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia\calibre 64bit - E-book Management\Edit E-book 64bit.lnk 

-> C:\Program Files\Calibre2\ebook-edit.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia\calibre 64bit - E-book Management\LRF viewer 64bit.lnk 

-> C:\Program Files\Calibre2\lrfviewer.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia\Amazon\Amazon Kindle\Kindle.lnk -> C:\Users\Picard

\AppData\Local\Amazon\Kindle\application\Kindle.exe (Amazon.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia\Amazon\Amazon Kindle\Uninstall Kindle.lnk -> C:\Users

\Picard\AppData\Local\Amazon\Kindle\application\uninstall.exe (Amazon.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet\Internet Explorer.lnk -> C:\Program Files\Internet 

Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla 

Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet\Opera  Mail.lnk -> C:\Users\Picard\AppData\Local\Opera 

Mail\operamail.exe (Opera Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet\WinWget\WinWget.lnk -> C:\Program Files (x86)\WinWget

\WinWget.exe (WinWget Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet\WinHTTrack\Documentation.lnk -> C:\Program Files 

(x86)\WinHTTrack\httrack-doc.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet\WinHTTrack\WinHTTrack Website Copier.lnk -> C:\Program 

Files (x86)\WinHTTrack\WinHTTrack.exe (HTTrack)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet\Skype\Skype für den Desktop.lnk -> C:\Program Files 

(x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet\Java\Java konfigurieren.lnk -> C:\Program Files 

(x86)\Java\jre1.8.0_45\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet\Free Download Manager\Documentation.lnk -> C:\Program 

Files (x86)\Free Download Manager\Help\Free Download Manager.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet\Free Download Manager\FDM remote control server.lnk -> 

C:\Program Files (x86)\Free Download Manager\fdmwi.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet\Free Download Manager\Free Download Manager on the 

Web.lnk -> C:\Program Files (x86)\Free Download Manager\fdm.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet\Free Download Manager\Free Download Manager.lnk -> C:

\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet\Free Download Manager\Uninstall Free Download Manager.lnk 

-> C:\Program Files (x86)\Free Download Manager\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Adobe Bridge CS6 (64bit).lnk -> C:\Program Files\Adobe\Adobe 

Bridge CS6 (64 Bit)\Bridge.exe (Adobe Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Adobe Bridge CS6.lnk -> C:\Program Files (x86)\Adobe\Adobe 

Bridge CS6\Bridge.exe (Adobe Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Adobe ExtendScript Toolkit CS6.lnk -> C:\Program Files 

(x86)\Adobe\Adobe Utilities - CS6\ExtendScript Toolkit CS6\ExtendScript Toolkit.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Adobe Extension Manager CS6.lnk -> C:\Program Files 

(x86)\Adobe\Adobe Extension Manager CS6\Adobe Extension Manager CS6.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Adobe Photoshop CS6 (64 Bit).lnk -> C:\Program Files\Adobe

\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe (Adobe Systems, Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Adobe Photoshop CS6.lnk -> C:\Program Files (x86)\Adobe\Adobe 

Photoshop CS6\Photoshop.exe (Adobe Systems, Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\TeamViewer 10.lnk -> C:\Program Files (x86)\TeamViewer

\TeamViewer.exe (TeamViewer GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\WinZip\Help Manual.lnk -> C:\Program Files (x86)\WinZip

\WINZIP.HLP ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\WinZip\ReadMe.txt.lnk -> C:\Program Files (x86)\WinZip

\README.TXT ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\WinZip\What's New.lnk -> C:\Program Files (x86)\WinZip

\WHATSNEW.TXT ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\WinZip\WinZip 8.1 .lnk -> C:\Program Files (x86)\WinZip

\WINZIP32.EXE (WinZip Computing, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk 

-> C:\Program Files (x86)\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\WinRAR\Hilfe zu WinRAR.lnk -> C:\Program Files (x86)\WinRAR

\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\WinRAR\WinRAR.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.exe 

()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Software995\Pdf995 Readme.lnk -> C:\Program Files 

(x86)\pdf995\readme.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\PDF-XChange PDF Viewer\PDF-Viewer License.lnk -> C:\Program 

Files\Tracker Software\PDF Viewer\Help\PDFVLicense.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\PDF-XChange PDF Viewer\PDF-Viewer Users Manual.lnk -> C:

\Program Files\Tracker Software\PDF Viewer\Help\PDFVManualSm.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\PDF-XChange PDF Viewer\PDF-Viewer.lnk -> C:\Program Files

\Tracker Software\PDF Viewer\PDFXCview.exe (Tracker Software Products (Canada) Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\PDF-XChange PDF Viewer\Tracker Updater.lnk -> C:\Program 

Files\Tracker Software\Update\TrackerUpdate.exe (Tracker Software Products (Canada) Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\PDF-XChange PDF Viewer\Uninstall.lnk -> C:\Program Files

\Tracker Software\PDF Viewer\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program 

Files\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Microsoft Office\Microsoft Access 2010.lnk -> C:\Windows

\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Microsoft Office\Microsoft Excel 2010.lnk -> C:\Windows

\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Microsoft Office\Microsoft OneNote 2010.lnk -> C:\Windows

\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Microsoft Office\Microsoft Outlook 2010.lnk -> C:\Windows

\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Microsoft Office\Microsoft PowerPoint 2010.lnk -> C:\Windows

\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk -> 

C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Microsoft Office\Microsoft Word 2010.lnk -> C:\Windows

\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Microsoft Office\Microsoft Office 2010-Tools\Digitales 

Zertifikat für VBA-Projekte.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Microsoft Office\Microsoft Office 2010-Tools\Microsoft Clip 

Organizer.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Microsoft Office\Microsoft Office 2010-Tools\Microsoft Office 

2010 Upload Center.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Microsoft Office\Microsoft Office 2010-Tools\Microsoft Office 

2010-Spracheinstellungen.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Microsoft Office\Microsoft Office 2010-Tools\Microsoft Office 

Picture Manager.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\IBM SPSS Statistics\IBM SPSS Statistics 21.lnk -> C:\Program 

Files (x86)\IBM\SPSS\Statistics\21\stats.exe (IBM Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\IBM SPSS Statistics\IBM SPSS Amos 20\Amos Graphics.lnk -> C:

\Program Files (x86)\IBM\SPSS\Amos\20\AmosGraphicsCLI.exe (Amos Development Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\IBM SPSS Statistics\IBM SPSS Amos 20\File Manager.lnk -> C:

\Program Files (x86)\IBM\SPSS\Amos\20\AmosFileManagerCLI.exe (Amos Development Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\IBM SPSS Statistics\IBM SPSS Amos 20\Language.lnk -> C:

\Program Files (x86)\IBM\SPSS\Amos\20\SelectLanguage.exe (_)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\IBM SPSS Statistics\IBM SPSS Amos 20\Program Editor.lnk -> 

C:\Program Files (x86)\IBM\SPSS\Amos\20\ProgramEditorCLI.exe (Amos Development Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\IBM SPSS Statistics\IBM SPSS Amos 20\Seed Manager.lnk -> C:

\Program Files (x86)\IBM\SPSS\Amos\20\SeedManagerCLI.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\IBM SPSS Statistics\IBM SPSS Amos 20\Text Output.lnk -> C:

\Program Files (x86)\IBM\SPSS\Amos\20\AppViewerCLI.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\IBM SPSS Statistics\IBM SPSS Amos 20\User-Defined 

Estimands.lnk -> C:\Program Files (x86)\IBM\SPSS\Amos\20\UserFunctionEditor.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\IBM SPSS Statistics\IBM SPSS Amos 20\View Data.lnk -> C:

\Program Files (x86)\IBM\SPSS\Amos\20\DataViewerCLI.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Ghostscript\Ghostscript Readme 9.07.LNK -> C:\Program Files

\gs\gs9.07\doc\Readme.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Ghostscript\Uninstall Ghostscript 9.07.LNK -> C:\Program 

Files\gs\gs9.07\uninstgs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\FreePDF\FreePDF Assistant.lnk -> C:\Program Files 

(x86)\FreePDF_XP\fpassist.exe (shbox.de)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\FreePDF\FreePDF Config.lnk -> C:\Program Files 

(x86)\FreePDF_XP\fpucnfg.exe (.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\FreePDF\FreePDF Handbuch (de).lnk -> C:\Program Files 

(x86)\FreePDF_XP\FreePDFde.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\FreePDF\FreePDF Join.lnk -> C:\Program Files 

(x86)\FreePDF_XP\fpjoin.exe (shbox.de)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\FreePDF\FreePDF Manual (en).lnk -> C:\Program Files 

(x86)\FreePDF_XP\FreePDFen.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\FreePDF\FreePDF.lnk -> C:\Program Files (x86)\FreePDF_XP

\freepdf.exe (shbox)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Designworkers\ZoiPer\Uninstall Zoiper for einfachVoIP.de.lnk 

-> C:\Program Files (x86)\Zoiper\Uninstall.exe (Securax LTD)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Designworkers\ZoiPer\Zoiper.lnk -> C:\Program Files 

(x86)\Zoiper\Zoiper.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Designworkers\SharePoint\Microsoft SharePoint Workspace 

2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Designworkers\Jabra\Direct\Jabra Direct Firmware Updater.lnk 

-> C:\Program Files (x86)\Jabra\Direct\FWU\JabraFwUpdater.exe (GN Netcom A/S)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Designworkers\Jabra\Direct\Jabra Direct.lnk -> C:\Program 

Files (x86)\Jabra\Direct\JabraDirect.exe (GN Netcom A/S)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Designworkers\CAS Info@Click\CAS Info@Click.lnk -> C:\Program 

Files (x86)\CAS-PIA\InfoClick\InfoClick.exe (CAS Software AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Designworkers\CAS Info@Click\Uninstall Info@Click.lnk -> C:

\Program Files (x86)\CAS-PIA\InfoClick\icUninstall.exe (CAS Software AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\7-Zip\7-Zip File Manager.lnk -> C:\Program Files\7-Zip

\7zFM.exe (Igor Pavlov)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\7-Zip\7-Zip Help.lnk -> C:\Program Files\7-Zip\7-zip.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows

\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe 

(Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows

\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows

\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows

\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows

\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows

\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows

\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows

\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows

\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk 

-> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell (x86).lnk -> C:\Windows

\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell ISE (x86).lnk -> C:

\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell ISE.lnk -> C:\Windows

\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe 

(Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files

\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe 

(Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows

\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows

\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows

\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe 

(Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe 

(Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows

\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT

\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe 

(Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files

\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows

\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Internet Explorer\Quick Launch\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - 

Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Internet Explorer\Quick Launch\System Scan.lnk -> C:\Program Files (x86)\Spybot - Search & 

Destroy 2\SDScan.exe (Safer-Networking Ltd.)
Shortcut: C:\Users\Picard\Links\Desktop.lnk -> C:\Users\Picard\Desktop ()
Shortcut: C:\Users\Picard\Links\Downloads.lnk -> C:\Users\Picard\Downloads ()
Shortcut: C:\Users\Picard\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Classic Shell.LNK -> C:\Program Files\Classic Shell 

()
Shortcut: C:\Users\Picard\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\ClassicShellReadme.rtf.LNK -> C:\Program Files

\Classic Shell\ClassicShellReadme.rtf ()
Shortcut: C:\Users\Picard\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\EUROTOOL.XLA.LNK -> C:\Program Files (x86)\Microsoft 

Office\OFFICE11\Makro\EUROTOOL.XLA (No File)
Shortcut: C:\Users\Picard\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Makro.LNK -> C:\Program Files (x86)\Microsoft 

Office\OFFICE11\Makro (No File)
Shortcut: C:\Users\Picard\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Vorlagen.LNK -> C:\Users\Picard\AppData\Roaming

\Microsoft\Vorlagen ()
Shortcut: C:\Users\Picard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Zoiper.lnk -> C:\Program Files (x86)\Zoiper

\Zoiper.exe ()
Shortcut: C:\Users\Picard\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe 

(Microsoft Corporation)
Shortcut: C:\Users\Picard\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows

\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Picard\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe 

(Microsoft Corporation)
Shortcut: C:\Users\Picard\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows

\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Picard\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows

\System32\compmgmt.msc ()
Shortcut: C:\Users\Picard\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows

\System32\diskmgmt.msc ()
Shortcut: C:\Users\Picard\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe 

(Microsoft Corporation)
Shortcut: C:\Users\Picard\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe 

(Microsoft Corporation)
Shortcut: C:\Users\Picard\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe 

(Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk -> C:\Users\Picard\Documents ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk -> C:\Users\Picard\Pictures ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows

\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows.Defender.lnk -> C:\Program 

Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows

\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows

\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows

\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:

\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe 

(Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows

\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe 

(Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows

\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows

\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows

\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe 

(Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe 

(Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe 

(Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe 

(SUPERAntiSpyware)




ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk -> C:\Windows\System32\rundll32.exe 

(Microsoft Corporation) -> -sta {C90FB8CA-3295-4462-A721-2935E83694BA}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk -> C:\Windows

\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows

\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\TreeSize Free\TreeSize Free.lnk -> C:\Program 

Files (x86)\JAM Software\TreeSize Free\TreeSizeFree.exe (JAM Software) -> /NOADMIN
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\System Tools\Default Programs.lnk -> C:

\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\System Tools\Task Manager.lnk -> C:\Windows

\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Hersteller\EgisTec\Shredder.lnk -> C:\Program 

Files (x86)\EgisTec Shredder\x86\ShredConsole.exe (Egis Technology Inc.) -> -s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Hersteller\CyberLink MediaEspresso 

6.5\MediaEspresso Gadget.lnk -> C:\Program Files (x86)\CyberLink\MediaEspresso\MediaEspresso.exe (CyberLink Corp.) -> gadget
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Classic Shell\Classic Start Menu Settings.lnk 

-> C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft) -> -settings
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Accessories\Windows Media Player.lnk -> C:

\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Accessibility\Speech Recognition.lnk -> C:

\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-

Activation.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware) ->  /register
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sicherheit\HitmanPro\HitmanPro 3.7 entfernen.lnk -> 

C:\Program Files\HitmanPro\HitmanPro.exe (SurfRight B.V.) -> /uninstall
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sicherheit\Blue Coat K9 Web Protection\Blue Coat K9 

Web Protection Admin.lnk -> C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe (Blue Coat Systems, Inc.) -> admin
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia\VideoLAN\VLC media player - reset 

preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache 

vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia\VideoLAN\VLC media player skinned.lnk -> 

C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia\IrfanView\IrfanView - Thumbnails.lnk -> C:

\Program Files (x86)\IrfanView\i_view32.exe (Irfan Skiljan) -> /thumbs
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet\WinHTTrack\copying.lnk -> C:\Windows

\notepad.exe (Microsoft Corporation) -> C:\Program Files (x86)\WinHTTrack\copying
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet\WinHTTrack\greetings.txt.lnk -> C:\Windows

\notepad.exe (Microsoft Corporation) -> C:\Program Files (x86)\WinHTTrack\greetings.txt
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet\WinHTTrack\history.txt.lnk -> C:\Windows

\notepad.exe (Microsoft Corporation) -> C:\Program Files (x86)\WinHTTrack\history.txt
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet\WinHTTrack\license.txt.lnk -> C:\Windows

\notepad.exe (Microsoft Corporation) -> C:\Program Files (x86)\WinHTTrack\license.txt
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet\WinHTTrack\readme.lnk -> C:\Windows

\notepad.exe (Microsoft Corporation) -> C:\Program Files (x86)\WinHTTrack\readme
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet\Java\Auf Updates prüfen.lnk -> C:\Program 

Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet\Java\Info zu Java.lnk -> C:\Program Files 

(x86)\Java\jre1.8.0_45\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Adobe Application Manager.lnk -> C:\Program Files 

(x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe (Adobe Systems Incorporated) -> --appletID=CCM_UI --appletVersion=1.0 --

workflow=CCM_workflow_launch
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\WinZip\Uninstall WinZip.lnk -> C:\Program Files 

(x86)\WinZip\WINZIP32.EXE (WinZip Computing, Inc.) -> /uninstall
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\IBM SPSS Statistics\IBM SPSS Statistics 21 

Lizenzautorisierungsassistent.lnk -> C:\Program Files (x86)\IBM\SPSS\Statistics\21\law.exe (IBM Corp.) -> -is:javahome "C:

\Program Files (x86)\IBM\SPSS\Statistics\21\JRE" -s:silent
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\IBM SPSS Statistics\IBM SPSS Amos 20\Amos 20 

License Authorization Wizard.lnk -> C:\Program Files (x86)\IBM\SPSS\Amos\20\law.exe (SPSS) -> -is:javahome C:\Program Files 

(x86)\IBM\SPSS\Amos\20\\JRE -is:silent
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Ghostscript\Ghostscript 9.07.LNK -> C:\Program 

Files\gs\gs9.07\bin\gswin64.exe () -> "-IC:\Program Files\gs\gs9.07\lib;C:\Program Files\gs\gs9.07\..\fonts"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:

\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows

\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:

\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:

\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows

\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program 

Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows

\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{f7e09072-97f0-4a02-aed3-11596824598d}\PlayTasks\0\Delicious 

Emily's True Love Premium Edition.lnk -> C:\Program Files (x86)\WildGames\Delicious Emilys True Love Premium Edition

\GHDeliciousEmilysTrueLovePremium-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{f405496e-4cd5-4891-a8bc-3e58bd47b25c}\PlayTasks

\0\Penguins!.lnk -> C:\Program Files (x86)\WildGames\Penguins!\Penguins-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{e7ba0ac0-94a2-4b33-ac4a-125fc2e1127a}\PlayTasks\0\Island 

Tribe.lnk -> C:\Program Files (x86)\WildGames\Island Tribe\islandtribe-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{ca9f0082-7f3d-4f78-b4e6-592c73461b8c}\PlayTasks\0\Tales of 

Lagoona.lnk -> C:\Program Files (x86)\WildGames\Tales of Lagoona\Tales of Lagoona-WT.exe (WildTangent, Inc.) -> /launchgc /src 

gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{b87f2bde-5d44-4e86-bd37-a71616b35ea6}\PlayTasks\0\Bejeweled 

3.lnk -> C:\Program Files (x86)\WildGames\Bejeweled 3\bejeweled3-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{977b5905-4d14-47f1-bbbf-7b92f596695d}\PlayTasks

\0\provider.lnk -> C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - main\provider.exe (WildTangent) -> 

/id=977b5905-4d14-47f1-bbbf-7b92f596695d /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{951226E3-26FC-40BC-8085-3677B1128F59}\PlayTasks\0\Polar 

Bowler.lnk -> C:\Program Files (x86)\WildGames\Polar Bowler\Polar-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{5efc38bb-2dab-4442-8e97-38975fa121af}\PlayTasks\0\Magic 

Academy.lnk -> C:\Program Files (x86)\WildGames\Magic Academy\Magic Academy-WT.exe (WildTangent, Inc.) -> /launchgc /src 

gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{5ae0d760-ddcf-4247-85df-eacefd518e86}\PlayTasks\0\Plants vs. 

Zombies - Game of the Year.lnk -> C:\Program Files (x86)\WildGames\Plants vs Zombies - Game of the Year\plantsvszombies-WT.exe 

(WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{471351f0-4e8a-47bf-a6b3-3de3c99ae340}\PlayTasks\0\Jewel 

Match 3.lnk -> C:\Program Files (x86)\WildGames\Jewel Match 3\jewelmatch3-WT.exe (WildTangent, Inc.) -> /launchgc /src 

gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3edea465-61b0-4949-97e6-2cdc82169b9f}\PlayTasks\0\John Deere 

Drive Green.lnk -> C:\Program Files (x86)\WildGames\John Deere Drive Green\DriveGreen1-WT.exe (WildTangent, Inc.) -> /launchgc 

/src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{1447c6c0-8a7b-4b3f-a3b2-cbc9cb3ff16d}\PlayTasks\0\Aloha 

TriPeaks.lnk -> C:\Program Files (x86)\WildGames\Aloha TriPeaks\alohatripeaks-WT.exe (WildTangent, Inc.) -> /launchgc /src 

gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{11df15ff-f066-4c33-ac85-8738689543f5}\PlayTasks\0\Governor 

of Poker 2 Premium Edition.lnk -> C:\Program Files (x86)\WildGames\Governor of Poker 2 Premium Edition

\GovernorofPoker2_PE_WildTangent_v1.5-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{0f8ade68-df58-4eae-a24a-e238d634bf55}\PlayTasks\0\Agatha 

Christie - Death on the Nile.lnk -> C:\Program Files (x86)\WildGames\Agatha Christie - Death on the Nile\Agatha Christie - Death 

on the Nile-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{0334682e-f04f-4f03-8b56-d518fdcb7661}\PlayTasks\0\Zuma's 

Revenge.lnk -> C:\Program Files (x86)\WildGames\Zumas Revenge\Zuma's Revenge-WT.exe (WildTangent, Inc.) -> /launchgc /src 

gameexplorer
ShortcutWithArgument: C:\Users\Picard\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe 

(Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Picard\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone

\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\Picard\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files 

(x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Picard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk -> C:\MS 

Office\Office14\OUTLOOK.EXE (Microsoft Corporation) -> /recycle
ShortcutWithArgument: C:\Users\Picard\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows

\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Picard\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows

\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Picard\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows

\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Picard\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows

\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Picard\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows

\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Picard\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe 

(Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Picard\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe 

(Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Picard\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows

\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\Picard\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows

\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Picard\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe 

(Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe 

(Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files 

(x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows

\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows

\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows

\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows

\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows

\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe 

(Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe 

(Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows

\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows

\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe 

(Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sicherheit\CCleaner\CCleaner Homepage.url -> 

hxxp://www.piriform.com/ccleaner
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia\calibre 64bit - E-book Management\Get Involved.url 

-> hxxp://calibre-ebook.com/get-involved
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia\calibre 64bit - E-book Management\User Manual.url -> 

hxxp://manual.calibre-ebook.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro\Designworkers\ZoiPer\Zoiper Web Page.url -> 

hxxp://www.zoiper.com
InternetURL: C:\Users\Picard\Favorites\Bing.url -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\Picard\Favorites\Links\Acer Zubehör Shop.url -> hxxp://go.acer.com/?id=14169
InternetURL: C:\Users\Picard\Favorites\Acer\eBay.url -> hxxp://rover.ebay.com/rover/1/707-67567-24801-3/4

==================== End of log =============================
         
Irgendwelche hilfreichen Hinweise? Habe selbst nach MSN gesucht, aber nichts gefunden. Vielleicht eine Weiterleitung von einer anderen Microsoft-URL?

Danke Dir, für Deine Mühe, das alles zu screenen!

Alt 15.06.2015, 20:28   #7
Warlord711
/// TB-Ausbilder
 
Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL - Standard

Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL



MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype?ocid=wispr

Das ?ocid=blablabla ist ne OEM Startseite vom Hersteller, in diesem Fall 99% Acer.

Hier eine Frage eines HP Kunden im MS Forum:

What is the /?ocid=oie9hp mean after www.msn.com for my - Microsoft Community

Da es keinen Autostart gibt, der diese URL aufruft vermute ich zu 99% diesen Task hier:

Zitat:
Task: {3CE8EB79-3AC9-4B7C-B3DB-0BDB3278EE02} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-23] ()


LAss uns den Task mal löschen, notfalls lässt sich der Acer Instant Service reparieren oder neu installieren.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Task: {3CE8EB79-3AC9-4B7C-B3DB-0BDB3278EE02} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-23] ()
emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Mach dann mal nen Neustart und schau, ob Firefox immer noch automatisch startet.
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 16.06.2015, 06:30   #8
Picard
 
Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL - Standard

Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL



Hi! Danke, dass Du auch noch "nachtaktiv" bist.

Hier das Fixlog:

Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Picard at 2015-06-15 21:37:14 Run:1
Running from C:\Users\Picard\Desktop
Loaded Profiles: Picard (Available Profiles: Picard)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Task: {3CE8EB79-3AC9-4B7C-B3DB-0BDB3278EE02} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-23] ()
emptytemp:
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3CE8EB79-3AC9-4B7C-B3DB-0BDB3278EE02}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CE8EB79-3AC9-4B7C-B3DB-0BDB3278EE02}" => key removed successfully
C:\Windows\System32\Tasks\iuBrowserIEAgent => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iuBrowserIEAgent" => key removed successfully
EmptyTemp: => 94.1 MB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 21:37:37 ====
         
Autostart von FF besteht aber nach Neustart immer noch.
Doch diesmal hat K9-Webprotection die Öffnung der Seite verhindert.
Die Seite wurden neben der Website des Trojanerboards als weiteres Tab automatisch beim Windowsstart geöffnet. Die wird also immer automatisch geöffnet, bei jedem Neustart, ohne dass ich das veranlasse oder möchte oder eingestellt hätte. Ist aber erst seit 1-2 Tagen so.
Folgende URL wurde in der FF-Adressleiste angezeigt:

h t t p : / / g o .m i c r o s o f t . c o m / f w l i n k / ? L i n k I D = 2 1 9 4 7 2 & c l c i d = 0 x 4 0 9

Die wurde, wenn ich mich recht entsinne, auch in einem der obigen Logs angezeigt, oder?
Könnte da ein Zshg. bestehen?

/EDIT:
Jein, im Shortcuts-Log wurde folgende URL (in den letzten Zeilen) ausgegeben:

InternetURL: C:\Users\Picard\Favorites\Bing.url -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255142

Sehr ähnlich, aber nicht gleich. Hast Du da irgendwelche Ideen?

Was passiert denn, wenn Du die betreffende URL öffnest? Kannst auch gerne einen Screenshot posten. Wenn Du das lieber aus Präventionsgründen nicht öffnen möchtest, verstehe ich das auch.

Über Nacht werde ich auf jeden Fall noch den Windows Defender einen Vollscan durführen lassen. Das dauert nur leider immer so lange. Aber bis morgen ist der dann fertig.

Windows Defender hat leider auch nichts gefunden.

Vielleicht ist es wirklich so, dass irgendeine Installation oder Wiederherstellung (OEM-seitig oder durch andere jüngst installierte Software) diese MSN-Deutschland-URL irgendwo hinterlegt hat. Aber wieso startet FF automatisch. Habe FF auch schon zurück gesetzt - hat auch nicht geholfen.

Geändert von Picard (15.06.2015 um 20:52 Uhr)

Alt 16.06.2015, 09:49   #9
Warlord711
/// TB-Ausbilder
 
Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL - Standard

Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL



Mach bitte nochmal nen FRST Scan, nimm aber bei "Whitelist" sämtliche Haken raus.
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 16.06.2015, 10:10   #10
Picard
 
Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL - Standard

Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL



Habe ich unter Admin-Rechten gemacht.

FRST-Log:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Picard (administrator) on ENTERPRISE on 16-06-2015 11:01:42
Running from C:\Users\Picard\Desktop
Loaded Profiles: Picard (Available Profiles: Picard)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (All) =========================

(Microsoft Corporation) C:\Windows\System32\smss.exe
(Microsoft Corporation) C:\Windows\System32\csrss.exe
(Microsoft Corporation) C:\Windows\System32\wininit.exe
(Microsoft Corporation) C:\Windows\System32\csrss.exe
(Microsoft Corporation) C:\Windows\System32\winlogon.exe
(Microsoft Corporation) C:\Windows\System32\services.exe
(Microsoft Corporation) C:\Windows\System32\lsass.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\dwm.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\spoolsv.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\System32\taskhostex.exe
(Microsoft Corporation) C:\Windows\explorer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
() C:\Program Files\NetDrive\nd2svc.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Flux Software LLC) C:\Users\Picard\AppData\Local\FluxSoftware\Flux\flux.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Picard\Desktop\FRST64.exe

==================== Registry (All) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [903384 2013-07-24] (Conexant Systems, Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [478984 2012-12-15] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM-x32\...\Run: [BCSSync] => C:\MS Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Jabra Direct] => C:\Program Files (x86)\Jabra\Direct\JabraDirect.exe [918016 2015-03-17] (GN Netcom A/S)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, [26112 2014-10-29] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [22528 2014-10-29] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] explorer.exe [2501368 2015-01-28] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] explorer.exe [2207488 2015-01-28] (Microsoft Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Atheros Communications)
HKLM\...\Policies\Explorer: [ForceActiveDesktopOn] 0
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [429792 2013-04-11] (AppEx Networks Corporation)
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Run: [f.lux] => C:\Users\Picard\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-15] (SUPERAntiSpyware)
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Policies\system: [DisableRegistryTools] 0
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Policies\system: [DisableTaskMgr] 0
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\MountPoints2: {cda14533-ddda-11e4-be8e-689423c584e4} - "E:\AutoRun.exe" 
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\MountPoints2: {cda1453a-ddda-11e4-be8e-689423c584e4} - "E:\AutoRun.exe" 
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
SecurityProviders: credssp.dll
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
SSODL: EldosMountNotificator-cbfs5 - {7A35CB49-0B54-4454-8B23-20588639589D} - C:\WINDOWS\system32\cbfsMntNtf5.dll (EldoS Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
SSODL-x32: EldosMountNotificator-cbfs5 - {7A35CB49-0B54-4454-8B23-20588639589D} - C:\WINDOWS\SysWOW64\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs5] -> {A36E313B-FFD9-44BD-9C0F-4F2ED9A8AE3F} => C:\WINDOWS\system32\cbfsMntNtf5.dll [2015-05-22] (EldoS Corporation)
ShellIconOverlayIdentifiers: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Windows\System32\EhStorShell.dll [2014-10-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs5] -> {A36E313B-FFD9-44BD-9C0F-4F2ED9A8AE3F} => C:\WINDOWS\SysWOW64\cbfsMntNtf5.dll [2015-05-22] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\MS Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\MS Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\MS Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\MS Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\MS Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BootExecute: autocheck autochk * sdnclean64.exe
AlternateShell: cmd.exe

==================== Internet (All) ===========================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.de
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.de
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.de
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.de
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://www.google.com
URLSearchHook: HKU\S-1-5-21-2305788995-4209846984-3758418705-1001 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-2305788995-4209846984-3758418705-1001 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {045ADA50-4597-4A09-9AF5-EE389F7EF7A6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {045ADA50-4597-4A09-9AF5-EE389F7EF7A6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2305788995-4209846984-3758418705-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-2305788995-4209846984-3758418705-1001 -> {045ADA50-4597-4A09-9AF5-EE389F7EF7A6} URL = 
SearchScopes: HKU\S-1-5-21-2305788995-4209846984-3758418705-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\MS Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-14] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\MS Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-02-24] (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-14] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - &CAS Info@Click - {69128F97-9C35-4881-9ED4-5A23A97A2E3D} - C:\Program Files (x86)\CAS-PIA\InfoClick\icDeskBar.dll [2014-06-03] (CAS Software AG)
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2015-05-27] (Microsoft Corporation)
Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2015-05-27] (Microsoft Corporation)
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll [2015-05-22] (Microsoft Corporation)
Handler-x32: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll [2015-05-23] (Microsoft Corporation)
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll [2014-10-29] (Microsoft Corporation)
Handler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll [2014-10-29] (Microsoft Corporation)
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2015-05-22] (Microsoft Corporation)
Handler-x32: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2015-05-23] (Microsoft Corporation)
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2015-05-22] (Microsoft Corporation)
Handler-x32: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2015-05-23] (Microsoft Corporation)
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll [2005-09-20] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll [2005-09-20] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll [2005-09-20] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll [2005-09-20] (Microsoft Corporation)
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll [2014-10-29] (Microsoft Corporation)
Handler-x32: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll [2014-10-29] (Microsoft Corporation)
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2015-05-27] (Microsoft Corporation)
Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2015-05-27] (Microsoft Corporation)
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2015-05-22] (Microsoft Corporation)
Handler-x32: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2015-05-23] (Microsoft Corporation)
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2015-05-27] (Microsoft Corporation)
Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2015-05-27] (Microsoft Corporation)
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll [2015-05-22] (Microsoft Corporation)
Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll [2015-05-23] (Microsoft Corporation)
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2015-05-22] (Microsoft Corporation)
Handler-x32: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2015-05-23] (Microsoft Corporation)
Handler-x32: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll [2012-11-10] (Microsoft Corporation)
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll [2014-10-29] (Microsoft Corporation)
Handler-x32: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll [2014-10-29] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll [2005-09-20] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll [2005-09-20] (Microsoft Corporation)
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2015-05-27] (Microsoft Corporation)
Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2015-05-27] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll [2014-10-29] (Microsoft Corporation)
Handler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll [2014-10-29] (Microsoft Corporation)
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2015-05-27] (Microsoft Corporation)
Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2015-05-27] (Microsoft Corporation)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2013-08-22] (Microsoft Corporation)
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll [2013-08-22] (Microsoft Corporation)
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2013-08-22] (Microsoft Corporation)
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll [2013-08-22] (Microsoft Corporation)
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2013-08-22] (Microsoft Corporation)
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll [2013-08-22] (Microsoft Corporation)
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [2010-02-28] (Microsoft Corporation)
Filter-x32: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [2012-10-31] (Microsoft Corporation)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\MS Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation)
Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55296 2015-03-28] (Microsoft Corporation)
Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144 2015-03-28] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144 2015-03-28] (Microsoft Corporation)
Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65536 2015-03-28] (Microsoft Corporation)
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208 2015-03-28] (Microsoft Corporation)
Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040 2015-03-28] (Microsoft Corporation)
Winsock: Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [50688 2015-03-28] (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [286208 2015-03-28] (Microsoft Corporation)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [286208 2015-03-28] (Microsoft Corporation)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [286208 2015-03-28] (Microsoft Corporation)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [286208 2015-03-28] (Microsoft Corporation)
Winsock: Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208 2015-03-28] (Microsoft Corporation)
Winsock: Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [286208 2015-03-28] (Microsoft Corporation)
Winsock: Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [286208 2015-03-28] (Microsoft Corporation)
Winsock: Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [286208 2015-03-28] (Microsoft Corporation)
Winsock: Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [286208 2015-03-28] (Microsoft Corporation)
Winsock: Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [286208 2015-03-28] (Microsoft Corporation)
Winsock: Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [286208 2015-03-28] (Microsoft Corporation)
Winsock: Catalog5-x64 01 C:\Windows\system32\napinsp.dll [69120 2015-03-28] (Microsoft Corporation)
Winsock: Catalog5-x64 02 C:\Windows\system32\pnrpnsp.dll [88576 2015-03-28] (Microsoft Corporation)
Winsock: Catalog5-x64 03 C:\Windows\system32\pnrpnsp.dll [88576 2015-03-28] (Microsoft Corporation)
Winsock: Catalog5-x64 04 C:\Windows\system32\NLAapi.dll [86016 2015-03-28] (Microsoft Corporation)
Winsock: Catalog5-x64 05 C:\Windows\System32\mswsock.dll [339456 2015-03-28] (Microsoft Corporation)
Winsock: Catalog5-x64 06 C:\Windows\System32\winrnr.dll [30720 2015-03-28] (Microsoft Corporation)
Winsock: Catalog5-x64 07 C:\Windows\system32\wshbth.dll [63488 2015-03-28] (Microsoft Corporation)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc.)
Winsock: Catalog9-x64 01 C:\Windows\system32\mswsock.dll [339456 2015-03-28] (Microsoft Corporation)
Winsock: Catalog9-x64 02 C:\Windows\system32\mswsock.dll [339456 2015-03-28] (Microsoft Corporation)
Winsock: Catalog9-x64 03 C:\Windows\system32\mswsock.dll [339456 2015-03-28] (Microsoft Corporation)
Winsock: Catalog9-x64 04 C:\Windows\system32\mswsock.dll [339456 2015-03-28] (Microsoft Corporation)
Winsock: Catalog9-x64 05 C:\Windows\system32\mswsock.dll [339456 2015-03-28] (Microsoft Corporation)
Winsock: Catalog9-x64 06 C:\Windows\system32\mswsock.dll [339456 2015-03-28] (Microsoft Corporation)
Winsock: Catalog9-x64 07 C:\Windows\system32\mswsock.dll [339456 2015-03-28] (Microsoft Corporation)
Winsock: Catalog9-x64 08 C:\Windows\system32\mswsock.dll [339456 2015-03-28] (Microsoft Corporation)
Winsock: Catalog9-x64 09 C:\Windows\system32\mswsock.dll [339456 2015-03-28] (Microsoft Corporation)
Winsock: Catalog9-x64 10 C:\Windows\system32\mswsock.dll [339456 2015-03-28] (Microsoft Corporation)
Winsock: Catalog9-x64 11 C:\Windows\system32\mswsock.dll [339456 2015-03-28] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Picard\AppData\Roaming\Mozilla\Firefox\Profiles\lcxsgorf.default-1434301459440
FF DefaultSearchEngine: LEO Eng-Deu
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-18] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-12-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @cas.de/InfoClick -> C:\Program Files (x86)\CAS-PIA\InfoClick\npInfoClick.dll [2014-06-03] (CAS Software AG)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\MSOFFI~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\MSOFFI~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-12-15] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2305788995-4209846984-3758418705-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml [2015-03-28]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bing.xml [2015-04-04]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml [2015-03-28]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml [2015-03-28]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\google.xml [2015-03-28]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml [2015-03-28]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-de.xml [2015-03-28]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml [2015-03-28]
FF Extension: Adblock Plus - C:\Users\Picard\AppData\Roaming\Mozilla\Firefox\Profiles\lcxsgorf.default-1434301459440\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-14]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2015-06-04]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\Program Files (x86)\Free Download Manager\Firefox\Extension
FF Extension: Free Download Manager plugin - C:\Program Files (x86)\Free Download Manager\Firefox\Extension [2015-03-31]
FF HKLM-x32\...\Mozilla Firefox 38.0.5\Extensions: [Components] - C:\Program Files (x86)\Mozilla Firefox\components
FF HKLM-x32\...\Mozilla Firefox 38.0.5\Extensions: [Plugins] - C:\Program Files (x86)\Mozilla Firefox\plugins
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\plugins [2015-06-04]
FF HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\ProgramData\Free Download Manager\Firefox\Extensions\1.7.3.1
FF Extension: Free Download Manager plugin - C:\ProgramData\Free Download Manager\Firefox\Extensions\1.7.3.1 [2015-04-11]
FF HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Mozilla Firefox 38.0.5\Extensions: [Components] - C:\Program Files (x86)\Mozilla Firefox\components
FF HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Mozilla Firefox 38.0.5\Extensions: [Plugins] - C:\Program Files (x86)\Mozilla Firefox\plugins
StartMenuInternet: FIREFOX.EXE - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\channel-prefs.js [2015-06-04]

Opera: 
=======
StartMenuInternet: (HKU\S-1-5-21-2305788995-4209846984-3758418705-1001) OperaMail - "C:\Users\Picard\AppData\Local\Opera Mail\OperaMail.exe"

==================== Services (All) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [268464 2015-05-18] (Adobe Systems Incorporated)
S3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [214528 2014-10-29] (Microsoft Corporation)
S3 ALG; C:\Windows\System32\alg.exe [96768 2014-10-29] (Microsoft Corporation)
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [239616 2013-08-31] (AMD)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [39424 2014-10-29] (Microsoft Corporation)
R3 Appinfo; C:\Windows\System32\appinfo.dll [110080 2014-10-29] (Microsoft Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 AppReadiness; C:\Windows\system32\AppReadiness.dll [562688 2014-10-29] (Microsoft Corporation)
S3 AppXSvc; C:\Windows\system32\appxdeploymentserver.dll [1348096 2014-10-29] (Microsoft Corporation)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [File not signed]
R2 AudioEndpointBuilder; C:\Windows\System32\AudioEndpointBuilder.dll [229888 2014-12-06] (Microsoft Corporation)
R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [911360 2014-10-29] (Microsoft Corporation)
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [111104 2014-10-29] (Microsoft Corporation)
R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2647256 2014-01-24] (Blue Coat Systems, Inc.)
S3 BDESVC; C:\Windows\System32\bdesvc.dll [348672 2014-10-29] (Microsoft Corporation)
R2 BFE; C:\Windows\System32\bfe.dll [845312 2014-11-10] (Microsoft Corporation)
S3 BITS; C:\Windows\System32\qmgr.dll [933376 2014-10-29] (Microsoft Corporation)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [462184 2011-08-30] (Apple Inc.)
R2 BrokerInfrastructure; C:\Windows\System32\bisrv.dll [270336 2014-10-29] (Microsoft Corporation)
R3 Browser; C:\Windows\System32\browser.dll [135168 2014-10-29] (Microsoft Corporation)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R3 bthserv; C:\Windows\system32\bthserv.dll [94720 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-25] (Acer Incorporated)
S3 CertPropSvc; C:\Windows\System32\certprop.dll [156160 2014-10-29] (Microsoft Corporation)
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [131584 2014-10-29] (Microsoft Corporation)
R2 CxAudMsg; C:\WINDOWS\system32\CxAudMsg64.exe [206552 2013-07-25] (Conexant Systems Inc.)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [817664 2014-10-29] (Microsoft Corporation)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [524288 2014-10-29] (Microsoft Corporation)
S3 DeviceAssociationService; C:\Windows\system32\das.dll [407040 2014-10-29] (Microsoft Corporation)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
S3 DeviceInstall; C:\Windows\system32\umpnpmgr.dll [116736 2014-10-29] (Microsoft Corporation)
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [365056 2014-10-29] (Microsoft Corporation)
R2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [292864 2014-10-29] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1430528 2015-05-25] (Microsoft Corporation)
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [252416 2014-11-05] (Microsoft Corporation)
S3 dot3svc; C:\Windows\System32\dot3svc.dll [262144 2014-10-29] (Microsoft Corporation)
R2 DPS; C:\Windows\system32\dps.dll [174080 2014-10-29] (Microsoft Corporation)
R2 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [348784 2012-08-21] (Dritek System Inc.)
S3 DsmSvc; C:\Windows\System32\DeviceSetupManager.dll [206848 2014-10-29] (Microsoft Corporation)
S3 Eaphost; C:\Windows\System32\eapsvc.dll [110592 2014-10-29] (Microsoft Corporation)
S3 EFS; C:\Windows\system32\efssvc.dll [41472 2014-10-29] (Microsoft Corporation)
S3 EgisTec Ticket Service; C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [174160 2012-07-12] (Egis Technology Inc. )
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-06] (ELAN Microelectronics Corp.)
R2 EventLog; C:\Windows\System32\wevtsvc.dll [1696256 2015-03-06] (Microsoft Corporation)
R2 EventSystem; C:\Windows\system32\es.dll [516608 2014-10-29] (Microsoft Corporation)
R2 EventSystem; C:\Windows\SysWOW64\es.dll [367616 2014-10-29] (Microsoft Corporation)
S3 Fax; C:\Windows\system32\fxssvc.exe [658944 2014-10-29] (Microsoft Corporation)
S3 fdPHost; C:\Windows\system32\fdPHost.dll [22016 2014-10-29] (Microsoft Corporation)
S3 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2014-10-29] (Microsoft Corporation)
S3 fhsvc; C:\Windows\system32\fhsvc.dll [121856 2014-10-29] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [655624 2014-07-26] (Acresso Software Inc.)
R2 FontCache; C:\Windows\system32\FntCache.dll [1387008 2015-04-10] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [43696 2013-08-03] (Microsoft Corporation)
S3 GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [206072 2010-10-12] (WildTangent, Inc.)
S2 gpsvc; C:\Windows\System32\gpsvc.dll [1360896 2014-10-29] (Microsoft Corporation)
R3 hidserv; C:\Windows\system32\hidserv.dll [33792 2014-10-29] (Microsoft Corporation)
R3 hidserv; C:\Windows\SysWOW64\hidserv.dll [30720 2014-10-29] (Microsoft Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-06-14] (SurfRight B.V.)
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [101376 2014-10-29] (Microsoft Corporation)
S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [275968 2014-10-29] (Microsoft Corporation)
S3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [445952 2014-10-29] (Microsoft Corporation)
S3 HomeGroupProvider; C:\Windows\SysWOW64\provsvc.dll [366080 2014-10-29] (Microsoft Corporation)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2014-10-31] (Microsoft Corporation)
R2 IKEEXT; C:\Windows\System32\ikeext.dll [1084416 2014-11-10] (Microsoft Corporation)
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [926208 2014-10-29] (Microsoft Corporation)
S3 iPod Service; C:\Program Files\iPod\bin\iPodService.exe [643880 2015-02-13] (Apple Inc.)
R3 KeyIso; C:\Windows\system32\keyiso.dll [62464 2014-10-29] (Microsoft Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [46592 2014-10-29] (Microsoft Corporation)
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [373248 2014-10-29] (Microsoft Corporation)
R2 LanmanServer; C:\Windows\system32\srvsvc.dll [329216 2014-10-29] (Microsoft Corporation)
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [289280 2014-10-29] (Microsoft Corporation)
S3 lfsvc; C:\Windows\System32\GeofenceMonitorService.dll [521728 2014-10-29] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [367104 2014-10-29] (Microsoft Corporation)
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [279040 2014-10-29] (Microsoft Corporation)
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [24576 2014-10-29] (Microsoft Corporation)
R2 LSM; C:\Windows\System32\lsm.dll [780800 2015-02-21] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 Microsoft SharePoint Workspace Audit Service; C:\MS Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
S2 MMCSS; C:\Windows\system32\mmcss.dll [71168 2014-10-29] (Microsoft Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2013-01-28] ()
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [148080 2015-06-04] (Mozilla Foundation)
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [880640 2014-10-29] (Microsoft Corporation)
S3 MSDTC; C:\Windows\System32\msdtc.exe [144384 2014-10-29] (Microsoft Corporation)
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [151040 2014-10-29] (Microsoft Corporation)
S3 msiserver; C:\Windows\System32\msiexec.exe [64512 2014-10-29] (Microsoft Corporation)
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [59904 2014-10-29] (Microsoft Corporation)
S3 napagent; C:\Windows\system32\qagentRT.dll [446464 2014-10-29] (Microsoft Corporation)
S3 NcaSvc; C:\Windows\System32\ncasvc.dll [166400 2014-10-29] (Microsoft Corporation)
R3 NcbService; C:\Windows\System32\ncbservice.dll [154112 2014-10-29] (Microsoft Corporation)
S3 NcdAutoSetup; C:\Windows\System32\NcdAutoSetup.dll [74752 2014-10-29] (Microsoft Corporation)
R2 NetDrive2_Service_NetDrive2; C:\Program Files\NetDrive\nd2svc.exe [638008 2015-06-05] ()
S3 Netlogon; C:\Windows\system32\netlogon.dll [838656 2014-10-29] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [695296 2014-10-29] (Microsoft Corporation)
S3 Netman; C:\Windows\System32\netman.dll [266752 2014-10-29] (Microsoft Corporation)
R3 netprofm; C:\Windows\System32\netprofmsvc.dll [550912 2014-10-29] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-08-10] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [391680 2014-12-06] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\nsisvc.dll [28672 2014-10-29] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-03] (NTI Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation)
R3 osppsvc; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [4925184 2010-01-09] (Microsoft Corporation)
S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [380416 2014-10-29] (Microsoft Corporation)
S3 p2psvc; C:\Windows\system32\p2psvc.dll [440832 2014-10-29] (Microsoft Corporation)
R2 PcaSvc; C:\Windows\System32\pcasvc.dll [474112 2014-10-29] (Microsoft Corporation)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [21504 2013-08-22] (Microsoft Corporation)
S3 pla; C:\Windows\system32\pla.dll [1526784 2014-10-29] (Microsoft Corporation)
S3 pla; C:\Windows\SysWOW64\pla.dll [1534464 2014-10-29] (Microsoft Corporation)
R3 PlugPlay; C:\Windows\system32\umpnpmgr.dll [116736 2014-10-29] (Microsoft Corporation)
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [26624 2014-10-29] (Microsoft Corporation)
S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [380416 2014-10-29] (Microsoft Corporation)
S3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [397312 2014-10-29] (Microsoft Corporation)
R2 Power; C:\Windows\system32\umpo.dll [80384 2014-10-29] (Microsoft Corporation)
S3 PrintNotify; C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll [2898432 2014-07-24] (Microsoft Corporation)
R2 ProfSvc; C:\Windows\system32\profsvc.dll [225280 2014-12-09] (Microsoft Corporation)
S3 QWAVE; C:\Windows\system32\qwave.dll [303104 2014-10-29] (Microsoft Corporation)
S3 RasAuto; C:\Windows\System32\rasauto.dll [102912 2014-10-29] (Microsoft Corporation)
S3 RasMan; C:\Windows\System32\rasmans.dll [542208 2014-10-29] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [226816 2014-10-29] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [183296 2014-10-29] (Microsoft Corporation)
S4 RemoteRegistry; C:\Windows\system32\regsvc.dll [166400 2014-10-29] (Microsoft Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2014-07-26] (Dritek System INC.)
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [80896 2014-10-29] (Microsoft Corporation)
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2014-10-29] (Microsoft Corporation)
R2 RpcSs; C:\Windows\system32\rpcss.dll [817664 2014-10-29] (Microsoft Corporation)
R2 SamSs; C:\Windows\system32\lsass.exe [47024 2014-10-29] (Microsoft Corporation)
S4 SCardSvr; C:\Windows\System32\SCardSvr.dll [194048 2014-10-29] (Microsoft Corporation)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [131072 2014-10-29] (Microsoft Corporation)
R2 Schedule; C:\Windows\system32\schedsvc.dll [1265152 2014-10-29] (Microsoft Corporation)
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [156160 2014-10-29] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 seclogon; C:\Windows\system32\seclogon.dll [31744 2014-10-29] (Microsoft Corporation)
R2 SENS; C:\Windows\System32\sens.dll [73728 2014-10-29] (Microsoft Corporation)
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [243200 2014-10-29] (Microsoft Corporation)
S3 SessionEnv; C:\Windows\system32\sessenv.dll [339968 2014-10-29] (Microsoft Corporation)
S3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [296448 2014-10-29] (Microsoft Corporation)
S4 SharedAccess; C:\Windows\System32\ipnathlp.dll [452608 2014-10-29] (Microsoft Corporation)
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [640000 2014-10-29] (Microsoft Corporation)
R2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [576512 2014-10-29] (Microsoft Corporation)
S2 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [315496 2014-12-11] (Skype Technologies)
S3 smphost; C:\Windows\System32\smphost.dll [13312 2014-10-29] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2014-10-29] (Microsoft Corporation)
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14848 2014-10-29] (Microsoft Corporation)
R2 Spooler; C:\Windows\System32\spoolsv.exe [827392 2014-11-04] (Microsoft Corporation)
S2 sppsvc; C:\Windows\system32\sppsvc.exe [6353960 2014-03-18] (Microsoft Corporation)
S3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [249344 2014-10-29] (Microsoft Corporation)
S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [142848 2014-10-29] (Microsoft Corporation)
S3 stisvc; C:\Windows\System32\wiaservc.dll [670720 2014-10-29] (Microsoft Corporation)
S3 StorSvc; C:\Windows\system32\storsvc.dll [20480 2014-10-29] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [17920 2014-10-29] (Microsoft Corporation)
S3 svsvc; C:\Windows\system32\svsvc.dll [13312 2014-10-29] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 swprv; C:\Windows\System32\swprv.dll [706048 2014-10-29] (Microsoft Corporation)
R2 SysMain; C:\Windows\system32\sysmain.dll [1217024 2014-10-29] (Microsoft Corporation)
R2 SystemEventsBroker; C:\Windows\System32\SystemEventsBrokerServer.dll [294912 2014-10-29] (Microsoft Corporation)
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [154624 2014-10-29] (Microsoft Corporation)
S3 TapiSrv; C:\Windows\System32\tapisrv.dll [313344 2014-10-29] (Microsoft Corporation)
S3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [254464 2014-10-29] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
S3 TermService; C:\Windows\System32\termsrv.dll [1114624 2014-10-29] (Microsoft Corporation)
R2 Themes; C:\Windows\system32\themeservice.dll [59392 2014-10-29] (Microsoft Corporation)
S3 THREADORDER; C:\Windows\system32\mmcss.dll [71168 2014-10-29] (Microsoft Corporation)
R3 TimeBroker; C:\Windows\System32\TimeBrokerServer.dll [262656 2014-10-29] (Microsoft Corporation)
R2 TrkWks; C:\Windows\System32\trkwks.dll [124416 2014-10-29] (Microsoft Corporation)
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [106496 2014-10-29] (Microsoft Corporation)
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [41984 2014-10-29] (Microsoft Corporation)
S3 UmRdpService; C:\Windows\System32\umrdp.dll [300032 2014-10-29] (Microsoft Corporation)
S3 upnphost; C:\Windows\System32\upnphost.dll [457728 2014-10-29] (Microsoft Corporation)
S3 upnphost; C:\Windows\SysWOW64\upnphost.dll [331776 2014-10-29] (Microsoft Corporation)
R3 VaultSvc; C:\Windows\System32\vaultsvc.dll [260608 2014-10-29] (Microsoft Corporation)
S3 vds; C:\Windows\System32\vds.exe [1313792 2014-10-29] (Microsoft Corporation)
S3 vmicguestinterface; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 vmicheartbeat; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 vmickvpexchange; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 vmicrdv; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 vmicshutdown; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 vmictimesync; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 VSS; C:\Windows\system32\vssvc.exe [1454080 2014-10-21] (Microsoft Corporation)
S3 W32Time; C:\Windows\system32\w32time.dll [411648 2014-10-29] (Microsoft Corporation)
S3 wbengine; C:\Windows\system32\wbengine.exe [1571328 2014-10-29] (Microsoft Corporation)
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [465920 2014-10-29] (Microsoft Corporation)
R2 Wcmsvc; C:\Windows\System32\wcmsvc.dll [374784 2014-10-29] (Microsoft Corporation)
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [465920 2014-10-29] (Microsoft Corporation)
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [43520 2014-10-29] (Microsoft Corporation)
S3 WcsPlugInService; C:\Windows\SysWOW64\WcsPlugInService.dll [34304 2014-10-29] (Microsoft Corporation)
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [95744 2014-10-29] (Microsoft Corporation)
R3 WdiServiceHost; C:\Windows\SysWOW64\wdi.dll [84992 2014-10-29] (Microsoft Corporation)
S3 WdiSystemHost; C:\Windows\system32\wdi.dll [95744 2014-10-29] (Microsoft Corporation)
S3 WdiSystemHost; C:\Windows\SysWOW64\wdi.dll [84992 2014-10-29] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WebClient; C:\Windows\System32\webclnt.dll [229376 2014-10-29] (Microsoft Corporation)
S3 WebClient; C:\Windows\SysWOW64\webclnt.dll [199168 2014-10-29] (Microsoft Corporation)
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [209408 2014-10-29] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [26112 2014-10-29] (Microsoft Corporation)
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84992 2014-10-29] (Microsoft Corporation)
S3 WerSvc; C:\Windows\System32\WerSvc.dll [108544 2014-10-29] (Microsoft Corporation)
S3 WiaRpc; C:\Windows\System32\wiarpc.dll [67584 2014-10-29] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [802816 2014-10-29] (Microsoft Corporation)
R3 WinHttpAutoProxySvc; C:\Windows\SysWOW64\winhttp.dll [631808 2014-10-29] (Microsoft Corporation)
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [230400 2014-10-29] (Microsoft Corporation)
S3 WinRM; C:\Windows\system32\WsmSvc.dll [2608640 2014-10-29] (Microsoft Corporation)
S3 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [2170368 2014-10-29] (Microsoft Corporation)
R2 WlanSvc; C:\Windows\System32\wlansvc.dll [1547264 2014-10-29] (Microsoft Corporation)
S3 wlidsvc; C:\Windows\system32\wlidsvc.dll [1639424 2014-10-29] (Microsoft Corporation)
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [201728 2014-10-29] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1478144 2014-10-29] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1668096 2014-10-29] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2014-10-29] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10240 2014-10-29] (Microsoft Corporation)
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [86528 2014-10-29] (Microsoft Corporation)
R2 wscsvc; C:\Windows\System32\wscsvc.dll [146944 2014-10-29] (Microsoft Corporation)
S4 WSearch; C:\Windows\system32\SearchIndexer.exe [903168 2015-04-01] (Microsoft Corporation)
S4 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [710144 2015-04-01] (Microsoft Corporation)
S3 WSService; C:\Windows\System32\WSService.dll [3460472 2014-10-29] (Microsoft Corporation)
S2 wuauserv; C:\WINDOWS\system32\wuaueng.dll [3682304 2015-05-15] (Microsoft Corporation)
S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [104960 2014-10-29] (Microsoft Corporation)
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [513536 2014-10-29] (Microsoft Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (All) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394ohci; C:\Windows\System32\drivers\1394ohci.sys [231424 2013-08-22] (Microsoft Corporation)
S0 3ware; C:\Windows\System32\drivers\3ware.sys [108896 2013-08-22] (LSI)
R0 ACPI; C:\Windows\System32\drivers\ACPI.sys [533824 2014-10-07] (Microsoft Corporation)
R0 acpiex; C:\Windows\System32\Drivers\acpiex.sys [79712 2013-08-22] (Microsoft Corporation)
S3 acpipagr; C:\Windows\System32\drivers\acpipagr.sys [10240 2013-08-22] (Microsoft Corporation)
S3 AcpiPmi; C:\Windows\System32\drivers\acpipmi.sys [12288 2013-08-22] (Microsoft Corporation)
S3 acpitime; C:\Windows\System32\drivers\acpitime.sys [10752 2013-08-22] (Microsoft Corporation)
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R1 AFD; C:\Windows\system32\drivers\afd.sys [563200 2014-08-24] (Microsoft Corporation)
S0 agp440; C:\Windows\System32\drivers\agp440.sys [62304 2013-08-22] (Microsoft Corporation)
R1 ahcache; C:\Windows\System32\DRIVERS\ahcache.sys [80384 2015-03-20] (Microsoft Corporation)
S3 AmdK8; C:\Windows\System32\drivers\amdk8.sys [95744 2013-08-22] (Microsoft Corporation)
R3 amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [12528640 2013-08-31] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [618496 2013-08-31] (Advanced Micro Devices, Inc.)
R3 AmdPPM; C:\Windows\System32\drivers\amdppm.sys [98816 2013-08-22] (Microsoft Corporation)
S0 amdsata; C:\Windows\System32\drivers\amdsata.sys [79200 2013-08-22] (Advanced Micro Devices)
S0 amdsbs; C:\Windows\System32\drivers\amdsbs.sys [259424 2013-08-22] (AMD Technologies Inc.)
S0 amdxata; C:\Windows\System32\drivers\amdxata.sys [25952 2013-08-22] (Advanced Micro Devices)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
S3 AppID; C:\Windows\system32\drivers\appid.sys [82944 2014-10-29] (Microsoft Corporation)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
S0 arcsas; C:\Windows\System32\drivers\arcsas.sys [114016 2013-08-22] (PMC-Sierra, Inc.)
S0 atapi; C:\Windows\System32\drivers\atapi.sys [26464 2013-08-22] (Microsoft Corporation)
R3 AthBTPort; C:\Windows\system32\DRIVERS\btath_flt.sys [89800 2013-09-07] (Qualcomm Atheros)
R3 athr; C:\Windows\system32\DRIVERS\athw8x.sys [3915264 2013-08-07] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [531296 2013-08-22] (Broadcom Corporation)
R1 BasicDisplay; C:\Windows\System32\drivers\BasicDisplay.sys [50688 2013-08-22] (Microsoft Corporation)
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [33280 2014-03-18] (Microsoft Corporation)
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [35168 2013-08-22] (Microsoft Corporation)
R2 bckd; C:\Windows\System32\drivers\bckd.sys [126168 2014-01-24] (Blue Coat Systems, Inc.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [7680 2013-08-22] (Microsoft Corporation)
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [102912 2013-08-22] (Microsoft Corporation)
R3 BTATH_A2DP; C:\Windows\system32\drivers\btath_a2dp.sys [338120 2013-09-07] (Qualcomm Atheros)
R3 btath_avdt; C:\Windows\system32\drivers\btath_avdt.sys [116424 2013-09-07] (Qualcomm Atheros)
R3 BTATH_BUS; C:\Windows\System32\drivers\btath_bus.sys [34384 2013-09-07] (Qualcomm Atheros)
R3 BTATH_HCRP; C:\Windows\System32\drivers\btath_hcrp.sys [179432 2013-09-07] (Qualcomm Atheros)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 BTATH_RCP; C:\Windows\System32\drivers\btath_rcp.sys [137928 2013-09-07] (Qualcomm Atheros)
R3 BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [594120 2013-09-07] (Qualcomm Atheros)
S3 BthAvrcpTg; C:\Windows\System32\drivers\BthAvrcpTg.sys [36992 2013-08-22] (Microsoft Corporation)
R3 BthEnum; C:\Windows\System32\drivers\BthEnum.sys [53248 2014-10-29] (Microsoft Corporation)
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [57856 2015-03-09] (Microsoft Corporation)
S3 bthhfhid; C:\Windows\System32\drivers\BthHFHid.sys [30720 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [64000 2014-03-18] (Microsoft Corporation)
R3 BthPan; C:\Windows\System32\drivers\bthpan.sys [118272 2014-07-24] (Microsoft Corporation)
S3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [1198080 2014-10-29] (Microsoft Corporation)
R3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [81920 2014-10-29] (Microsoft Corporation)
R1 cbfs5; C:\WINDOWS\system32\drivers\cbfs5.sys [422080 2015-05-22] (EldoS Corporation)
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [88576 2013-08-22] (Microsoft Corporation)
R1 cdrom; C:\Windows\System32\drivers\cdrom.sys [164352 2013-08-22] (Microsoft Corporation)
S3 circlass; C:\Windows\System32\drivers\circlass.sys [44032 2013-08-22] (Microsoft Corporation)
R0 CLFS; C:\Windows\System32\drivers\CLFS.sys [377152 2015-03-04] (Microsoft Corporation)
R3 CmBatt; C:\Windows\System32\drivers\CmBatt.sys [25472 2013-08-22] (Microsoft Corporation)
R0 CNG; C:\Windows\System32\Drivers\cng.sys [561928 2015-03-30] (Microsoft Corporation)
R3 CnxtHdAudService; C:\Windows\system32\drivers\CHDRT64.sys [1299648 2013-07-10] (Conexant Systems Inc.)
R3 CompositeBus; C:\Windows\System32\drivers\CompositeBus.sys [36352 2013-08-22] (Microsoft Corporation)
R3 condrv; C:\Windows\System32\drivers\condrv.sys [43008 2013-08-22] (Microsoft Corporation)
S1 dam; C:\Windows\System32\drivers\dam.sys [58176 2014-11-04] (Microsoft Corporation)
R1 Dfsc; C:\Windows\System32\Drivers\dfsc.sys [134144 2014-08-24] (Microsoft Corporation)
R0 disk; C:\Windows\System32\drivers\disk.sys [100192 2013-08-22] (Microsoft Corporation)
S3 dmvsc; C:\Windows\System32\drivers\dmvsc.sys [29696 2013-08-22] (Microsoft Corporation)
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [14528 2014-10-29] (Microsoft Corporation)
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [1552704 2014-10-29] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R0 EhStorClass; C:\Windows\System32\drivers\EhStorClass.sys [82784 2013-08-22] (Microsoft Corporation)
S0 EhStorTcgDrv; C:\Windows\System32\drivers\EhStorTcgDrv.sys [114016 2013-08-22] (Microsoft Corporation)
S3 ErrDev; C:\Windows\System32\drivers\errdev.sys [10240 2013-08-22] (Microsoft Corporation)
R3 ETD; C:\Windows\system32\DRIVERS\ETD.sys [370504 2013-09-06] (ELAN Microelectronics Corp.)
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [200704 2013-08-22] (Microsoft Corporation)
R3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [217952 2013-08-22] (Microsoft Corporation)
S3 fdc; C:\Windows\System32\drivers\fdc.sys [30720 2013-08-22] (Microsoft Corporation)
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [79192 2014-03-18] (Microsoft Corporation)
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34816 2013-08-22] (Microsoft Corporation)
S3 flpydisk; C:\Windows\System32\drivers\flpydisk.sys [25088 2013-08-22] (Microsoft Corporation)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [354112 2014-08-26] (Microsoft Corporation)
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [61248 2014-10-15] (Microsoft Corporation)
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [30048 2013-08-22] (Microsoft Corporation)
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [589656 2014-08-24] (Microsoft Corporation)
S3 FxPPM; C:\Windows\System32\drivers\fxppm.sys [27136 2013-08-22] (Microsoft Corporation)
S0 gagp30kx; C:\Windows\System32\drivers\gagp30kx.sys [65888 2013-08-22] (Microsoft Corporation)
R3 GEARAspiWDM; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [33240 2012-10-03] (GEAR Software Inc.)
S3 gencounter; C:\Windows\System32\drivers\vmgencounter.sys [11264 2013-08-22] (Microsoft Corporation)
S3 GPIOClx0101; C:\Windows\System32\Drivers\msgpioclx.sys [146752 2014-08-15] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\drivers\HDAudBus.sys [76800 2014-07-24] (Microsoft Corporation)
S3 HidBatt; C:\Windows\System32\drivers\HidBatt.sys [26624 2013-08-22] (Microsoft Corporation)
S3 HidBth; C:\Windows\System32\drivers\hidbth.sys [97792 2015-01-30] (Microsoft Corporation)
S3 hidi2c; C:\Windows\System32\drivers\hidi2c.sys [41472 2013-08-22] (Microsoft Corporation)
S3 HidIr; C:\Windows\System32\drivers\hidir.sys [45568 2013-08-22] (Microsoft Corporation)
S3 HidUsb; C:\Windows\System32\drivers\hidusb.sys [33280 2014-08-24] (Microsoft Corporation)
S0 HpSAMD; C:\Windows\System32\drivers\HpSAMD.sys [64352 2013-08-22] (Hewlett-Packard Company)
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [991552 2015-02-24] (Microsoft Corporation)
S0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [24416 2013-08-22] (Microsoft Corporation)
S3 hyperkbd; C:\Windows\System32\drivers\hyperkbd.sys [13824 2013-08-22] (Microsoft Corporation)
S3 HyperVideo; C:\Windows\system32\DRIVERS\HyperVideo.sys [22016 2013-08-22] (Microsoft Corporation)
R3 i8042prt; C:\Windows\System32\drivers\i8042prt.sys [108544 2014-11-04] (Microsoft Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
S0 iaStorV; C:\Windows\System32\drivers\iaStorV.sys [412000 2013-08-22] (Intel Corporation)
S0 intelide; C:\Windows\System32\drivers\intelide.sys [18272 2013-08-22] (Microsoft Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39744 2014-10-17] (Microsoft Corporation)
S3 intelppm; C:\Windows\System32\drivers\intelppm.sys [98816 2013-08-22] (Microsoft Corporation)
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [84992 2013-08-22] (Microsoft Corporation)
S3 IPMIDRV; C:\Windows\System32\drivers\IPMIDrv.sys [79872 2014-07-24] (Microsoft Corporation)
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [142848 2014-03-18] (Microsoft Corporation)
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2013-08-22] (Microsoft Corporation)
S0 isapnp; C:\Windows\System32\drivers\isapnp.sys [21856 2013-08-22] (Microsoft Corporation)
S3 iScsiPrt; C:\Windows\System32\drivers\msiscsi.sys [275800 2014-08-24] (Microsoft Corporation)
S3 JabraDFU; C:\Windows\System32\Drivers\JabraBcDfuX64.sys [39288 2015-03-03] (GN Netcom A/S)
R3 kbdclass; C:\Windows\System32\drivers\kbdclass.sys [59712 2014-11-04] (Microsoft Corporation)
R3 kbdhid; C:\Windows\System32\drivers\kbdhid.sys [32256 2014-11-04] (Microsoft Corporation)
R3 kdnic; C:\Windows\system32\DRIVERS\kdnic.sys [19456 2013-08-22] (Microsoft Corporation)
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [100672 2014-10-29] (Microsoft Corporation)
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [177984 2015-01-16] (Microsoft Corporation)
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [21248 2013-08-22] (Microsoft Corporation)
R3 L1C; C:\Windows\system32\DRIVERS\L1C63x64.sys [129224 2013-06-18] (Qualcomm Atheros Co., Ltd.)
R2 lltdio; C:\Windows\system32\DRIVERS\lltdio.sys [59392 2013-08-22] (Microsoft Corporation)
S0 LSI_SAS; C:\Windows\System32\drivers\lsi_sas.sys [109408 2013-08-22] (LSI Corporation)
S0 LSI_SAS2; C:\Windows\System32\drivers\lsi_sas2.sys [93536 2013-08-22] (LSI Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
S0 LSI_SSS; C:\Windows\System32\drivers\lsi_sss.sys [82784 2013-08-22] (LSI Corporation)
R2 luafv; C:\Windows\system32\drivers\luafv.sys [124416 2014-03-18] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
S0 megasas; C:\Windows\System32\drivers\megasas.sys [56672 2013-08-22] (LSI Corporation)
S0 megasr; C:\Windows\System32\drivers\megasr.sys [575840 2013-08-22] (LSI Corporation, Inc.)
S3 Modem; C:\Windows\System32\drivers\modem.sys [40960 2013-08-22] (Microsoft Corporation)
R3 monitor; C:\Windows\System32\drivers\monitor.sys [30208 2013-08-22] (Microsoft Corporation)
R3 mouclass; C:\Windows\System32\drivers\mouclass.sys [51008 2014-11-04] (Microsoft Corporation)
S3 mouhid; C:\Windows\System32\drivers\mouhid.sys [30208 2014-11-04] (Microsoft Corporation)
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [102208 2014-10-07] (Microsoft Corporation)
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [74240 2014-10-29] (Microsoft Corporation)
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2014-12-19] (Microsoft Corporation)
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [405504 2014-10-08] (Microsoft Corporation)
R2 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [283648 2014-08-24] (Microsoft Corporation)
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [202752 2014-09-27] (Microsoft Corporation)
S3 MsBridge; C:\Windows\system32\DRIVERS\bridge.sys [115712 2014-10-29] (Microsoft Corporation)
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [30208 2013-08-22] (Microsoft Corporation)
S3 msgpiowin32; C:\Windows\System32\drivers\msgpiowin32.sys [41824 2013-08-22] (Microsoft Corporation)
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2013-08-22] (Microsoft Corporation)
S3 mshidumdf; C:\Windows\System32\drivers\mshidumdf.sys [9728 2013-08-22] (Microsoft Corporation)
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [17248 2013-08-22] (Microsoft Corporation)
S3 MSKSSRV; C:\Windows\system32\drivers\MSKSSRV.sys [10624 2013-08-22] (Microsoft Corporation)
S3 MsLldp; C:\Windows\system32\DRIVERS\mslldp.sys [66560 2014-10-29] (Microsoft Corporation)
S3 MSPCLOCK; C:\Windows\system32\drivers\MSPCLOCK.sys [7040 2013-08-22] (Microsoft Corporation)
S3 MSPQM; C:\Windows\system32\drivers\MSPQM.sys [6784 2013-08-22] (Microsoft Corporation)
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366432 2013-08-22] (Microsoft Corporation)
R1 mssmbios; C:\Windows\System32\drivers\mssmbios.sys [37728 2013-08-22] (Microsoft Corporation)
S3 MSTEE; C:\Windows\system32\drivers\MSTEE.sys [7936 2013-08-22] (Microsoft Corporation)
S3 MTConfig; C:\Windows\System32\drivers\MTConfig.sys [13312 2013-08-22] (Microsoft Corporation)
R0 Mup; C:\Windows\System32\Drivers\mup.sys [78688 2013-08-22] (Microsoft Corporation)
S0 mvumis; C:\Windows\System32\drivers\mvumis.sys [63840 2013-08-22] (Marvell Semiconductor, Inc.)
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [22648 2013-03-12] (Egis Technology Inc.)
R1 mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [20520 2013-03-12] (Egis Technology Inc.)
R1 mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [62776 2013-03-12] (Egis Technology Inc.)
R2 NativeWifiP; C:\Windows\system32\DRIVERS\nwifi.sys [445440 2014-10-29] (Microsoft Corporation)
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [1113920 2015-02-05] (Microsoft Corporation)
S3 NdisCap; C:\Windows\system32\DRIVERS\ndiscap.sys [43008 2014-10-29] (Microsoft Corporation)
S3 NdisImPlatform; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [126464 2014-10-29] (Microsoft Corporation)
S3 NdisTapi; C:\Windows\system32\DRIVERS\ndistapi.sys [24576 2014-11-08] (Microsoft Corporation)
R3 Ndisuio; C:\Windows\system32\DRIVERS\ndisuio.sys [60416 2013-08-22] (Microsoft Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 NdisWan; C:\Windows\system32\DRIVERS\ndiswan.sys [220672 2013-08-22] (Microsoft Corporation)
S3 NdisWanLegacy; C:\Windows\system32\DRIVERS\ndiswan.sys [220672 2013-08-22] (Microsoft Corporation)
S3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [72192 2015-01-06] (Microsoft Corporation)
R2 Ndu; C:\Windows\System32\drivers\Ndu.sys [103424 2014-10-29] (Microsoft Corporation)
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [48128 2014-10-29] (Microsoft Corporation)
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [282624 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\System32\drivers\netvsc63.sys [87040 2014-10-29] (Microsoft Corporation)
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [58880 2013-08-22] (Microsoft Corporation)
R1 npsvctrig; C:\Windows\System32\drivers\npsvctrig.sys [23040 2013-08-22] (Microsoft Corporation)
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [39424 2014-10-29] (Microsoft Corporation)
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [2025792 2014-10-15] (Microsoft Corporation)
R3 NTIDrvr; C:\Windows\system32\drivers\NTIDrvr.sys [18432 2010-04-20] (NTI Corporation)
R1 Null; C:\Windows\System32\Drivers\Null.sys [5632 2013-08-22] (Microsoft Corporation)
S0 nvraid; C:\Windows\System32\drivers\nvraid.sys [150368 2013-08-22] (NVIDIA Corporation)
S0 nvstor; C:\Windows\System32\drivers\nvstor.sys [168288 2013-08-22] (NVIDIA Corporation)
S0 nv_agp; C:\Windows\System32\drivers\nv_agp.sys [124768 2013-08-22] (Microsoft Corporation)
S3 Parport; C:\Windows\System32\drivers\parport.sys [94208 2013-08-22] (Microsoft Corporation)
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [88896 2014-10-15] (Microsoft Corporation)
R0 pci; C:\Windows\System32\drivers\pci.sys [280384 2014-07-24] (Microsoft Corporation)
S0 pciide; C:\Windows\System32\drivers\pciide.sys [14688 2013-08-22] (Microsoft Corporation)
S0 pcmcia; C:\Windows\System32\drivers\pcmcia.sys [114528 2013-08-22] (Microsoft Corporation)
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50016 2013-08-22] (Microsoft Corporation)
R0 pdc; C:\Windows\System32\drivers\pdc.sys [86336 2014-10-17] (Microsoft Corporation)
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [663040 2014-03-18] (Microsoft Corporation)
S3 Processor; C:\Windows\System32\drivers\processr.sys [92160 2013-08-22] (Microsoft Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2014-07-26] (Dritek System Inc.)
R1 Psched; C:\Windows\system32\DRIVERS\pacer.sys [151040 2014-10-29] (Microsoft Corporation)
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [47104 2014-10-29] (Microsoft Corporation)
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [17408 2014-10-29] (Microsoft Corporation)
S3 RasPppoe; C:\Windows\system32\DRIVERS\raspppoe.sys [84992 2013-08-22] (Microsoft Corporation)
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [408576 2014-03-18] (Microsoft Corporation)
R3 rdpbus; C:\Windows\System32\drivers\rdpbus.sys [22528 2013-08-22] (Microsoft Corporation)
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [195584 2014-03-18] (Microsoft Corporation)
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [27456 2014-10-29] (Microsoft Corporation)
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [249688 2014-03-18] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [921920 2014-10-15] (Microsoft Corporation)
R3 RFCOMM; C:\Windows\System32\drivers\rfcomm.sys [167424 2015-01-30] (Microsoft Corporation)
R2 rspndr; C:\Windows\system32\DRIVERS\rspndr.sys [80384 2013-08-22] (Microsoft Corporation)
S3 s3cap; C:\Windows\System32\drivers\vms3cap.sys [7168 2013-08-22] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 sbp2port; C:\Windows\System32\drivers\sbp2port.sys [107872 2013-08-22] (Microsoft Corporation)
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [40960 2014-10-29] (Microsoft Corporation)
R3 sdbus; C:\Windows\System32\drivers\sdbus.sys [239424 2015-03-13] (Microsoft Corporation)
S3 sdstor; C:\Windows\System32\drivers\sdstor.sys [79192 2014-03-18] (Microsoft Corporation)
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2013-08-22] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 SerCx; C:\Windows\System32\drivers\SerCx.sys [69472 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-03-18] (Microsoft Corporation)
S3 Serenum; C:\Windows\System32\drivers\serenum.sys [23040 2013-08-22] (Microsoft Corporation)
S3 Serial; C:\Windows\System32\drivers\serial.sys [83456 2013-08-22] (Microsoft Corporation)
S3 sermouse; C:\Windows\System32\drivers\sermouse.sys [26112 2014-11-04] (Microsoft Corporation)
S3 sfloppy; C:\Windows\System32\drivers\sfloppy.sys [17408 2013-08-22] (Microsoft Corporation)
S0 SiSRaid2; C:\Windows\System32\drivers\SiSRaid2.sys [44896 2013-08-22] (Silicon Integrated Systems Corp.)
S0 SiSRaid4; C:\Windows\System32\drivers\sisraid4.sys [81760 2013-08-22] (Silicon Integrated Systems)
R0 spaceport; C:\Windows\System32\drivers\spaceport.sys [415040 2014-10-29] (Microsoft Corporation)
S3 SpbCx; C:\Windows\System32\drivers\SpbCx.sys [72032 2013-08-22] (Microsoft Corporation)
R2 srv; C:\Windows\System32\DRIVERS\srv.sys [412160 2014-07-24] (Microsoft Corporation)
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [678400 2014-10-08] (Microsoft Corporation)
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [246272 2014-06-27] (Microsoft Corporation)
S0 stexstor; C:\Windows\System32\drivers\stexstor.sys [31072 2013-08-22] (Promise Technology, Inc.)
R0 storahci; C:\Windows\System32\drivers\storahci.sys [107872 2013-08-22] (Microsoft Corporation)
S0 storflt; C:\Windows\System32\drivers\vmstorfl.sys [49944 2014-10-29] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2014-03-18] (Microsoft Corporation)
S0 storvsc; C:\Windows\System32\drivers\storvsc.sys [45888 2013-08-22] (Microsoft Corporation)
R3 swenum; C:\Windows\System32\drivers\swenum.sys [14144 2014-10-29] (Microsoft Corporation)
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [2485056 2014-11-10] (Microsoft Corporation)
S3 TCPIP6; C:\Windows\system32\DRIVERS\tcpip.sys [2485056 2014-11-10] (Microsoft Corporation)
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [49152 2014-08-24] (Microsoft Corporation)
R1 tdx; C:\Windows\system32\DRIVERS\tdx.sys [107520 2013-08-22] (Microsoft Corporation)
R3 teamviewervpn; C:\Windows\system32\DRIVERS\teamviewervpn.sys [35112 2015-05-20] (TeamViewer GmbH)
S3 terminpt; C:\Windows\System32\drivers\terminpt.sys [37216 2014-03-18] (Microsoft Corporation)
S3 TPM; C:\Windows\system32\drivers\tpm.sys [159584 2013-08-22] (Microsoft Corporation)
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [56320 2013-08-22] (Microsoft Corporation)
S3 TsUsbGD; C:\Windows\System32\drivers\TsUsbGD.sys [29696 2014-10-29] (Microsoft Corporation)
R3 tunnel; C:\Windows\system32\DRIVERS\tunnel.sys [154112 2013-08-22] (Microsoft Corporation)
S0 uagp35; C:\Windows\System32\drivers\uagp35.sys [64864 2013-08-22] (Microsoft Corporation)
S3 UASPStor; C:\Windows\System32\drivers\uaspstor.sys [74080 2013-08-22] (Microsoft Corporation)
R3 UBHelper; C:\Windows\system32\drivers\UBHelper.sys [17408 2010-07-09] (NTI Corporation)
R3 UCX01000; C:\Windows\System32\drivers\ucx01000.sys [189248 2014-10-07] (Microsoft Corporation)
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [316416 2015-03-13] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S0 uliagpkx; C:\Windows\System32\drivers\uliagpkx.sys [65888 2013-08-22] (Microsoft Corporation)
R3 umbus; C:\Windows\System32\drivers\umbus.sys [46080 2013-08-22] (Microsoft Corporation)
S3 UmPass; C:\Windows\System32\drivers\umpass.sys [11776 2013-08-22] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.)
S3 usbaudio; C:\Windows\system32\drivers\usbaudio.sys [121088 2014-03-18] (Microsoft Corporation)
R3 usbccgp; C:\Windows\System32\drivers\usbccgp.sys [143680 2014-07-24] (Microsoft Corporation)
S3 usbcir; C:\Windows\System32\drivers\usbcir.sys [98304 2014-10-29] (Microsoft Corporation)
R3 usbehci; C:\Windows\System32\drivers\usbehci.sys [89944 2014-08-24] (Microsoft Corporation)
R3 usbfilter; C:\Windows\system32\DRIVERS\usbfilter.sys [58536 2013-03-08] (Advanced Micro Devices)
R3 usbhub; C:\Windows\System32\drivers\usbhub.sys [419648 2014-07-24] (Microsoft Corporation)
R3 USBHUB3; C:\Windows\System32\drivers\UsbHub3.sys [467776 2015-03-17] (Microsoft Corporation)
R3 usbohci; C:\Windows\System32\drivers\usbohci.sys [30208 2013-08-22] (Microsoft Corporation)
S3 usbprint; C:\Windows\System32\drivers\usbprint.sys [26112 2013-08-22] (Microsoft Corporation)
S3 USBSTOR; C:\Windows\System32\drivers\USBSTOR.SYS [148800 2014-08-31] (Microsoft Corporation)
S3 usbuhci; C:\Windows\System32\drivers\usbuhci.sys [37376 2014-08-24] (Microsoft Corporation)
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [212736 2014-06-21] (Microsoft Corporation)
R3 USBXHCI; C:\Windows\System32\drivers\USBXHCI.SYS [325464 2015-04-16] (Microsoft Corporation)
S3 usb_rndisx; C:\Windows\system32\DRIVERS\usb8023x.sys [20992 2013-08-22] (Microsoft Corporation)
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [37728 2013-08-22] (Microsoft Corporation)
S3 VerifierExt; C:\Windows\System32\drivers\VerifierExt.sys [175960 2014-03-18] (Microsoft Corporation)
S3 vhdmp; C:\Windows\System32\drivers\vhdmp.sys [551232 2014-10-29] (Microsoft Corporation)
S0 viaide; C:\Windows\System32\drivers\viaide.sys [19808 2013-08-22] (VIA Technologies, Inc.)
S0 vmbus; C:\Windows\System32\drivers\vmbus.sys [97048 2014-10-29] (Microsoft Corporation)
S3 VMBusHID; C:\Windows\System32\drivers\VMBusHID.sys [21760 2013-08-22] (Microsoft Corporation)
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [73568 2013-08-22] (Microsoft Corporation)
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [377696 2013-08-22] (Microsoft Corporation)
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [310080 2014-06-19] (Microsoft Corporation)
S3 vpci; C:\Windows\System32\drivers\vpci.sys [69952 2014-10-07] (Microsoft Corporation)
S0 vsmraid; C:\Windows\System32\drivers\vsmraid.sys [168800 2013-08-22] (VIA Technologies Inc.,Ltd)
S0 VSTXRAID; C:\Windows\System32\drivers\vstxraid.sys [305504 2013-08-22] (VIA Corporation)
R3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [24576 2013-08-22] (Microsoft Corporation)
R1 vwififlt; C:\Windows\system32\DRIVERS\vwififlt.sys [71680 2014-04-30] (Microsoft Corporation)
R3 vwifimp; C:\Windows\system32\DRIVERS\vwifimp.sys [38912 2014-04-30] (Microsoft Corporation)
S3 WacomPen; C:\Windows\System32\drivers\wacompen.sys [26752 2013-08-22] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-04] (Microsoft Corporation)
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [839488 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-04] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R0 WFPLWFS; C:\Windows\System32\DRIVERS\wfplwfs.sys [136512 2014-11-10] (Microsoft Corporation)
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [33600 2014-10-29] (Microsoft Corporation)
R3 WmiAcpi; C:\Windows\System32\drivers\wmiacpi.sys [16384 2013-08-22] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-08-24] (Microsoft Corporation)
S3 wpcfltr; C:\Windows\System32\DRIVERS\wpcfltr.sys [54784 2014-10-29] (Microsoft Corporation)
S3 WpdUpFltr; C:\Windows\System32\drivers\WpdUpFltr.sys [26976 2013-08-22] (Microsoft Corporation)
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2013-08-22] (Microsoft Corporation)
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [113664 2014-10-29] (Microsoft Corporation)
S3 WUDFRd; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 WUDFWpdFs; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-16 11:01 - 2015-06-16 11:02 - 00088693 ____C C:\Users\Picard\Desktop\FRST.txt
2015-06-15 18:42 - 2015-06-15 18:42 - 21546080 ____C (Malwarebytes Corporation ) C:\Users\Picard\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-15 18:42 - 2015-06-15 18:42 - 02945429 ____C (Thisisu) C:\Users\Picard\Desktop\JRT.exe
2015-06-15 18:41 - 2015-06-15 18:41 - 02231296 ____C C:\Users\Picard\Desktop\AdwCleaner_4.206.exe
2015-06-15 16:51 - 2015-06-15 16:51 - 00000000 ____C C:\Users\Picard\defogger_reenable
2015-06-15 16:33 - 2015-06-15 16:33 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\SUPERAntiSpyware.com
2015-06-15 16:32 - 2015-06-15 16:33 - 00000000 ___DC C:\Program Files\SUPERAntiSpyware
2015-06-15 16:32 - 2015-06-15 16:32 - 00001828 ____C C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-06-15 16:32 - 2015-06-15 16:32 - 00000000 ___DC C:\ProgramData\SUPERAntiSpyware.com
2015-06-15 16:32 - 2015-06-15 16:32 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-06-15 15:42 - 2015-06-15 21:38 - 00000231 ____C C:\WINDOWS\setupact.log
2015-06-15 15:42 - 2015-06-15 15:42 - 00000000 ____C C:\WINDOWS\setuperr.log
2015-06-15 15:41 - 2015-06-15 15:42 - 05097616 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-15 07:23 - 2015-06-15 07:23 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-15 07:23 - 2015-06-15 07:23 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-15 07:23 - 2015-06-15 07:23 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-15 06:40 - 2015-06-15 21:54 - 00152969 ____C C:\WINDOWS\WindowsUpdate.log
2015-06-14 23:31 - 2015-06-14 23:30 - 00450771 ___RC C:\WINDOWS\system32\Drivers\etc\hosts.20150614-233136.backup
2015-06-14 23:30 - 2013-08-22 15:25 - 00000824 ____C C:\WINDOWS\system32\Drivers\etc\hosts.20150614-233012.backup
2015-06-14 23:25 - 2015-06-14 23:25 - 00000000 ___DC C:\Users\Picard\Documents\ProcAlyzer Dumps
2015-06-14 22:20 - 2015-06-15 06:13 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy
2015-06-14 22:20 - 2015-06-14 22:25 - 00000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-06-14 22:20 - 2015-06-14 22:20 - 00000000 ___DC C:\WINDOWS\System32\Tasks\Safer-Networking
2015-06-14 22:20 - 2013-09-20 10:49 - 00021040 ____C (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2015-06-14 22:02 - 2015-06-15 16:45 - 02109952 ____C (Farbar) C:\Users\Picard\Desktop\FRST64.exe
2015-06-14 22:02 - 2015-06-14 20:38 - 00781312 ___RC C:\Users\Picard\Desktop\delfix_1.010.exe
2015-06-14 22:02 - 2015-06-14 20:38 - 00448512 ___RC (OldTimer Tools) C:\Users\Picard\Desktop\TFC.exe
2015-06-14 22:02 - 2015-06-14 20:38 - 00050477 ___RC C:\Users\Picard\Desktop\Defogger.exe
2015-06-14 22:02 - 2015-06-14 20:28 - 01107968 ___RC C:\Users\Picard\Desktop\RSIT.exe
2015-06-14 22:02 - 2015-06-14 20:28 - 00380416 ___RC C:\Users\Picard\Desktop\Gmer-19357.exe
2015-06-14 22:02 - 2015-06-14 20:27 - 01137360 ___RC (F-Secure Corporation) C:\Users\Picard\Desktop\fsbl.exe
2015-06-14 22:02 - 2015-06-14 19:35 - 52822240 ___RC (Microsoft Corporation) C:\Users\Picard\Desktop\Windows-KB890830-x64-V5.25.exe
2015-06-14 22:02 - 2015-06-14 19:01 - 01988928 ___RC (Kaspersky Lab) C:\Users\Picard\Desktop\kss15.0.0.737en_ru_de_fr_es_it_zh-hans_pl_tr_nl_cs_7691.exe
2015-06-14 22:02 - 2015-06-14 19:00 - 172834064 ___RC (Microsoft Corporation) C:\Users\Picard\Desktop\msert.exe
2015-06-14 22:02 - 2015-06-14 19:00 - 00388608 ___RC (Trend Micro Inc.) C:\Users\Picard\Desktop\HijackThis.exe
2015-06-14 22:02 - 2015-06-14 18:57 - 22171408 ___RC (SUPERAntiSpyware) C:\Users\Picard\Desktop\SUPERAntiSpyware.exe
2015-06-14 21:24 - 2015-06-14 21:23 - 00097888 ____C (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-06-14 21:23 - 2015-06-14 21:23 - 00000000 ___DC C:\Program Files (x86)\Java
2015-06-14 20:46 - 2015-06-14 20:55 - 00000000 ___DC C:\Program Files (x86)\trend micro
2015-06-14 20:46 - 2015-06-14 20:46 - 00000000 ___DC C:\rsit
2015-06-14 20:03 - 2015-06-14 20:03 - 00001098 ____C C:\WINDOWS\system32\.crusader
2015-06-14 20:01 - 2015-06-14 20:01 - 00001982 ____C C:\WINDOWS\system32\start.txt
2015-06-14 15:14 - 1998-04-24 00:00 - 00368912 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbar332.dll
2015-06-14 12:47 - 2015-06-14 19:56 - 00000000 __HDC C:\Drm
2015-06-10 21:52 - 2015-05-27 16:35 - 24917504 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 21:52 - 2015-05-27 16:08 - 19607040 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 21:52 - 2015-05-23 05:15 - 00503808 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 21:52 - 2015-05-23 05:14 - 00341504 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 21:52 - 2015-05-23 05:10 - 02278912 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 21:52 - 2015-05-23 05:05 - 00664064 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 21:52 - 2015-05-23 05:04 - 00620032 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 21:52 - 2015-05-23 04:48 - 00076288 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 21:52 - 2015-05-23 04:47 - 04305920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 21:52 - 2015-05-23 04:47 - 00285696 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 21:52 - 2015-05-23 04:47 - 00128000 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 21:52 - 2015-05-23 04:43 - 00880128 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 21:52 - 2015-05-23 04:38 - 00689152 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 21:52 - 2015-05-23 04:38 - 00327168 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 21:52 - 2015-05-23 04:37 - 02052608 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 21:52 - 2015-05-23 04:28 - 12829696 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 21:52 - 2015-05-23 04:28 - 01042944 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 21:52 - 2015-05-23 04:20 - 01950720 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 21:52 - 2015-05-23 04:16 - 01309696 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 21:52 - 2015-05-23 04:14 - 00710144 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 21:52 - 2015-05-22 21:00 - 02885632 ____C (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 21:52 - 2015-05-22 21:00 - 00584192 ____C (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 21:52 - 2015-05-22 21:00 - 00417792 ____C (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 21:52 - 2015-05-22 20:52 - 06026240 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 21:52 - 2015-05-22 20:48 - 00633856 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 21:52 - 2015-05-22 20:47 - 00816640 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 21:52 - 2015-05-22 20:47 - 00814080 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 21:52 - 2015-05-22 20:24 - 00092160 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 21:52 - 2015-05-22 20:23 - 00145408 ____C (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 21:52 - 2015-05-22 20:21 - 00316928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 21:52 - 2015-05-22 20:15 - 01032704 ____C (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 21:52 - 2015-05-22 20:09 - 00262144 ____C (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 21:52 - 2015-05-22 20:08 - 00374272 ____C (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 21:52 - 2015-05-22 20:06 - 00801280 ____C (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 21:52 - 2015-05-22 20:05 - 02125824 ____C (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 21:52 - 2015-05-22 19:57 - 14404096 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 21:52 - 2015-05-22 19:50 - 02426880 ____C (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 21:52 - 2015-05-22 19:49 - 02865152 ____C (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 21:52 - 2015-05-22 19:38 - 01545728 ____C (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 21:52 - 2015-05-22 19:26 - 00800768 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 21:50 - 2015-05-21 18:47 - 04177920 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-10 21:50 - 2015-04-25 04:34 - 00653824 ____C (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 21:50 - 2015-04-25 04:33 - 00549888 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-08 23:39 - 2015-06-14 14:09 - 00000000 ___DC C:\Program Files\HitmanPro
2015-06-08 23:38 - 2015-06-14 20:03 - 00000000 ___DC C:\ProgramData\HitmanPro
2015-06-08 23:32 - 2015-06-08 23:32 - 00000207 ____C C:\WINDOWS\tweaking.com-regbackup-ENTERPRISE-Windows-8.1-(64-bit).dat
2015-06-08 23:32 - 2015-06-08 23:32 - 00000000 ___DC C:\RegBackup
2015-06-08 23:25 - 2015-06-15 19:07 - 00000000 ___DC C:\AdwCleaner
2015-06-08 23:14 - 2015-06-16 11:01 - 00000000 ___DC C:\FRST
2015-06-08 03:33 - 2015-06-08 03:33 - 00000000 ___DC C:\Program Files (x86)\WinHTTrack
2015-06-06 13:16 - 2015-06-06 13:16 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\UBitMenu
2015-06-06 12:15 - 2015-06-06 12:15 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\NetDrive2
2015-06-06 12:09 - 2015-06-08 22:11 - 00000000 ___DC C:\ProgramData\NetDrive2
2015-06-06 12:09 - 2015-06-06 12:09 - 00000000 ___DC C:\Program Files\NetDrive
2015-06-06 12:09 - 2015-05-22 12:17 - 00123688 ____C (EldoS Corporation) C:\WINDOWS\system32\cbfsNetRdr5.dll
2015-06-06 12:09 - 2015-05-22 12:17 - 00009000 ____C (EldoS Corporation) C:\WINDOWS\system32\elevtmsg.dll
2015-06-06 12:09 - 2015-05-22 12:16 - 00224040 ____C (EldoS Corporation) C:\WINDOWS\SysWOW64\cbfsNetRdr5.dll
2015-06-06 12:09 - 2015-05-22 12:16 - 00186152 ____C (EldoS Corporation) C:\WINDOWS\system32\cbfsMntNtf5.dll
2015-06-06 12:09 - 2015-05-22 12:15 - 00159528 ____C (EldoS Corporation) C:\WINDOWS\SysWOW64\cbfsMntNtf5.dll
2015-06-06 12:09 - 2015-05-22 11:55 - 00422080 ____C (EldoS Corporation) C:\WINDOWS\system32\Drivers\cbfs5.sys
2015-06-05 10:58 - 2015-06-05 10:58 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\iterate_GmbH
2015-06-05 09:46 - 2015-06-05 09:46 - 00000000 _SHDC C:\Users\Picard\wc
2015-06-05 09:46 - 2015-06-05 09:46 - 00000000 _SHDC C:\Users\Picard\AppData\Roaming\wyUpdate AU
2015-06-05 09:46 - 2015-06-05 09:46 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\Cyberduck
2015-06-05 09:27 - 2015-06-14 21:46 - 00000000 ___DC C:\Users\Picard\Documents\Outlook-Dateien
2015-06-05 08:59 - 2015-06-05 08:59 - 00001255 ____C C:\WINDOWS\system32\TeamViewer10_Hooks.log
2015-06-04 08:20 - 2015-05-25 15:23 - 00036864 ____C (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-04 08:20 - 2015-05-25 15:07 - 01430528 ____C (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-04 08:20 - 2015-05-22 15:08 - 00700416 ____C (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-04 08:20 - 2015-05-21 15:08 - 01119232 ____C (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-04 08:20 - 2015-05-21 15:08 - 01020928 ____C (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-04 08:20 - 2015-05-21 15:08 - 00756736 ____C (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-04 08:20 - 2015-05-21 15:08 - 00422912 ____C (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-04 08:20 - 2015-05-21 15:08 - 00193536 ____C (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-04 08:20 - 2015-05-21 15:08 - 00045568 ____C (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-04 08:20 - 2015-05-16 00:01 - 00133288 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-06-04 08:20 - 2015-05-15 23:05 - 00066048 ____C (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-06-04 08:20 - 2015-05-15 22:47 - 00355328 ____C (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-06-04 08:20 - 2015-05-15 22:23 - 00027136 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-06-04 08:20 - 2015-05-15 21:42 - 03682304 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-06-04 08:20 - 2015-05-15 21:32 - 00035840 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-06-04 08:20 - 2015-05-15 21:31 - 00140288 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-06-04 08:20 - 2015-05-15 21:28 - 02223104 ____C (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-06-04 08:20 - 2015-05-15 21:28 - 00408064 ____C (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-06-04 08:20 - 2015-05-15 21:28 - 00095744 ____C (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-06-04 08:20 - 2015-05-15 21:27 - 00891904 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-06-04 08:20 - 2015-05-15 21:21 - 00124928 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-06-04 08:20 - 2015-05-15 21:21 - 00029696 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-06-04 08:20 - 2015-05-15 21:19 - 00721920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-06-04 08:20 - 2015-05-15 21:19 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-06-04 08:20 - 2015-04-17 00:07 - 00227328 ____C (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-04 00:10 - 2015-06-04 08:37 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2015-06-02 10:29 - 2015-06-02 10:29 - 00000000 ___DC C:\Users\Picard\AppData\Local\GWX
2015-05-27 10:38 - 2015-06-05 11:31 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\Zoiper
2015-05-27 10:33 - 2015-05-27 10:33 - 00000000 ___DC C:\Program Files (x86)\Zoiper
2015-05-27 10:18 - 2015-05-27 10:18 - 00000000 ___DC C:\Users\Picard\AppData\Local\GN_Netcom_A_S
2015-05-27 10:15 - 2015-05-27 10:15 - 00000000 ___DC C:\ProgramData\Jabra
2015-05-27 10:05 - 2015-05-27 10:05 - 00000094 ____C C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-05-27 10:05 - 2015-05-27 10:05 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\Jabra
2015-05-27 10:03 - 2015-06-06 12:11 - 00000000 ___DC C:\ProgramData\Package Cache
2015-05-27 10:03 - 2015-05-27 10:03 - 00000000 ___DC C:\Program Files (x86)\Jabra
2015-05-27 09:58 - 2015-06-06 12:04 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\InfoClick
2015-05-27 09:58 - 2015-05-27 09:58 - 00000000 ___DC C:\ProgramData\InfoClick
2015-05-27 09:58 - 2015-05-27 09:58 - 00000000 ___DC C:\Program Files (x86)\CAS-PIA
2015-05-27 09:56 - 2015-05-27 09:58 - 00000000 ___DC C:\Program Files (x86)\CAS-Software
2015-05-27 09:56 - 2015-05-27 09:57 - 00000000 ___DC C:\Users\Picard\AppData\Local\Downloaded Installations
2015-05-27 09:43 - 2015-05-27 09:43 - 00000000 ___DC C:\WINDOWS\PCHEALTH
2015-05-27 09:43 - 2015-05-27 09:43 - 00000000 ___DC C:\Program Files (x86)\Microsoft Synchronization Services
2015-05-27 09:43 - 2015-05-27 09:43 - 00000000 ___DC C:\Program Files (x86)\Microsoft Sync Framework
2015-05-27 09:43 - 2015-05-27 09:43 - 00000000 ___DC C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-05-27 09:43 - 2014-08-14 14:12 - 00517632 ____C (www.ipcom.at) C:\WINDOWS\system32\siptapi.tsp
2015-05-27 09:42 - 2015-05-27 09:42 - 00000000 ___DC C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-05-27 09:40 - 2015-05-27 09:40 - 00000000 ___DC C:\Program Files\Microsoft Office
2015-05-27 09:40 - 2015-05-27 09:40 - 00000000 ___DC C:\Program Files (x86)\Microsoft Analysis Services
2015-05-27 09:39 - 2015-05-27 09:43 - 00000000 ___DC C:\MS Office
2015-05-27 09:39 - 2015-05-27 09:39 - 00000000 _RHDC C:\MSOCache
2015-05-27 08:51 - 2015-05-27 09:03 - 00000000 ___DC C:\Program Files (x86)\Google
2015-05-27 08:51 - 2015-05-27 09:02 - 00000000 ___DC C:\Users\Picard\AppData\Local\Google
2015-05-26 22:07 - 2015-06-05 09:27 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\TeamViewer
2015-05-26 22:07 - 2015-05-20 19:15 - 00035112 ____C (TeamViewer GmbH) C:\WINDOWS\system32\Drivers\teamviewervpn.sys
2015-05-26 22:06 - 2015-06-09 10:39 - 00000000 ___DC C:\Program Files (x86)\TeamViewer
2015-05-26 20:44 - 2015-05-26 20:44 - 00000000 ___DC C:\Program Files\Microsoft Silverlight
2015-05-26 20:44 - 2015-05-26 20:44 - 00000000 ___DC C:\Program Files (x86)\Microsoft Silverlight
2015-05-26 20:43 - 2015-04-09 00:41 - 00158720 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-05-26 20:43 - 2015-04-09 00:07 - 00410336 ____C C:\WINDOWS\system32\ApnDatabase.xml
2015-05-26 20:43 - 2015-04-02 00:42 - 03097600 ____C (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-05-26 20:43 - 2015-04-02 00:30 - 02483712 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-05-26 20:43 - 2015-03-20 05:49 - 00309760 ____C (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-05-26 20:43 - 2015-03-20 05:08 - 00477184 ____C (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-05-26 20:43 - 2015-03-20 04:37 - 00367104 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-05-26 20:43 - 2015-03-20 04:07 - 01091072 ____C (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-05-26 20:43 - 2015-03-02 03:43 - 00222208 ____C (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-05-26 20:43 - 2015-03-02 03:21 - 00207872 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-05-26 20:42 - 2015-04-16 08:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-05-26 20:42 - 2015-04-14 00:37 - 00275968 ____C (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-05-26 20:42 - 2015-04-14 00:34 - 00180224 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-05-26 20:42 - 2015-04-10 02:40 - 01249280 ____C (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-05-26 20:42 - 2015-04-10 02:17 - 01018880 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-05-26 20:42 - 2015-04-01 06:21 - 00337408 ____C (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-05-26 20:42 - 2015-04-01 06:18 - 00468480 ____C (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-05-26 20:42 - 2015-04-01 06:17 - 00248832 ____C (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-05-26 20:42 - 2015-04-01 06:08 - 00774144 ____C (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-05-26 20:42 - 2015-04-01 05:46 - 03633664 ____C (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-05-26 20:42 - 2015-04-01 05:17 - 02551808 ____C (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-05-26 20:42 - 2015-04-01 05:17 - 00903168 ____C (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-05-26 20:42 - 2015-04-01 04:53 - 00391680 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-05-26 20:42 - 2015-04-01 04:53 - 00272896 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-05-26 20:42 - 2015-04-01 04:45 - 02749952 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-05-26 20:42 - 2015-04-01 04:45 - 00699392 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-05-26 20:42 - 2015-04-01 04:14 - 01920000 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-05-26 20:42 - 2015-04-01 04:12 - 00710144 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-16 11:00 - 2013-08-22 17:36 - 00000000 ___DC C:\WINDOWS\system32\sru
2015-06-16 10:36 - 2015-05-01 20:54 - 00000884 ____C C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-16 07:47 - 2014-08-24 12:14 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5DF3FC2E-3DF6-4C72-8F97-0A77B81A3A5B}
2015-06-15 21:40 - 2015-03-28 21:50 - 00000000 ___DC C:\Users\Picard\AppData\Local\Deployment
2015-06-15 21:40 - 2014-07-26 22:20 - 00000000 ___DC C:\Users\Picard\Documents\Bluetooth Folder
2015-06-15 21:38 - 2013-08-22 16:45 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2015-06-15 19:46 - 2014-07-26 21:55 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2305788995-4209846984-3758418705-1001
2015-06-15 19:28 - 2015-03-31 17:11 - 00136408 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-15 19:12 - 2014-08-24 13:09 - 02594042 ____C C:\Users\Public\CAFADEBUG.log
2015-06-15 19:05 - 2014-09-08 12:18 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\ClassicShell
2015-06-15 16:51 - 2014-08-24 11:19 - 00000000 ___DC C:\Users\Picard
2015-06-15 08:04 - 2015-03-31 17:42 - 00000000 ___DC C:\Program Files\Blue Coat K9 Web Protection
2015-06-15 07:57 - 2012-07-26 09:59 - 00000000 ___DC C:\WINDOWS\CbsTemp
2015-06-15 06:37 - 2014-08-24 13:13 - 00000000 ___DC C:\Users\Picard\AppData\Local\CrashDumps
2015-06-15 06:26 - 2015-03-29 10:52 - 00000000 __HDC C:\Shared
2015-06-14 22:22 - 2015-03-31 17:58 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sicherheit
2015-06-14 22:21 - 2015-03-29 20:39 - 00000000 __RDC C:\Quick Launch
2015-06-14 21:24 - 2015-04-03 18:59 - 00000000 ___DC C:\ProgramData\Oracle
2015-06-14 17:52 - 2015-03-29 07:48 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System
2015-06-14 16:53 - 2015-03-31 16:16 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\Free Download Manager
2015-06-14 16:50 - 2015-04-01 17:37 - 00000000 _SHDC C:\Users\Picard\AppData\Local\EmieBrowserModeList
2015-06-14 16:50 - 2014-08-24 12:14 - 00000000 _SHDC C:\Users\Picard\AppData\Local\EmieUserList
2015-06-14 16:50 - 2014-08-24 12:14 - 00000000 _SHDC C:\Users\Picard\AppData\Local\EmieSiteList
2015-06-14 16:27 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-14 16:16 - 2013-08-22 17:36 - 00000000 ___DC C:\WINDOWS\AppReadiness
2015-06-14 15:12 - 2015-03-31 17:13 - 00000000 ___DC C:\Users\Picard\Documents\Calibre-Bibliothek
2015-06-14 14:26 - 2014-03-18 12:03 - 01776918 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-14 14:26 - 2014-03-18 11:25 - 00765582 ____C C:\WINDOWS\system32\perfh007.dat
2015-06-14 14:26 - 2014-03-18 11:25 - 00159366 ____C C:\WINDOWS\system32\perfc007.dat
2015-06-11 11:15 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-11 09:16 - 2013-08-22 17:36 - 00000000 ___DC C:\WINDOWS\PolicyDefinitions
2015-06-10 22:26 - 2015-03-29 11:38 - 00000000 ___DC C:\ProgramData\Microsoft Help
2015-06-10 22:22 - 2014-08-22 17:42 - 00000000 ___DC C:\WINDOWS\system32\MRT
2015-06-10 22:15 - 2014-08-22 17:42 - 140135120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-10 22:12 - 2012-07-26 07:26 - 00000199 ____C C:\WINDOWS\win.ini
2015-06-09 21:28 - 2015-03-29 11:38 - 00000000 ___DC C:\Users\Picard\AppData\Local\Microsoft Help
2015-06-09 14:47 - 2014-03-18 11:40 - 00000000 ___DC C:\Program Files\Windows Journal
2015-06-08 22:59 - 2015-03-31 17:09 - 00000000 ___DC C:\Program Files\CCleaner
2015-06-08 22:59 - 2015-03-29 07:47 - 00000000 __RDC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet
2015-06-06 12:15 - 2014-07-26 21:48 - 00000000 ___DC C:\Users\Picard\AppData\Local\VirtualStore
2015-06-05 12:10 - 2015-03-28 17:38 - 00000000 __RDC C:\Program Files (x86)\Skype
2015-06-05 11:16 - 2015-03-29 07:54 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro
2015-06-05 09:59 - 2013-08-22 17:36 - 00000000 ___DC C:\WINDOWS\system32\NDF
2015-06-05 08:52 - 2015-04-09 02:45 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\vlc
2015-06-04 08:37 - 2014-09-08 09:00 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-04 08:35 - 2015-04-08 12:32 - 00000000 ___DC C:\WINDOWS\system32\appraiser
2015-06-04 08:35 - 2015-03-28 19:42 - 00000000 __SDC C:\WINDOWS\system32\CompatTel
2015-06-03 18:18 - 2015-03-28 19:58 - 00792568 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-03 18:18 - 2015-03-28 19:58 - 00178168 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-27 13:12 - 2014-09-08 10:51 - 00000000 ___DC C:\Program Files (x86)\Microsoft Office
2015-05-27 09:41 - 2013-08-22 17:36 - 00000000 ___DC C:\Program Files\Common Files\microsoft shared
2015-05-27 09:40 - 2014-03-18 11:40 - 00000000 ___DC C:\WINDOWS\ShellNew
2015-05-27 09:06 - 2015-03-31 12:12 - 00000000 ___DC C:\Program Files (x86)\WinZip
2015-05-27 04:26 - 2015-03-31 17:10 - 00000000 ___DC C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-26 20:51 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-05-26 20:21 - 2015-03-29 20:54 - 00000000 ___DC C:\Users\Picard\AppData\Local\clear.fi
2015-05-26 20:21 - 2013-03-12 18:59 - 00000000 ___DC C:\Program Files (x86)\Acer
2015-05-26 20:11 - 2014-08-24 11:32 - 00000000 ___DC C:\Program Files (x86)\MSBuild
2015-05-22 05:54 - 2015-03-28 21:11 - 00003108 ____C C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2305788995-4209846984-3758418705-1001
2015-05-22 05:54 - 2015-03-28 21:11 - 00000000 __RDC C:\Users\Picard\OneDrive
2015-05-20 21:51 - 2015-03-28 19:44 - 00000000 __SDC C:\WINDOWS\SysWOW64\GWX
2015-05-20 21:51 - 2015-03-28 19:44 - 00000000 __SDC C:\WINDOWS\system32\GWX
2015-05-18 07:15 - 2015-05-01 20:54 - 00003772 ____C C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-05-18 07:15 - 2015-03-28 20:37 - 00000000 ___DC C:\Users\Picard\AppData\Local\Adobe

==================== Files in the root of some directories =======

2014-07-26 20:45 - 2014-07-26 20:45 - 0000000 ___HC () C:\ProgramData\DP45977C.lfl
2015-05-27 10:05 - 2015-05-27 10:05 - 0000094 ____C () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\clauth1.dll
C:\Windows\SysWOW64\clauth2.dll
C:\Windows\SysWOW64\nsprs.dll
C:\Windows\SysWOW64\serauth1.dll
C:\Windows\SysWOW64\serauth2.dll
C:\Windows\SysWOW64\ssprs.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-15 21:57

==================== End of log ============================
         

Alt 16.06.2015, 10:11   #11
Picard
 
Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL - Standard

Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL



Additional FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Picard at 2015-06-16 11:03:07
Running from C:\Users\Picard\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2305788995-4209846984-3758418705-500 - Administrator - Disabled)
Picard (S-1-5-21-2305788995-4209846984-3758418705-1001 - Administrator - Enabled) => C:\Users\Picard
Gast (S-1-5-21-2305788995-4209846984-3758418705-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3011 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3012 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3125 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3204 - Acer Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 20.2.42.43579 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 20.2.42.43579 - Alcor Micro Corp.) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon Kindle (HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Amazon Kindle) (Version:  - Amazon)
AMD Catalyst Install Manager (HKLM\...\{1B906F85-EA56-5379-F10B-1BA6530240DC}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.5 - Atheros Communications Inc.)
Avaya IP Integration (x32 Version: 1.0.9987.0 - GN Netcom A/S) Hidden
Avaya one-X Integration (x32 Version: 1.0.10041.0 - GN Netcom A/S) Hidden
Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden
Basic Support (x32 Version: 1.0.9944.0 - GN Netcom A/S) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BIZ 2300 Family (x32 Version: 1.0.9881.0 - GN Netcom A/S) Hidden
BIZ 2400 II (x32 Version: 1.0.9855.0 - GN Netcom A/S) Hidden
BIZ2400_II_CCSetup (x32 Version: 1.0.9722.0 - GN Netcom A/S) Hidden
BIZ2400_LINK280 (x32 Version: 1.0.9672.0 - GN Netcom A/S) Hidden
Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.4.276 - Blue Coat Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadsoft Integration (x32 Version: 1.0.9989.0 - GN Netcom A/S) Hidden
calibre 64bit (HKLM\...\{39CE621D-C455-4054-8824-712AAAE0C60C}) (Version: 2.22.0 - Kovid Goyal)
CallManager (x32 Version: 1.0.9717.0 - GN) Hidden
CAS Info@Click (HKLM-x32\...\InfoClick) (Version: 3.0 - CAS Software AG)
CAS PIA Add-Ins (HKLM-x32\...\{370D68EE-D2B7-42D8-A368-A85A300CDF25}) (Version: 5.0 - CAS Software AG)
CAS Smart Add-on (HKLM-x32\...\{BE3AAA51-EAF6-4BD7-B458-9A3D7306075C}) (Version: 1.0.2 - CAS Software AG)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Cisco IP Communicator Integration (x32 Version: 1.0.9990.0 - GN Netcom A/S) Hidden
Cisco Jabber Integration (x32 Version: 1.0.10028.0 - GN Netcom A/S) Hidden
Cisco UC Integration (x32 Version: 1.0.9992.0 - GN Netcom A/S) Hidden
Cisco WebEx Connect Integration (x32 Version: 1.0.9993.0 - GN Netcom A/S) Hidden
Cisco WebEx Connect Integration (x32 Version: 1.0.9994.0 - GN Netcom A/S) Hidden
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3112 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3109 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.2128 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2112 - CyberLink Corp.) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.4.51 - Conexant)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
DFUDriverSetupX64Setup (x32 Version: 1.0.10046.0 - GN Netcom A/S) Hidden
DIAL 550 (x32 Version: 1.0.9655.0 - GN Netcom A/S) Hidden
Djvu2Pdf (HKLM\...\Djvu2Pdf) (Version:  - )
ETDWare PS/2-X64 11.6.27.201_WHQL (HKLM\...\Elantech) (Version: 11.6.27.201 - ELAN Microelectronic Corp.)
EVOLVE20_LINKSetup (x32 Version: 1.0.9882.0 - GN Netcom A/S) Hidden
EVOLVE65Setup (x32 Version: 1.0.9673.0 - GN Netcom A/S) Hidden
f.lux (HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Flux) (Version:  - )
FirmwareUpdater (x32 Version: 1.0.10046.0 - GN) Hidden
Free Download Manager 3.9.4 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
FreeFileSync 6.5 (HKLM-x32\...\FreeFileSync) (Version: 6.5 - Zenju)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
GN2000 Family (x32 Version: 1.0.9657.0 - GN Netcom A/S) Hidden
GO 6470 (x32 Version: 1.0.9674.0 - GN Netcom A/S) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
HANDSET450Setup (x32 Version: 1.0.9659.0 - GN Netcom A/S) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.241 - SurfRight B.V.)
IBM Sametime Integration (x32 Version: 1.0.10059.0 - GN Netcom A/S) Hidden
IBM SPSS Amos 20 (HKLM-x32\...\{58C50F5A-B7E2-4149-8911-B14CEC825F57}) (Version: 20.0.0 - IBM Corp)
IBM SPSS Statistics 21 (HKLM-x32\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Jabra Direct (HKLM-x32\...\{027afb1d-95e4-46ac-94ae-c126fd8c613c}) (Version: 3.0.10078.0 - GN Netcom A/S)
JabraDirect (x32 Version: 3.0.10078.0 - GN Netcom A/S) Hidden
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
JpcsSdkDeviceService (x32 Version: 1.0.9811.0 - GN Netcom A/S) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)
LINK 265 (x32 Version: 1.0.9879.0 - GN Netcom A/S) Hidden
LINK 30/32/33/41 Setup (x32 Version: 1.0.9732.0 - GN Netcom A/S) Hidden
LINK 360 (x32 Version: 1.0.9948.0 - GN Netcom A/S) Hidden
LINK180aSetup (x32 Version: 1.0.9660.0 - GN Netcom A/S) Hidden
LINK220_220ASetup (x32 Version: 1.0.9675.0 - GN Netcom A/S) Hidden
LINK230_260Setup (x32 Version: 1.0.9880.0 - GN Netcom A/S) Hidden
LINK350Setup (x32 Version: 1.0.9676.0 - GN Netcom A/S) Hidden
LINK850Setup (x32 Version: 1.0.9666.0 - GN Netcom A/S) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Acer Incorporated)
Lync Integration (x32 Version: 1.0.9995.0 - GN Netcom A/S) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Maintenance (x32 Version: 10.0.0.0 - GN Netcom A/S) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office 2010 Primary Interop Assemblies (HKLM-x32\...\{90140000-1146-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1150 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.20.00.03 - Huawei Technologies Co.,Ltd)
Motion (x32 Version: 1.0.9681.0 - GN Netcom A/S) Hidden
MOTIONOFFICE (x32 Version: 1.0.9677.0 - GN Netcom A/S) Hidden
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
NEC SP 350 Integration (x32 Version: 1.0.9996.0 - GN Netcom A/S) Hidden
NetDrive2 (HKLM-x32\...\NetDrive2) (Version: 2.5.0.0 - Bdrive Inc.)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9014 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9014 - NTI Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{276FD4A2-030F-8A24-7DFE-9B1384131BCD}) (Version: 1.00.0000 - Ihr Firmenname)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3202 - Acer)
Opera Mail 1.0 (HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Opera 1.0.1040) (Version: 1.0.1040 - Opera Software ASA)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Pdf995 (HKLM-x32\...\Pdf995) (Version: 15.1s - )
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.312.1 - Tracker Software Products Ltd)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PRO 920 and 930 (x32 Version: 1.0.9734.0 - GN Netcom A/S) Hidden
PRO 94X0 Family (x32 Version: 1.0.9668.0 - GN Netcom A/S) Hidden
PRO925_935Setup (x32 Version: 1.0.9678.0 - GN Netcom A/S) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
SDK Integration (x32 Version: 1.0.8564.0 - GN Netcom A/S) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shoretel Integration (x32 Version: 1.0.10047.0 - GN Netcom A/S) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype Integration (x32 Version: 1.0.9999.0 - GN Netcom A/S) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SPEAK 510 Family (x32 Version: 1.0.9679.0 - GN Netcom A/S) Hidden
SPEAK410Setup (x32 Version: 1.0.9636.0 - GN Netcom A/S) Hidden
SPEAK450Setup (x32 Version: 1.0.9637.0 - GN Netcom A/S) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
STEALTH Setup (x32 Version: 1.0.9952.0 - GN Netcom A/S) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)
Supreme (x32 Version: 1.0.9680.0 - GN Netcom A/S) Hidden
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43174 - TeamViewer)
TreeSize Free V3.3.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software)
UBitMenuDE (HKLM-x32\...\{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1) (Version: 01.04 - UBit Schweiz AG)
UC VOICE A Family (x32 Version: 1.0.9669.0 - GN Netcom A/S) Hidden
UC Voice Family (x32 Version: 1.0.9670.0 - GN Netcom A/S) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
Winamp (nur entfernen) (HKLM-x32\...\Winamp) (Version:  - )
WinHTTrack Website Copier 3.48-21 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.48.21 - HTTrack)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinWget version 0.20 beta (HKLM-x32\...\WinWget_is1) (Version: 0.20 - WinWget Team)
WinZip (HKLM-x32\...\WinZip) (Version:  8.1  (4331) - WinZip Computing, Inc.)
Zoiper (HKLM-x32\...\Zoiper) (Version: 3.60 - Securax LTD)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2305788995-4209846984-3758418705-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Picard\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

14-06-2015 20:02:28 Prüfpunkt von HitmanPro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2015-06-14 23:31 - 00450771 ___RC C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {13C16FCC-A0F9-4D65-A4BE-70FAFDE7C858} - \CreateChoiceProcessTask No Task File <==== ATTENTION
Task: {2114BBA4-AD52-43D3-9AC2-C5978DA9C9F9} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-10-23] (Acer Incorporated)
Task: {2C1E71A3-6AB7-4BB8-8E48-DCA2ECCAD2F7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-18] (Adobe Systems Incorporated)
Task: {39BDC01F-CE0B-41BD-85CF-3615A3706EBD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {4700B987-B11B-4187-9952-32E5A7056B14} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-11-06] ()
Task: {505CECC1-2552-4B51-A700-3BE700605641} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {515503D6-640E-47F9-8A3A-0E7E7CE2C6EF} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {557E66B3-3894-407D-BBB1-5041E3616645} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {5988A580-7FE2-4C4C-910C-DB38D88536C8} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {635F0967-47B2-4EC0-8ABE-787122F9BFEB} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {6445E2BB-DCC0-4518-83D9-4CE6FE74F1AB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {705B2E7C-D160-4558-9510-61355B01FFF1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {7C185FF4-1011-4AC2-84C3-62A1DE87BE8D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {8C87D317-26B4-4675-A93B-ECF9F179F30A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {9B21F4D0-BF6C-4FBD-988E-F961C71B255C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {A9D50077-EC97-450F-B62B-153EE4528F04} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {AD6F4FB2-9B72-47EF-8C55-846A824909D7} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {D49D2B68-5781-41E4-B6BB-E4E0513B49C4} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-23] ()
Task: {E2DDB078-9CF7-4079-83E4-EB8E57F9E819} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2305788995-4209846984-3758418705-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {E9491759-7664-4A24-A3A6-0B4446B8F165} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-20] (CyberLink)
Task: {ED63E010-0997-4013-8116-2D1226804981} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-31 15:18 - 2014-03-05 11:18 - 00040448 ____C () C:\WINDOWS\System32\pdf995mon64.dll
2015-03-31 15:01 - 2012-06-21 07:25 - 00113152 ____C () C:\WINDOWS\System32\redmon64.dll
2015-05-26 22:12 - 2015-05-20 19:15 - 00020240 ____C () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 ____C () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-03-29 11:26 - 2008-06-20 00:41 - 00062464 ____C () C:\Program Files (x86)\WinRAR\rarext64.dll
2012-06-22 03:12 - 2012-06-22 03:12 - 01407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-11 18:36 - 2013-01-28 04:49 - 00239184 ____C () C:\ProgramData\MobileBrServ\mbbservice.exe
2015-06-05 02:02 - 2015-06-05 02:02 - 00638008 ____C () C:\Program Files\NetDrive\nd2svc.exe
2013-09-07 01:48 - 2013-09-07 01:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 01:45 - 2013-09-07 01:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 01:52 - 2013-09-07 01:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2012-08-23 00:04 - 2012-08-23 00:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2015-06-05 02:03 - 2015-06-05 02:03 - 01103360 ____C () C:\Program Files\NetDrive\libxml2.dll
2015-06-05 02:03 - 2015-06-05 02:03 - 00120320 ____C () C:\Program Files\NetDrive\jansson.dll
2015-06-05 02:03 - 2015-06-05 02:03 - 00068096 ____C () C:\Program Files\NetDrive\zlib.dll
2015-06-05 02:03 - 2015-06-05 02:03 - 00207360 ____C () C:\Program Files\NetDrive\libevent.dll
2012-11-03 01:38 - 2012-11-03 01:38 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-11-03 01:38 - 2012-11-03 01:38 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2015-06-14 22:20 - 2014-05-13 12:04 - 00109400 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-06-14 22:20 - 2014-05-13 12:04 - 00167768 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-06-14 22:20 - 2014-05-13 12:04 - 00416600 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-06-14 22:20 - 2012-08-23 10:38 - 00574840 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-06-14 22:20 - 2012-04-03 17:06 - 00565640 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\Control Panel\Desktop\\Wallpaper -> C:\Shared\Anwendungen\Wallpapers\Kleines_Schiff.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "Jabra Direct"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{11329D15-BCA5-4C91-AA6D-0A6FB8085916}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{6455D0A8-DC99-4775-BC4E-EA699611F8F4}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{DC869994-02D5-49B5-9A26-46E7D5F713D5}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{01AD020D-3E4E-4A14-9154-E990358F8130}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{2D7C30A0-A7A5-408F-B7F4-8DBA9C2709A6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{D833FC70-D583-4138-AECF-1EE924098ED3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{CFBC7B5D-DAEC-448E-8A63-6541C67C6811}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{B0DB795B-2846-48AA-BACF-BCADDB1DF052}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{A6A64E2B-3E6E-450A-9F69-168559B97464}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{BD85B436-C120-42E1-8A68-E34BF682CAAA}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{0D740EA6-013F-430B-A2A6-29A9E0B3F9E4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{A0F69C6F-08B3-4CF7-AC10-A430CF10A528}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{C8F31CA8-9EE8-4491-9747-47A512ABA240}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{2907AD28-9C38-4014-B1E4-79A93A36C61F}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{CF95C412-5B20-42EA-B1DE-80BC27773112}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{0B78C0A5-C366-4523-B856-376030B03B57}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe
FirewallRules: [{CDFF2BA1-22E6-4A2F-8EB8-4BB8CB7F9644}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
FirewallRules: [{F826BDB2-4D85-4ED4-A7A4-FA1367019B31}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe
FirewallRules: [{1CED0610-C6AB-4CF2-A8DB-6EF66FC54C4F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DC8B11B0-E2B0-4884-BDD8-A945982E448A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{21D8CCDB-0FDE-4FE1-A831-57CEB179F051}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{13FBB834-E7C7-4C9B-B8B0-B0497590723F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{3C1062C6-FF05-4E71-9ADC-3CE378AD770B}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\21\stats.com
FirewallRules: [{1F888926-BC8D-4301-BDE6-FEA7B42A5B18}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\21\WinWrapIDE.exe
FirewallRules: [{DE1F7C9E-24D5-4D3F-85F9-2B9C19AE6C34}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\21\stats.exe
FirewallRules: [{C1A64706-146E-47CB-84D1-B3BEA1F81AD4}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\21\stats.com
FirewallRules: [{10CF9880-1926-4AD2-9F0B-42D3CF0D14E0}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\21\WinWrapIDE.exe
FirewallRules: [{E2AE439A-AF74-467D-A940-DBC780D290E6}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\21\stats.exe
FirewallRules: [TCP Query User{37D73434-1781-4B67-A5A5-7ED74C3D7BF3}C:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe] => (Block) C:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe
FirewallRules: [UDP Query User{77A5B468-1A08-4D04-96D5-C15A70FE458C}C:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe] => (Block) C:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe
FirewallRules: [{B158B0F9-359E-49B9-8CAB-281D2AA49E28}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E44FD9F2-B490-42B5-997C-90778B894DD8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7C6AC574-51F9-4BEA-802C-3D563D50A8DD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2F9019FD-7EAD-4204-8D42-C2104BA2BEB8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5934C2AE-9EFF-4B37-9E18-C1DE43AE87D5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{DC1BAA46-7404-4877-9602-7BCCE972C354}C:\program files (x86)\free download manager\fdm.exe] => (Allow) C:\program files (x86)\free download manager\fdm.exe
FirewallRules: [UDP Query User{FDBF3235-E287-40AF-A46A-EEE729D4D738}C:\program files (x86)\free download manager\fdm.exe] => (Allow) C:\program files (x86)\free download manager\fdm.exe
FirewallRules: [{EC6580CF-4356-44AF-8F44-E8CFAFB3F7BF}] => (Allow) C:\MS Office\Office14\GROOVE.EXE
FirewallRules: [{D7B99E07-E678-4ACD-A080-0D2CBE89683E}] => (Allow) C:\MS Office\Office14\GROOVE.EXE
FirewallRules: [{E2C371F6-0FE7-4B1B-A7E7-D7A48C9EF4DC}] => (Allow) C:\MS Office\Office14\ONENOTE.EXE
FirewallRules: [{4465FEFE-0503-4212-9672-9F564C5188E2}] => (Allow) C:\MS Office\Office14\ONENOTE.EXE
FirewallRules: [{8B28194E-4709-45FE-A3AB-80EA49D57FE0}] => (Allow) C:\MS Office\Office14\outlook.exe
FirewallRules: [TCP Query User{8D375253-646C-4486-903C-CC9F5361E68A}C:\program files (x86)\zoiper\zoiper.exe] => (Allow) C:\program files (x86)\zoiper\zoiper.exe
FirewallRules: [UDP Query User{C85F612E-22DF-4FA3-9E05-C4299CC22921}C:\program files (x86)\zoiper\zoiper.exe] => (Allow) C:\program files (x86)\zoiper\zoiper.exe
FirewallRules: [{8A082332-C8FA-4FC8-B825-6BC7013FD5C7}] => (Allow) C:\program files (x86)\zoiper\zoiper.exe
FirewallRules: [{BF6A31F7-B68F-4830-81A9-336987E04A6E}] => (Allow) C:\program files (x86)\zoiper\zoiper.exe
FirewallRules: [{410E2ABD-9645-44D4-9C53-43C14CCAE903}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3B5EFD74-7430-4846-82E3-28A939FDD673}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3AF02505-3738-4702-9847-05695B07887B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F7B07F1C-DC42-4A32-AC51-6A98FF555189}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E43923AD-A2E2-457B-B0F1-FDD7F611164D}] => (Allow) C:\Program Files\NetDrive\nd2svc.exe
FirewallRules: [{CD6C1497-2AB0-4311-8B6E-C173BB9C450E}] => (Allow) C:\Program Files\NetDrive\nd2svc.exe
FirewallRules: [{CAE65509-114C-4555-AE68-105AF8502B56}] => (Allow) C:\Program Files\NetDrive\NetDrive2.exe
FirewallRules: [{A1043754-F8E0-46B9-B0BD-9BB629B5ABBA}] => (Allow) C:\Program Files\NetDrive\NetDrive2.exe
FirewallRules: [{0678C01B-8267-4BCE-A1ED-B18F48848C0B}] => (Allow) C:\Program Files\NetDrive\nd2cmd.exe
FirewallRules: [{633B4B81-62AF-432E-8A43-4C69A470AB4D}] => (Allow) C:\Program Files\NetDrive\nd2cmd.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/15/2015 09:39:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/15/2015 06:50:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/15/2015 03:43:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/15/2015 03:39:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (06/16/2015 07:39:16 AM) (Source: DCOM) (EventID: 10010) (User: ENTERPRISE)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (06/16/2015 07:38:46 AM) (Source: DCOM) (EventID: 10010) (User: ENTERPRISE)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (06/16/2015 07:21:28 AM) (Source: DCOM) (EventID: 10010) (User: ENTERPRISE)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (06/16/2015 07:20:57 AM) (Source: DCOM) (EventID: 10010) (User: ENTERPRISE)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (06/16/2015 05:57:06 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "HAL9000K",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{3C85B47E-2E8A-445C-909E-9DC5C2DB2090}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/15/2015 09:38:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AMD FUEL Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (06/15/2015 09:38:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst AMD FUEL Service erreicht.

Error: (06/15/2015 07:12:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Blue Coat K9 Web Protection" wurde unerwartet beendet. Dies ist bereits 4 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/15/2015 07:12:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/15/2015 07:12:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ePower Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================
Error: (06/15/2015 09:39:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

Error: (06/15/2015 06:50:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

Error: (06/15/2015 03:43:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

Error: (06/15/2015 03:39:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe


CodeIntegrity Errors:
===================================
  Date: 2015-06-16 10:05:59.013
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-16 10:05:44.886
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-16 10:04:58.443
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-16 10:04:01.214
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-16 10:04:00.933
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-16 08:27:13.721
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-16 08:27:13.377
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-16 08:27:13.018
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-16 08:27:12.659
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-16 08:27:12.268
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: AMD A8-4555M APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 31%
Total physical RAM: 5578.27 MB
Available physical RAM: 3815.98 MB
Total Pagefile: 6474.27 MB
Available Pagefile: 4263.95 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: (ENTERPRISE) (Fixed) (Total:681.89 GB) (Free:264.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: CC577C9F)

Partition: GPT Partition Type.

==================== End of log ============================
         
--- --- ---

Alt 16.06.2015, 11:28   #12
Warlord711
/// TB-Ausbilder
 
Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL - Standard

Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL



Folge mal der Microsoft Anleitung für einen Sauberen Neustart.

Dabei komplett alle Nicht-MS Dienste und Autostart Einträge ausschalten.

Wenn damit kein Firefox erscheint, nach und nach die Dienste und dann die Autostart Einträge wieder aktivieren, bis der Schuldige gefunden ist.

https://support.microsoft.com/de-de/kb/929135
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 16.06.2015, 14:09   #13
Picard
 
Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL - Standard

Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL



Also ich habe Folgendes mehrmals in verschiedenen Kombinationen von Diensten und Dateien (möglichst viele) gemacht:

1. Adminkonto in Konsole aktiviert ("net user administrator /active:yes")
2. Alle Dienste über msconfig deaktiviert
3. Einige Autostartelemente deaktiviert, die mir unbekannt erschienen (im Taskmanager)
4. Neustart

Jedes Mal ging FF auf.

Der Fehler bei jedem Start stellt sich in der zeitlichen Reihenfolge ziemlich genau so dar - und ich glaube inzwischen, dass das ganz klar ein Trojaner-Problem ist:

1. Bootvorgang
2. Windows-Login-Screen erscheint, unten links sehe ich, dass Internetverbindung besteht, ich gebe das Passwort ein
3. Desktop erscheint, FF geht auf und K9 Webprotection meldet, dass es keine Verbindung herstellen konnte, es wird die go.microsoft...-URL angezeigt (siehe oben), bei den Trayicons sehe ich, dass die Inet verbindung plötzlich begrenzt ist, das bleibt auch so für ca. 30 sec oder 1 min, plötzlich ist sie wieder normal frei, ich kann FF wieder mit der normalen Google-Startseite starten

Mir kommt es so vor als blockiere ein Programm im Hintergrund a) den Startprozess, z.B. auch andere Antivirenprogramme beim Windowsstart und b) belegt bzw. blockiert die Inet-Verbindung für etwa eine halbe Minute, vielleicht werden während dessen gespeicherte Daten übertragen??

Jedenfalls läuft das genau in dieser Reihenfolge bei jedem Start ab und war sonst nicht so.
Mir ist das nicht geheuer.

Was kann ich noch tun? Oder muss ich alles neu aufsetzen??

/EDIT:

Ich habe mal im Verlauf von Windows Defender gestöbert:

Windows Defender meldete in den letzten Tagen folgende Malware und hat sie unter Quarantäne gestellt:

Monitoring Tool:Win32/Actmon
Warnstufe: schwerwiegend
Kategorie: Überwachungssoftware
Beschreibung: Dieses Programm überwacht Benutzerinformationen.
Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.
Elemente:
file:C:\Windows\SysWOW64\ssys.exe
file:C:\Users\Picard\AppData\Local\Temp\WZSE0.TMP\ssys.exe
file:C:\Users\Picard\AppData\Local\Temp\WZSE0.TMP\ssys.exe

Vielleicht hilft uns das?
Vielleicht sollte ich die Quarantäne freischalten und Deine Tools nutzen um dem Schädling auf die Schliche zu kommen?

Ich mache jetzt erstmal nichts weiter und warte ab, was Du empfiehlst.

Alt 17.06.2015, 07:43   #14
Warlord711
/// TB-Ausbilder
 
Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL - Standard

Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL



Ok, dann mal schauen ob wir noch was finden.

Du hast ALLE nicht-MS Dienste aber nur einige Autostarts deaktiviert ?
Warum nicht erstmal alles ?

Wie gesagt, ich vermute, das es ein Acer Dienst/Programm ist, der den FF öffnet, mit einer harmlosen, OEM URL.

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 17.06.2015, 07:46   #15
Picard
 
Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL - Standard

Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL



Hi Timo, danke für Deine Hilfe soweit. Können wir das vorerst pausieren, denn ich bin für einige Tage geschäftlich unterwegs und kann mich nicht um das Problem kümmern. Schreibe dann wieder Anfang/Mitte nächster Woche, dann kommt der Thread wieder nach oben. Ist das ok für Dich?? Werde dann Deine Vorschläge umsetzen. Danke. Gute Zeit! Bis nächste Woche.

Antwort

Themen zu Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL
antworten, automatisch, automatische, autostart, beheben, blockiert, diverse, erfahrung, experte, experten, firefox, firefox 38.0.5, funktion, großer, heute, hilfreiche, hinweise, jahre, malware, morgen, msn deutschland, nichts, seite, startseite, super, tools, troja, vorgehen, windows 8.1, worte, öffnet



Ähnliche Themen: Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL


  1. Malwarebytes blockiert beim Start von Firefox eine bösartige Website
    Plagegeister aller Art und deren Bekämpfung - 31.03.2015 (64)
  2. Nach Neuinstallation: Bei Firefox start öffnen sich immer WOT und Noscript automatisch
    Antiviren-, Firewall- und andere Schutzprogramme - 20.02.2015 (18)
  3. Bei jedem Rechner-Start öffnet sich automatisch Firefox mit Farmaster.Net-Seite
    Log-Analyse und Auswertung - 21.09.2014 (11)
  4. Windows 7, Firefox öffnet automatisch neuen Tab mit Werbung
    Log-Analyse und Auswertung - 02.09.2014 (9)
  5. Windows 7: Firefox öffnet automatisch neue Tabs mit Werbung
    Log-Analyse und Auswertung - 05.02.2014 (7)
  6. Beim Start von Firefox öffnet sich Nationzoom mit zusätzlichen Werbefenstern
    Log-Analyse und Auswertung - 27.12.2013 (3)
  7. Windows 7, bei Firefox öffnet sich ab und an graues Fenster und bei geschlossenem browser kommt die website von Survey Monkey Powered Online
    Log-Analyse und Auswertung - 21.11.2013 (9)
  8. windows start öffnet sich firefox mit werbung
    Plagegeister aller Art und deren Bekämpfung - 19.11.2013 (27)
  9. start.qone8.com öffnet sich bei neuem Tab im Firefox + Chrome
    Plagegeister aller Art und deren Bekämpfung - 07.10.2013 (7)
  10. Werbeseite öffnet sich wiederholt beim Start von Firefox automatisch
    Log-Analyse und Auswertung - 03.02.2012 (16)
  11. Firefox Tab öffnet sich automatisch
    Log-Analyse und Auswertung - 25.10.2011 (17)
  12. Firefox öffnet automatisch neue Tabs (Werbung) NIS meldet sich auch
    Log-Analyse und Auswertung - 30.04.2010 (9)
  13. Werbefenster öffnet sich im Firefox automatisch --> was ist das bei mir?
    Log-Analyse und Auswertung - 07.03.2010 (5)
  14. Firefox öffnet sich automatisch mit werbung
    Log-Analyse und Auswertung - 11.12.2007 (3)
  15. IE7, beim Start öffnet sich automatisch ein neuer Reiter
    Log-Analyse und Auswertung - 02.03.2007 (2)
  16. Programmordner öffnet sich bei jedem Start automatisch!!!
    Alles rund um Windows - 06.08.2006 (14)
  17. IExplorer bzw. SlimBrowser öffnet sich automatisch nach dem Start
    Log-Analyse und Auswertung - 01.09.2005 (13)

Zum Thema Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL - Hallo liebes Trojaner-Board, vor einigen Jahren habt Ihr mir schon mal super geholfen und mir wertvolle Tools näher gebracht. So kam ich über die Jahre gut alleine zurecht. Doch diesmal - Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL...
Archiv
Du betrachtest: Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.