Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: pum.bad.proxy kommt immer wieder

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.07.2015, 12:22   #1
snuggel123
 
pum.bad.proxy kommt immer wieder - Standard

pum.bad.proxy kommt immer wieder



Hey, das Teil nervt :-)

Hoffe man kann helfen.
Die gewünschten Logs :

Code:
ATTFilter
Hey, das Teil nervt :-)

Hoffe man kann helfen.
Die gewünschten Logs :

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-07-2015
Ran by webst (administrator) on RECHTS-PC on 11-07-2015 00:09:24
Running from C:\Users\webst\Desktop
Loaded Profiles: webst (Available Profiles: webst & Joerg)
Platform: Windows 8.1 Pro (X64) OS Language: Englisch (Großbritannien)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
() C:\Program Files (x86)\AAVUpdateManager\aavus.exe
(ABBYY) C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
() C:\Program Files (x86)\EASEUS\Todo Backup\bin\TodoBackupService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(J3S GmbH) C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwtxapps.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(Deutsche Telekom AG) C:\Users\webst\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe
(J3S GmbH) C:\Program Files (x86)\COMPUTERBILD-Abzockschutz\Bin\COMPUTERBILD-Abzockschutz.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EASEUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxcr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [380544 2012-06-28] (Alcor Micro Corp.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-29] (Logitech Inc.)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1691112 2015-04-06] (Bitdefender)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] ()
HKLM-x32\...\Run: [COMPUTERBILD-Abzockschutz] => C:\Program Files (x86)\COMPUTERBILD-Abzockschutz\bin\COMPUTERBILD-Abzockschutz.exe [537664 2014-04-15] (J3S GmbH)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe [2086568 2014-03-06] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [Steganos HotKeys] => C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe [100864 2014-02-25] (Steganos Software GmbH)
HKLM-x32\...\Run: [SAFE14 File Redirection Starter] => C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe [17408 2014-02-25] (Steganos Software GmbH)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-06-23] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [8088488 2014-05-14] (SlySoft, Inc.)
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Run: [GoogleRadar] => C:\Program Files (x86)\GoogleClean\GoogleRadar.exe [1540096 2014-06-17] ()
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Run: [COMPUTER BILD Account-Alarm] => C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe [2058752 2014-08-07] (J3S GmbH)
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-02-25] (Bitdefender)
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Run: [SAFE14 Browser Monitor] => C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe [70144 2014-02-25] (Steganos Software GmbH)
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21969480 2015-05-19] (Google)
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Run: [GoogleChromeAutoLaunch_1F44CB0EF79C5A00329816E6692A365E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-07] (Google Inc.)
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\MountPoints2: {5585cfe9-9a0e-11e3-811a-002522baf411} - "K:\setup.exe" 
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\MountPoints2: {9bf800cc-4643-11e3-807a-806e6f6e6963} - "F:\zdata\cobi.exe" 
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\MountPoints2: {b3611562-311c-11e4-823d-002522baf411} - "D:\zdata\cobi.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Twonky Server.lnk [2014-11-30]
ShortcutTarget: Twonky Server.lnk -> C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
Startup: C:\Users\webst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms [2013-12-21] ()
Startup: C:\Users\webst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk [2013-10-30]
ShortcutTarget: Mediencenter.lnk -> C:\Users\webst\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [01Mediencenter_InSync] -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\webst\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2013-10-01] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [02Mediencenter_ToSync] -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\webst\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2013-10-01] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [03Mediencenter_Failed] -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\webst\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2013-10-01] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-10-20] (IvoSoft)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-10-20] (IvoSoft)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3858550174-89373323-3384911765-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:50131;https=127.0.0.1:50131
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3858550174-89373323-3384911765-1001 -> D3DFC7F3C04E40DBA16BBBB3D4EE9F74 URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=114576&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3858550174-89373323-3384911765-1001 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.de/search?q={searchTerms}
BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-25] (Bitdefender)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-10-20] (IvoSoft)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2013-10-20] (IvoSoft)
BHO-x32: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-25] (Bitdefender)
BHO-x32: CBAbzockschutz.InitToolbarBHO -> {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} -> C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-05-06] (DivX, LLC)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-10-20] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-27] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-14] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-27] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2013-10-20] (IvoSoft)
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-25] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-25] (Bitdefender)
Toolbar: HKU\S-1-5-21-3858550174-89373323-3384911765-1001 -> Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-25] (Bitdefender)
Toolbar: HKU\S-1-5-21-3858550174-89373323-3384911765-1001 -> No Name - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Hosts: 127.0.0.1	localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1
Tcpip\..\Interfaces\{A1B19695-79E8-4F6B-950F-271E91094527}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{A1B19695-79E8-4F6B-950F-271E91094527}: [DhcpNameServer] 192.168.192.1
Tcpip\..\Interfaces\{AD9A15D4-3B70-42BD-9897-2085400DBD1B}: [DhcpNameServer] 192.168.192.1

FireFox:
========
FF ProfilePath: C:\Users\webst\AppData\Roaming\Mozilla\Firefox\Profiles\uwdjitzd.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-08] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-08] ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-05-06] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-01-21]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-05-22]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2015-01-21]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome: 
=======
CHR Profile: C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-23]
CHR Extension: (No Name) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-23]
CHR Extension: (No Name) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-23]
CHR Extension: (No Name) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-23]
CHR Extension: (Adblock Plus) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-13]
CHR Extension: (Google Search) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-23]
CHR Extension: (Bitdefender Wallet) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2015-01-21]
CHR Extension: (Google Sheets) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-23]
CHR Extension: (AdBlock) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Top Eleven) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljphpjlafmmdmegmfbkacafhbegjfkkn [2014-11-23]
CHR Extension: (No Name) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo [2015-03-28]
CHR Extension: (Google Wallet) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-23]
CHR Extension: (Gmail) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-23]
CHR HKU\S-1-5-21-3858550174-89373323-3384911765-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0; C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-12-09] (Bitdefender)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [397176 2012-08-16] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2012-08-16] (BlueStack Systems, Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37416 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2281248 2014-10-07] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 MediaCenterControl; C:\Program Files (x86)\Media Center Control\MCC Service.exe [337408 2014-01-07] (Markus Gehlhaar) [File not signed]
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2013-10-20] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175752 2015-06-23] (Sandboxie Holdings, LLC)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [10240 2014-10-29] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-12] (TuneUp Software)
R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [885576 2013-05-23] ()
R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [586568 2013-05-23] (PacketVideo)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)
S4 VMLiteService; C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-04-06] (Bitdefender)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2013-10-20] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S4 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580648 2012-07-17] (WiseCleaner.com) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-02-25] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [262544 2015-02-25] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-02-25] (BitDefender)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2015-02-25] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [79192 2013-07-30] (BitDefender)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [74616 2012-08-16] (BlueStack Systems)
R2 DRHARD64; C:\WINDOWS\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHARD64; C:\WINDOWS\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHMSR64; C:\WINDOWS\system32\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R2 DRHMSR64; C:\WINDOWS\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] ()
U3 dtscsidrv; C:\Windows\System32\Drivers\dtscsidrv.sys [309248 2014-01-31] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-02-20] (Disc Soft Ltd)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-15] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R1 GDKBFlt; C:\WINDOWS\system32\drivers\GDKBFlt64.sys [20992 2014-09-05] (G Data Software AG)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160544 2015-04-06] (BitDefender LLC)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [66360 2012-10-03] (Logitech Inc.)
S3 LGSUsbFilt; C:\Windows\system32\DRIVERS\LGSUsbFilt.Sys [43832 2012-10-03] (Logitech Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2013-10-20] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-06-18] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-06-18] ()
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [190088 2015-06-23] (Sandboxie Holdings, LLC)
R1 SLEE_18_DRIVER; C:\WINDOWS\Sleen1864.sys [109144 2014-01-30] (Softwareentwicklung Remus - ArchiCrypt - )
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2014-01-31] (Duplex Secure Ltd.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-10-15] (BitDefender S.R.L.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] ()
S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] ()
S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] ()
R1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.)
S3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [146216 2010-08-11] (VMLite, Inc.)
R3 VBoxNetFlt; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [165800 2010-08-11] (VMLite, Inc.)
R1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.)
R3 vmlitestor; C:\Windows\system32\DRIVERS\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.)
R1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 EUBAKUP0; \??\C:\WINDOWS\system32\drivers\EUBAKUP0.sys [X]
S3 EUBKMON0; \??\C:\WINDOWS\system32\drivers\EUBKMON0.sys [X]
S3 EUFDDISK0; \??\C:\WINDOWS\system32\drivers\EUFDDISK0.sys [X]
U3 idsvc; No ImagePath
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\WNt500x64\Sandra.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-11 00:09 - 2015-07-11 00:10 - 00036226 _____ C:\Users\webst\Desktop\FRST.txt
2015-07-11 00:09 - 2015-07-11 00:09 - 00000000 ____D C:\FRST
2015-07-11 00:07 - 2015-07-11 00:07 - 02112512 _____ (Farbar) C:\Users\webst\Downloads\FRST64.exe
2015-07-11 00:07 - 2015-07-11 00:07 - 02112512 _____ (Farbar) C:\Users\webst\Desktop\FRST64.exe
2015-07-10 23:54 - 2015-07-10 23:54 - 00000662 _____ C:\Users\webst\Desktop\defogger_disable.log
2015-07-10 23:54 - 2015-07-10 23:54 - 00000198 _____ C:\Users\webst\defogger_reenable
2015-07-10 23:53 - 2015-07-10 23:52 - 00050477 _____ C:\Users\webst\Desktop\Defogger.exe
2015-07-10 23:52 - 2015-07-10 23:52 - 00050477 _____ C:\Users\webst\Downloads\Defogger.exe
2015-07-09 23:32 - 2015-07-09 23:32 - 00001064 _____ C:\Users\webst\Desktop\JRT.txt
2015-07-09 22:07 - 2015-07-09 22:07 - 00037624 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-07-09 22:07 - 2015-07-09 22:07 - 00000880 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2015-07-09 22:07 - 2015-07-09 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-07-09 22:07 - 2015-07-09 22:07 - 00000000 ____D C:\Program Files\RogueKiller
2015-07-09 22:06 - 2015-07-09 22:07 - 22640336 _____ (Adlice Software ) C:\Users\webst\Downloads\setup.exe
2015-07-09 20:29 - 2015-07-09 20:29 - 02248704 _____ C:\Users\webst\Desktop\adwcleaner_4.208.exe
2015-07-09 19:46 - 2015-07-09 19:46 - 00000000 ____D C:\Users\webst\Downloads\backups
2015-07-09 19:43 - 2015-07-09 19:43 - 00016285 _____ C:\Users\webst\Downloads\hijackthis.log
2015-07-09 19:40 - 2015-07-09 19:40 - 00388608 _____ (Trend Micro Inc.) C:\Users\webst\Downloads\hijackthis.exe
2015-07-08 23:33 - 2015-07-08 23:33 - 00000000 ____D C:\Users\webst\AppData\Local\CrashDumps
2015-07-08 23:30 - 2015-07-08 23:30 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-08 23:29 - 2015-07-08 23:29 - 21942344 _____ C:\Users\webst\Desktop\RogueKillerX64.exe
2015-07-08 22:16 - 2015-07-08 22:16 - 02953707 _____ (Malwarebytes Corporation) C:\Users\webst\Desktop\JRT.exe
2015-07-08 22:16 - 2015-07-08 22:16 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-RECHTS-PC-Windows-8.1-Pro-(64-bit).dat
2015-07-08 22:16 - 2015-07-08 22:16 - 00000000 ____D C:\RegBackup
2015-07-08 22:11 - 2015-07-08 22:11 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\webst\Downloads\tdsskiller.exe
2015-07-08 21:53 - 2015-07-08 21:53 - 02244096 _____ C:\Users\webst\Downloads\adwcleaner_4.207.exe
2015-07-08 00:17 - 2014-08-30 19:33 - 00000826 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20150708-001733.backup
2015-07-07 23:15 - 2015-07-07 23:15 - 00001437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-07-07 23:15 - 2015-07-07 23:15 - 00001425 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-07-07 23:15 - 2015-07-07 23:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-07-07 23:15 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2015-07-07 23:14 - 2015-07-07 23:14 - 01198368 _____ C:\Users\webst\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2015-07-06 08:17 - 2015-07-06 08:17 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\52CF4773.sys
2015-07-05 17:20 - 2015-07-05 17:20 - 05270008 _____ (Tangysoft Ltd. ) C:\Users\webst\Downloads\UseNeXTSetup_5.64 (1).exe
2015-07-05 17:20 - 2015-07-05 17:20 - 00001885 _____ C:\Users\webst\Desktop\UseNeXT by Tangysoft.lnk
2015-07-03 18:38 - 2015-07-03 18:38 - 00014767 _____ C:\Users\webst\Desktop\bruschatta.odt
2015-07-03 18:01 - 2015-07-03 18:01 - 00419080 _____ C:\WINDOWS\Minidump\070315-22656-01.dmp
2015-07-01 21:48 - 2015-07-03 18:01 - 517986007 _____ C:\WINDOWS\MEMORY.DMP
2015-07-01 21:48 - 2015-07-01 21:48 - 01057104 _____ C:\WINDOWS\Minidump\070115-28281-01.dmp
2015-07-01 19:34 - 2015-07-01 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-06-28 21:37 - 2015-06-28 21:37 - 00001146 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-28 21:36 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-28 21:36 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-28 21:36 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-27 20:14 - 2015-06-27 20:16 - 1549615104 _____ C:\Users\webst\Downloads\linuxmint-17.1-cinnamon-64bit.iso
2015-06-27 18:40 - 2015-06-27 18:40 - 00002093 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-06-27 18:40 - 2015-06-17 08:03 - 00571024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-06-27 18:38 - 2015-06-27 18:38 - 00562272 _____ (Oracle Corporation) C:\Users\webst\Downloads\chromeinstall-8u45 (1).exe
2015-06-27 18:38 - 2015-06-27 18:34 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-06-27 18:32 - 2015-06-27 18:32 - 00562272 _____ (Oracle Corporation) C:\Users\webst\Downloads\chromeinstall-8u45.exe
2015-06-25 22:07 - 2015-06-17 11:10 - 42729104 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 37748880 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 30481552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 22947144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 17724600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 16145200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 15866992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 15224784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 14497520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 13263056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 12855416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 11831856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 11011216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-06-25 22:07 - 2015-06-17 11:10 - 03395648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 02997544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 02932368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 02599752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 01898128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435330.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 01567576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 01557832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435330.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 01099992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 01060168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 01050768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 00982672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 00975176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 00938752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 00879000 _____ C:\WINDOWS\system32\nvmcumd.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 00204648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-06-25 22:07 - 2015-06-17 11:10 - 00176904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 00155280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 00150832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 00128696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 00040280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 00030966 _____ C:\WINDOWS\system32\nvinfo.pb
2015-06-25 21:34 - 2015-06-24 13:36 - 01571696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-06-25 21:34 - 2015-06-24 13:36 - 01320120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-06-25 21:33 - 2015-06-25 21:33 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-06-25 21:33 - 2015-05-19 05:29 - 00046768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-06-25 21:33 - 2015-05-19 05:14 - 00061616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2015-06-25 21:33 - 2015-05-19 05:14 - 00057520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-06-20 17:21 - 2015-06-20 17:21 - 00012601 _____ C:\Users\webst\Desktop\nl.odt
2015-06-17 19:07 - 2015-06-17 19:07 - 02633128 _____ C:\Users\webst\Downloads\mediencenter_pc_sync.exe
2015-06-17 19:05 - 2015-06-17 19:05 - 00010480 _____ C:\Users\webst\Desktop\controller.odt
2015-06-14 21:10 - 2015-06-14 21:10 - 00002080 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-06-14 21:10 - 2015-06-14 21:10 - 00002078 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-06-14 21:10 - 2015-06-14 21:10 - 00002068 _____ C:\Users\Public\Desktop\Google Docs.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-11 00:09 - 2014-09-30 16:37 - 02028940 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-11 00:08 - 2014-09-30 16:39 - 00390876 _____ C:\WINDOWS\setupact.log
2015-07-11 00:07 - 2015-05-20 18:02 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-11 00:02 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-11 00:02 - 2012-11-27 02:16 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3858550174-89373323-3384911765-1001
2015-07-10 23:59 - 2012-11-29 01:07 - 00003934 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{04AACD24-98CB-4621-B465-62473BB835A0}
2015-07-10 23:58 - 2014-12-08 23:35 - 00000000 ___RD C:\Users\webst\Google Drive
2015-07-10 23:58 - 2014-11-30 20:40 - 00000000 ____D C:\ProgramData\TwonkyServer
2015-07-10 23:58 - 2014-03-01 14:43 - 00000000 __RDO C:\Users\webst\SkyDrive
2015-07-10 23:58 - 2013-10-30 18:53 - 00000000 ___RD C:\Users\webst\Mediencenter
2015-07-10 23:58 - 2013-10-22 06:38 - 00000000 ____D C:\Users\webst\AppData\Local\Deployment
2015-07-10 23:57 - 2015-05-20 18:02 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-10 23:57 - 2015-05-06 21:35 - 00000298 _____ C:\WINDOWS\Tasks\AbelssoftPreloader.job
2015-07-10 23:57 - 2015-02-21 17:16 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-10 23:57 - 2013-10-20 02:51 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-10 23:57 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-10 23:55 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-07-10 23:54 - 2013-10-20 02:57 - 00000000 ____D C:\Users\webst
2015-07-10 23:20 - 2013-10-30 21:10 - 00000000 ____D C:\AdwCleaner
2015-07-10 23:18 - 2013-09-10 20:11 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-09 21:59 - 2013-10-23 13:47 - 00000000 ____D C:\Users\webst\AppData\Roaming\ClassicShell
2015-07-08 21:18 - 2013-09-10 20:11 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-08 20:36 - 2013-05-15 21:58 - 00002636 _____ C:\WINDOWS\Sandboxie.ini
2015-07-08 20:18 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-07 23:21 - 2013-10-30 19:38 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-07 23:15 - 2013-10-30 19:38 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-07-07 23:12 - 2014-11-23 13:45 - 00002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-07 23:12 - 2014-05-16 18:06 - 00000000 ____D C:\Users\webst\VMLites
2015-07-07 22:32 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-06 12:41 - 2013-09-30 06:12 - 02419734 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-06 12:41 - 2012-08-02 12:49 - 01153556 _____ C:\WINDOWS\system32\perfh007.dat
2015-07-06 12:41 - 2012-08-02 12:49 - 00273612 _____ C:\WINDOWS\system32\perfc007.dat
2015-07-06 08:35 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-05 20:21 - 2014-04-14 18:58 - 00000000 ____D C:\Users\webst\AppData\Roaming\UseNeXT
2015-07-05 17:20 - 2014-04-14 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
2015-07-05 17:20 - 2014-04-14 18:58 - 00000000 ____D C:\Program Files (x86)\UseNeXT
2015-07-05 15:53 - 2012-08-07 16:14 - 00000072 _____ C:\Users\Public\LMDebug.log
2015-07-03 18:01 - 2013-10-24 19:19 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-01 23:02 - 2015-04-25 19:19 - 00000000 ____D C:\Users\webst\AppData\Roaming\Usenet.nl
2015-07-01 23:02 - 2012-08-07 20:08 - 00000000 ____D C:\Users\webst\AppData\Roaming\vlc
2015-06-28 21:37 - 2015-02-21 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-28 21:37 - 2015-02-21 17:16 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-27 19:56 - 2014-05-08 21:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-27 19:54 - 2012-08-04 22:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-27 18:40 - 2013-12-08 02:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-06-27 18:40 - 2013-10-20 02:51 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-27 18:38 - 2015-01-25 14:46 - 00000000 ____D C:\Program Files\Java
2015-06-27 18:38 - 2014-09-06 20:55 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-27 18:32 - 2014-02-12 16:44 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-25 22:10 - 2015-05-27 19:04 - 00000000 ____D C:\WINDOWS\LastGood
2015-06-25 22:08 - 2013-10-20 02:50 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-06-25 21:34 - 2013-12-08 02:43 - 00001435 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-06-24 13:36 - 2014-06-03 13:06 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-06-24 13:36 - 2014-06-03 13:06 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-06-17 08:48 - 2015-05-27 19:07 - 00062792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-06-17 08:48 - 2013-10-20 02:51 - 06873232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-06-17 08:48 - 2013-10-20 02:51 - 03492168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-06-17 08:48 - 2013-10-20 02:51 - 02558792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-06-17 08:48 - 2013-10-20 02:51 - 00937616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-06-17 08:48 - 2013-10-20 02:51 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-06-14 21:10 - 2014-12-08 23:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Files in the root of some directories =======

2014-09-10 12:14 - 2014-02-19 16:04 - 1383399 _____ () C:\Users\webst\AppData\Roaming\Ansichten.pdf
2014-08-31 18:51 - 2014-08-31 18:51 - 0000000 _____ () C:\Users\webst\AppData\Roaming\gdfw.log
2014-08-31 18:50 - 2014-09-05 18:49 - 0001755 _____ () C:\Users\webst\AppData\Roaming\gdscan.log
2014-10-18 18:41 - 2014-10-18 18:42 - 0001916 _____ () C:\Users\webst\AppData\Roaming\MyMicroBalanceConfig.ini
2014-09-10 12:14 - 2014-02-19 13:34 - 0810221 _____ () C:\Users\webst\AppData\Roaming\Spende.pdf
2013-07-27 00:03 - 2014-03-18 16:35 - 0000081 _____ () C:\Users\webst\AppData\Roaming\WB.CFG
2012-12-03 12:34 - 2012-12-03 14:40 - 0000036 _____ () C:\Users\webst\AppData\Local\housecall.guid.cache
2012-09-23 21:38 - 2012-09-23 21:38 - 0000236 _____ () C:\Users\webst\AppData\Local\LaunchHomeCenter.log
2015-03-12 03:14 - 2015-03-12 03:14 - 0001558 _____ () C:\Users\webst\AppData\Local\recently-used.xbel
2012-11-27 03:53 - 2012-11-27 03:53 - 0000017 _____ () C:\Users\webst\AppData\Local\resmon.resmoncfg
2012-08-02 13:33 - 2012-08-02 13:33 - 0017408 _____ () C:\Users\webst\AppData\Local\WebpageIcons.db
2013-11-19 19:29 - 2013-11-19 19:29 - 0000011 _____ () C:\ProgramData\.tv7
2014-05-27 19:20 - 2014-05-27 19:20 - 0000040 ___SH () C:\ProgramData\.zreglib
2014-02-12 16:45 - 2014-02-12 16:45 - 0000038 _____ () C:\ProgramData\InstallerWebUI.ini

Some files in TEMP:
====================
C:\Users\webst\AppData\Local\Temp\dllnt_dump.dll
C:\Users\webst\AppData\Local\Temp\Quarantine.exe
C:\Users\webst\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-09 21:42

==================== End of log ============================
         

Alt 11.07.2015, 13:00   #2
schrauber
/// the machine
/// TB-Ausbilder
 

pum.bad.proxy kommt immer wieder - Standard

pum.bad.proxy kommt immer wieder



Hi,

Addition.txt fehlt noch
__________________

__________________

Alt 11.07.2015, 13:57   #3
snuggel123
 
pum.bad.proxy kommt immer wieder - Standard

pum.bad.proxy kommt immer wieder



Hier : (passt ja nicht alles in ein Post ) :-)

Code:
ATTFilter


Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:09-07-2015
Ran by webst at 2015-07-11 00:10:45
Running from C:\Users\webst\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3858550174-89373323-3384911765-500 - Administrator - Disabled)
Guest (S-1-5-21-3858550174-89373323-3384911765-501 - Limited - Enabled)
Joerg (S-1-5-21-3858550174-89373323-3384911765-1020 - Administrator - Enabled) => C:\Users\Joerg
UpdatusUser (S-1-5-21-3858550174-89373323-3384911765-1035 - Limited - Enabled)
webst (S-1-5-21-3858550174-89373323-3384911765-1001 - Administrator - Enabled) => C:\Users\webst

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
ABBYY Screenshot Reader (HKLM-x32\...\{F9000000-0015-0000-0000-074957833700}) (Version: 9.010.483.59810 - ABBYY)
ABViewer 9 (HKLM-x32\...\ABViewer 9_is1) (Version: 9.0.0.5 - Soft Gold Ltd.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Aiseesoft Total Video Converter 7.1.30 (HKLM-x32\...\{E09CEBAA-4435-4404-8D82-4C029F6391E4}_is1) (Version: 7.1.30 - Aiseesoft Studio)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.4.17.01504 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}) (Version: 1.7.17.25416 - Ihr Firmenname)
Alcor Micro USB Card Reader (x32 Version: 1.7.17.25416 - Ihr Firmenname) Hidden
Alcor Micro USB Card Reader (x32 Version: 4.4.17.01504 - Alcor Micro Corp.) Hidden
Alt.Binz Prepaid Usenet edition Version 0.39.14 (HKLM-x32\...\{6B87C531-F762-46BA-AC33-C88B1CC7D83B}_is1) (Version: 0.39.14 - Prepaid usenet)
Amazon Cloud Drive (HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\23ab716f18849b6f) (Version: 2.4.2013.3290 - Amazon)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.239 - Amazon)
Angry Birds Seasons (HKLM-x32\...\{F3FDA09C-57AA-40CC-A555-FED7EF421E7E}) (Version: 2.4.1 - Rovio)
AntiBrowserSpy (HKLM-x32\...\{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1) (Version: 141 - Abelssoft)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.4.7.0 - SlySoft)
Arena 3.0 (HKLM-x32\...\Arena 3.0_is1) (Version:  - )
Arena 3.5 (HKLM-x32\...\Arena 3.5_is1) (Version:  - )
ASRock InstantBoot v1.24 (HKLM-x32\...\ASRock InstantBoot_is1) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
BILD Steuer 2014 (HKLM-x32\...\{6095D412-A42B-4A41-8286-135111F0CB84}) (Version: 19.06.72 - Akademische Arbeitsgemeinschaft)
BILD Steuer 2015 (HKLM-x32\...\{90B7E6F3-25B5-4B5E-B9F5-ACA6287489E4}) (Version: 20.20.70 - Akademische Arbeitsgemeinschaft)
BILD-Steuer 2011 (HKLM-x32\...\{F2C7A130-9C68-41C4-A8E7-985DFFBD01DF}) (Version: 16.16 - Akademische Arbeitsgemeinschaft Verlag)
BILD-Steuer 2013 (HKLM-x32\...\{33030435-243F-4111-BD25-C6A447E8A84F}) (Version: 18.02 - Wolters Kluwer Deutschland GmbH)
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 18.20.0.1429 - Bitdefender)
calibre (HKLM-x32\...\{87CE002F-33CD-4C3A-95CA-6EC98DC1A6C3}) (Version: 0.9.21 - Kovid Goyal)
Canon CanoScan Toolbox 5.0 (HKLM-x32\...\CanoScan Toolbox 5.0) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4954 - CDBurnerXP)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.77.0.2015 - Georgy Berdyshev)
CheckDrive (HKLM-x32\...\{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1) (Version: 4.4 - Abelssoft)
Classic Shell (HKLM\...\{98BB5224-BC5D-4028-9D20-536C1C263AA9}) (Version: 4.0.2 - IvoSoft)
COMPUTER BILD Account-Alarm (HKLM-x32\...\{04B0A9F1-070A-4C32-A575-6D2DC8F5C52E}) (Version: 1.0.3 - J3S)
COMPUTER BILD-Film-Finder 2015 (HKLM-x32\...\{56A5546C-A837-48BA-86D4-315F5C7E76BF}) (Version: 2.0.0 - J3S)
COMPUTERBILD-Abzockschutz (HKLM-x32\...\{BF4F111D-DEBF-4A93-88A1-E0B42385B9C8}) (Version: 1.0.57 - J3S)
CPUID CPU-Z 1.61.3 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CrystalDiskInfo  (HKLM-x32\...\CrystalDiskInfo) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.5.0.0387 - Disc Soft Ltd)
DateiCommander15 (HKLM-x32\...\DateiCommander 15 Basic_is1) (Version:  - Christian Lütgens)
DC-Bass Source 1.3.0 (HKLM-x32\...\DC-Bass Source) (Version:  - )
DirectVobSub 2.40.4209 (HKLM-x32\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Dr. Hardware 2014 14.5d (HKLM-x32\...\Dr. Hardware 2014_is1) (Version:  - Peter A. Gebhard)
Drakonia Configurator (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version:  - )
EaseUS Data Recovery Wizard 8.5 (HKLM\...\EaseUS Data Recovery Wizard 8.5_is1) (Version:  - EaseUS)
EaseUS Partition Master 10.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
EaseUS Todo Backup Free 8.0  (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 8.0 - CHENGDU YIWO Tech Development Co., Ltd)
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
Elite Dangerous Launcher version 0.4.1765.0 (HKLM-x32\...\{696F8871-C91D-4CB1-825D-36BE18065575}_is1) (Version: 0.4.1765.0 - Frontier Developments)
ePUB to Kindle Maker version 2.4.0 (HKLM-x32\...\{16B27DB6-5F97-47A5-9FD7-1B8440B5E42E}_is1) (Version: 2.4.0 - EPUB TO KINDLE, Inc.)
Evernote v. 5.2.1 (HKLM-x32\...\{5E6D0ABA-ABDE-11E3-9AED-00163E98E7D6}) (Version: 5.2.1.3108 - Evernote Corp.)
F1 2011 (x32 Version: 1.0.0000.129 - Codemasters) Hidden
F1 2011 (x32 Version: 1.0.0001.129 - Codemasters) Hidden
F1 2011 (x32 Version: 1.0.0002.129 - Codemasters) Hidden
ffdshow v1.1.4399 [2012-03-22] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4399.0 - )
Fischer Weltalmanach 2014 (HKLM-x32\...\InstallShield_{1281E7EE-3274-4221-8C73-33C20181EE10}) (Version: 1.00.0000 - USM)
Fischer Weltalmanach 2014 (x32 Version: 1.00.0000 - USM) Hidden
FM PDF To JPG Converter Pro 2.1 (HKLM-x32\...\FM PDF To JPG Converter Pro_is1) (Version: 2.1 - )
Free PDF To JPG Converter 3.2 (HKLM-x32\...\Free PDF To JPG Converter_is1) (Version: 3.2 - )
Fritz 12 (HKLM-x32\...\{4F4182DA-3D58-41E3-913D-480F8DA5C863}) (Version: 12.0.0 - ChessBase)
Fritz 12 (x32 Version: 12.0.0 - ChessBase) Hidden
Fritz11 (HKLM-x32\...\{1A637513-CC46-4C3B-8114-1E4F1D71CF42}) (Version: 11 - ChessBase)
Fritz11 (x32 Version: 11 - ChessBase) Hidden
Geek Uninstaller  (HKLM-x32\...\Geek Uninstaller) (Version:  - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glary Utilities 2.53.0.1726 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.53.0.1726 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GoogleClean (HKLM-x32\...\{4281435C-AD1D-4C8A-B9C0-3961C08EF142}_is1) (Version: 5.0.000 - Abelssoft)
GPU Temp version 1.0 (HKLM-x32\...\{8C8711FD-0FC8-4801-B33E-ED19BB0350B1}_is1) (Version: 1.0 - gputemp.com)
Grand Theft Auto V - The Manual (HKLM-x32\...\{752EBD91-8B95-42B5-8692-A7243A6EEEA9}) (Version: 1.0.0 - Rockstar Games)
Grand Theft Auto: Episodes From Liberty City (HKLM-x32\...\{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}) (Version: 1.1.0.0 - Rockstar Games)
Harmony Browser Plug-in (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
IObit Apps Toolbar v7.0 (HKLM-x32\...\{4ED7341F-1942-4623-A27C-9C4F3838172F}) (Version: 7.0 - Spigot, Inc.) <==== ATTENTION
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.0.4.1 - IObit)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 31 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180310}) (Version: 8.0.310.13 - Oracle Corporation)
Java SE Development Kit 8 Update 40 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180400}) (Version: 8.0.400.26 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
KeyDepot (HKLM\...\KeyDepot_is1) (Version: 3.10 - Abelssoft)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Logitech Gaming Software 8.40 (HKLM\...\Logitech Gaming Software) (Version: 8.40.83 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Media Center Control (HKLM-x32\...\{21ACF6E8-4A4C-4596-9B0F-4FAE7D40D8A4}) (Version: 1.6.6.0 - Markus Gehlhaar)
Mediencenter 3.9.1055.64 (HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Mediencenter) (Version: 3.9.1055.64 - Deutsche Telekom AG)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft_VC100_CRT_x64 (HKLM\...\{17106CA8-E65A-4D02-95BE-79AF8C698935}) (Version: 1.0.0 - Microsoft)
MKVToolNix 7.0.0 (32bit) (HKLM-x32\...\MKVToolNix) (Version: 7.0.0 - Moritz Bunkus)
Mouse Editor (HKLM-x32\...\InstallShield_{8496B9A5-F260-4DF0-BCB3-4BA59FDC10BB}) (Version: 10.05.0004 - Ihr Firmenname)
MOUSE Editor (x32 Version: 10.05.0004 - Ihr Firmenname) Hidden
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\MyFreeCodec) (Version:  - )
MyKeyFinder (HKLM-x32\...\MyKeyFinder_is1) (Version: 2013 - Abelssoft)
MyMicroBalance (HKLM-x32\...\{D5D2D341-52AE-4811-9BFF-85FE26C23721}) (Version: 3.0.0 - startzentrum GmbH & Co KG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
News File Grabber 4.6.0.4 (HKLM-x32\...\News File Grabber_is1) (Version:  - RSBR-Software)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.30 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.57 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 340.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 340.43 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
OpenSource Flash Video Splitter 1.0.0.5 (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paragon Partition Manager™ 14 Home Demo (HKLM\...\{986A654F-F1E4-11DD-9FCA-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PC-Putzer 2015 (HKLM-x32\...\PC-Putzer 2015_is1) (Version: 19.1 - Abelssoft)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Philips Phone Manager (HKLM-x32\...\{A1251409-ABB0-4D7F-888C-9180AD1BA982}) (Version: 2.0.8.1 - Philips)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software)
Rybka 4 (HKLM-x32\...\{F9683839-1A7F-4874-91B7-64CDF4AC4679}) (Version: 12.0.0 - ChessBase)
Rybka 4 (x32 Version: 12.0.0 - ChessBase) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.02.05.00:24 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 4.20 (64-bit) (HKLM\...\Sandboxie) (Version: 4.20 - Sandboxie Holdings, LLC)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.6 - Seagate Technology)
Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.57 - NVIDIA Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Steganos Safe 14 (HKLM-x32\...\{13B7FBFB-622E-4002-8570-594798E6167D}) (Version: 14.2.2 - Steganos Software GmbH)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.143 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.143 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.143 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.73 - TuneUp Software) Hidden
Twonky Server (HKLM-x32\...\TwonkyServer) (Version: 7.2.3.0 - PacketVideo)
UnderCoverXP 1.23 (HKLM-x32\...\UnderCoverXP_is1) (Version:  - Wicked & Wild Inc.)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{CBCC2FD8-7DFE-4752-95B5-2E447C226F45}) (Version:  - Microsoft)
Usenet.nl (HKLM-x32\...\Usenet.nl_is1) (Version:  - )
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMLite Workstation (HKLM\...\{197F2BEF-2705-406E-8CEB-8E404FFFE414}) (Version: 3.2.6 - VMLite)
VueScan x64 (HKLM\...\VueScan x64) (Version:  - )
WIA-Loader 1.8.5.0 (HKLM-x32\...\WIA-Loader_is1) (Version:  - Patrick Mortara)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows-Treiberpaket - Koninklijke Philips Electronics N.V. (usbser) Ports  (05/31/2012 6.0.0.0) (HKLM\...\119046B6D39BBB85A700BB4D451858A003C331AC) (Version: 05/31/2012 6.0.0.0 - Koninklijke Philips Electronics N.V.)
Windows-Treiberpaket - Koninklijke Philips Electronics N.V. (usbser) Ports  (05/31/2012 6.0.0.0) (HKLM\...\4D59E7849DD13622C7CD9736C3BC8D67F8FF1F23) (Version: 05/31/2012 6.0.0.0 - Koninklijke Philips Electronics N.V.)
Windows-Treiberpaket - Koninklijke Philips Electronics N.V. (usbser) Ports  (05/31/2012 6.0.0.0) (HKLM\...\768E87C91FF81FF582D166E1AC9D74633D9B741D) (Version: 05/31/2012 6.0.0.0 - Koninklijke Philips Electronics N.V.)
Windows-Treiberpaket - Koninklijke Philips Electronics N.V. (usbser) Ports  (05/31/2012 6.0.0.0) (HKLM\...\C24BC9096B2E5D1847B32CB5C18C05C9AA99B843) (Version: 05/31/2012 6.0.0.0 - Koninklijke Philips Electronics N.V.)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Wise Auto Shutdown 1.39 (HKLM-x32\...\Wise Auto Shutdown_is1) (Version: 1.39 - WiseCleaner.com, Inc.)
Wise Care 365 version 2.20 (HKLM-x32\...\{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1) (Version: 3.2.4 - WiseCleaner.com, Inc.)
Wise Memory Optimizer 3.24 (HKLM-x32\...\Wise Memory Optimizer_is1) (Version: 3.24 - WiseCleaner.com, Inc.)
Wise Program Uninstaller 1.63 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 1.63 - WiseCleaner.com, Inc.)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version:  - DOSBox Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3858550174-89373323-3384911765-1001_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3858550174-89373323-3384911765-1001_Classes\CLSID\{08bd35f0-8d5d-43fa-957c-9704bb7592ca}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3858550174-89373323-3384911765-1001_Classes\CLSID\{0cf70391-a2e1-4839-8124-08fa57d8d8ea}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3858550174-89373323-3384911765-1001_Classes\CLSID\{1898dc91-f8ce-4d64-9b22-0c28db2eae64}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3858550174-89373323-3384911765-1001_Classes\CLSID\{23a8a29f-41ac-42e2-a8d3-1a6633ad091a}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3858550174-89373323-3384911765-1001_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\webst\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-3858550174-89373323-3384911765-1001_Classes\CLSID\{317bcc02-0ceb-4664-a241-12a3d6d0f7a1}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3858550174-89373323-3384911765-1001_Classes\CLSID\{32f05004-8cbd-4372-9af9-1c2a95b44393}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3858550174-89373323-3384911765-1001_Classes\CLSID\{33DDB83C-9959-4AC1-990C-00D28FFBB37F}\InprocServer32 -> C:\Users\webst\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\LogitechDeviceDetection64.ocx (Logitech, Inc.)
CustomCLSID: HKU\S-1-5-21-3858550174-89373323-3384911765-1001_Classes\CLSID\{3e334501-d08e-46d6-bae8-0b8e4edae473}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3858550174-89373323-3384911765-1001_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\webst\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-3858550174-89373323-3384911765-1001_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\webst\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-3858550174-89373323-3384911765-1001_Classes\CLSID\{676d9804-28d5-45bf-988b-4f3905eeeec5}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3858550174-89373323-3384911765-1001_Classes\CLSID\{75ae8cca-5cd8-4c0b-a0b8-91cae2690d74}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3858550174-89373323-3384911765-1001_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\webst\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-3858550174-89373323-3384911765-1001_Classes\CLSID\{b91d32f9-5f0f-4dd0-9f78-64509314d15a}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3858550174-89373323-3384911765-1001_Classes\CLSID\{c30bf15e-224f-4aaf-8d22-9f1c3722e6f3}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3858550174-89373323-3384911765-1001_Classes\CLSID\{dacb8bf4-6497-46bf-90d2-945d9bbc6240}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3858550174-89373323-3384911765-1001_Classes\CLSID\{F14E5118-342E-45E8-B99F-B5786E4F4DCA}\InprocServer32 -> C:\Users\webst\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\LogitechDeviceDetection64.ocx (Logitech, Inc.)
CustomCLSID: HKU\S-1-5-21-3858550174-89373323-3384911765-1001_Classes\CLSID\{ff23c4d8-7a2f-4deb-ad4a-baa00ad95215}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)

==================== Restore Points =========================

05-07-2015 13:56:07 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2015-07-09 22:25 - 00000768 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1	localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05002E43-EB69-4DA4-BA0B-189CEFA2A319} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {05D49D9A-7D85-466A-8832-47EC19D7DA78} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.)
Task: {071EA5E2-0F3D-4A9A-B397-942F7E8C26E7} - System32\Tasks\Run Media Center Control => C:\Program Files (x86)\Media Center Control\MCC Server.exe [2014-01-07] ()
Task: {0D3E3304-8E28-4A58-8953-530181633098} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {100F4601-16A4-4E1E-A965-9EF56F51AFAB} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {1200FAFC-0DB2-48E6-ABE9-CCD7C193B01D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-08] (Adobe Systems Incorporated)
Task: {14BE3478-F7C5-4B3B-A055-D46F02BE5F5D} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {16995334-56C3-431E-837F-34167DA4879B} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {1829A6DC-94E6-471D-8912-34EF0F0A6142} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {1E76E79C-BAF4-4FB9-AE66-9B2C8A87824D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3858550174-89373323-3384911765-1001Core => C:\Users\webst\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {24A30111-9798-49A3-AF50-1F800D49837B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {26BCAD81-FDA4-4C4B-BD6E-366C1EFB49A4} - System32\Tasks\{58BF8C1C-89C5-42B1-BFDF-5444D6F5D0D1} => E:\Program Files (x86)\Codemasters\F1 2011\F1_2011.exe
Task: {2BA3BBF4-BB63-4DF1-8BE7-D194F9A7BEBE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {32C3F193-E474-48F5-A4AE-8A76FF2E6B46} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {34BBBDB8-BE2D-4642-943E-0FB2C3E41F3F} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {353C4B94-CA36-41FB-B10A-6A96A4AA9D70} - System32\Tasks\{AB093EF2-8431-48F7-A152-B16615537E3B} => pcalua.exe -a C:\Users\webst\Downloads\lide60vst6411111a_64de.exe -d C:\Users\webst\Downloads
Task: {377C6674-7D4A-48C2-BC01-464AEE770A6B} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {3AD13CC6-82CD-4EA7-A83E-FB358C8B7D6F} - System32\Tasks\CheckDriveBackgroundGuard => C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe [2013-07-16] (Abelssoft)
Task: {3F041A5C-6AA0-4BCA-86B1-D9611E553D41} - System32\Tasks\{C33A141E-78DC-443D-8D8F-761058412730} => pcalua.exe -a "C:\ProgramData\G Data\Setups\{85203592-3610-4FB9-AA11-15B2255B5A12}\setup.exe" -c /InstallMode=Uninstall /_DoNotShowChange=true
Task: {470C5797-0D26-4FAD-B813-15A57A24C4C5} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {4781B416-B10E-4EA7-8315-F2B6C2DC1B29} - System32\Tasks\{9B373F43-3EE1-4461-BDF0-6E6729C42648} => E:\Program Files (x86)\Codemasters\F1 2011\F1_2011.exe
Task: {4A9A8551-9459-43FC-A205-9A2EB76D4173} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {4E14ABB0-7B80-4C2D-B836-8A857CCC0F93} - System32\Tasks\Core Temp Autostart webst => C:\Users\webst\Desktop\Core Temp.exe
Task: {4FF40D83-2629-423C-A1CF-4CE0E983BCDF} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {52B17BAA-D4A5-4F8B-A820-765F08587E38} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {539E9EAC-2C58-4260-806B-C8E790828E15} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {55E13EB8-0D1E-4AC8-862E-F98BCA223289} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {5DDF47AE-60D3-4123-A2A1-E2F3BFB539A2} - System32\Tasks\{126BED91-61C8-4B52-954B-65A7CDBE7E1C} => pcalua.exe -a C:\Users\webst\Downloads\install_easyshare.exe -d C:\Users\webst\Downloads
Task: {68FFA6B4-1BDD-45E1-831C-D906EDA78D7D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {7F99BF45-294D-4F71-AAD0-83FBEFC7349C} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {804B88E4-AD1C-4767-85C0-E9347674868E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {90E17A64-BEDF-4474-ADF2-6F5A8ACBA76B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {9247EEF8-2682-4B27-ADED-D30CF906118B} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {9340C121-BE0A-4736-A17C-403A18901247} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {969FAFBD-4601-4841-96BD-4FE0EB2E8792} - System32\Tasks\{07C238D3-D417-4055-8799-C7CBED61846C} => pcalua.exe -a "C:\Program Files (x86)\ExpressFiles\uninstall.exe"
Task: {A0DAE298-326B-41A2-9216-1257F499CB9C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {A54E7EAF-F1A1-44B5-B7BF-0FAF8A26AC9B} - System32\Tasks\cFos\Registration Tasks\Open Browser => Chrome.exe "hxxp://www.cfos.de/de/cfosspeed/documentation/status.htm?sw-10.08.2216&amp;days=30"
Task: {A571338E-05B4-4F95-96D4-10BD8C475EBE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {B23CF703-397A-4272-BC28-78761B977B6D} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {BA11907F-1F26-4D87-BC3E-0FE3B73C4CC0} - System32\Tasks\Update Media Center Control => C:\ProgramData\MCC_Service\update\MCC Installer.exe
Task: {BBE90043-C105-4729-ACD1-01B3520606E2} - System32\Tasks\DivX-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2013-02-13] ()
Task: {BD3465D1-6BCE-40CA-9741-654439A83BE8} - System32\Tasks\Google Updater and Installer => C:\Users\webst\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {C1368F7F-2120-4FAA-9C6C-BF2A627827BC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {C6482DAD-D860-4730-881D-13D93CBDEAB0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {C7269ED6-42C8-464A-BD3C-B0C7A52838FB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {CE619B3A-5B39-4AB7-A1E0-73E35E1FA168} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {D0A20C91-DAFF-45D9-B768-8196A694F755} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {D2413BF1-86D3-44B0-9383-29F4E430196E} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-30] (Oracle Corporation)
Task: {D53F45BE-DE01-4E6A-9C02-839C9EAAEC98} - System32\Tasks\AbelssoftPreloader => C:\Program Files (x86)\WashAndGo\AbelssoftPreloader.exe [2015-02-10] (Microsoft)
Task: {D54FECA0-DC24-4D25-BAF0-85A6C7CFC61F} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {D6B03B3B-1A48-4B90-B432-A612942D41FE} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {D8F378DF-84E8-4614-8CFE-3E200D13568F} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {D9DC7542-2BD4-4BC7-85AA-225A597A14BB} - System32\Tasks\Update Media Center Control (Server only) => C:\ProgramData\MCC_Service\update\MCC Installer.exe
Task: {E41BBE26-B90B-4ECA-AC60-AF7B10D8BE68} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {E87A61B1-F867-4E29-B877-802903C78B77} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.)
Task: {EE03564A-10E0-468D-BB89-148C374EA33A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {F8C77E8E-65D3-4634-9417-DDB0B9A29CA9} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FDE5FB5B-D892-4300-991B-3389B2153AF3} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3858550174-89373323-3384911765-1001
Task: C:\WINDOWS\Tasks\AbelssoftPreloader.job => C:\Program Files (x86)\WashAndGo\AbelssoftPreloader.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CheckDriveBackgroundGuard.job => C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-21 22:08 - 2014-08-27 17:31 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2015-01-21 22:08 - 2013-09-03 15:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2015-01-21 22:08 - 2015-01-20 18:34 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2015-01-21 22:08 - 2012-10-29 15:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-05-06 20:51 - 2015-05-06 20:51 - 00790368 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00350_005\ashttpbr.mdl
2015-05-06 20:51 - 2015-05-06 20:51 - 00711064 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00350_005\ashttpdsp.mdl
2015-05-06 20:51 - 2015-05-06 20:51 - 02683520 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00350_005\ashttpph.mdl
2015-05-06 20:51 - 2015-05-06 20:51 - 01326504 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00350_005\ashttprbl.mdl
2013-10-20 02:51 - 2015-06-17 08:48 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2008-06-04 10:53 - 2008-06-04 09:53 - 00027648 _____ () C:\WINDOWS\System32\spd__l.dll
2009-09-01 05:31 - 2009-09-01 05:31 - 00022016 _____ () C:\WINDOWS\System32\ssp2ml6.dll
2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files (x86)\AAVUpdateManager\aavus.exe
2015-01-20 00:03 - 2014-12-15 02:03 - 00241704 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
2013-10-12 02:29 - 2013-10-12 02:29 - 00757048 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2013-05-23 15:57 - 2013-05-23 15:57 - 00885576 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
2013-05-23 15:58 - 2013-05-23 15:58 - 02204488 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
2015-01-21 22:08 - 2013-03-25 16:16 - 01117920 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00098856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00031272 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00017448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00088616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 01296424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00060968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00107560 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00030248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00068136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00158248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00280104 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00072232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00139816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00037416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00754728 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00407080 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00148008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00076840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00207912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00024616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00020520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00032296 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00034856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00064040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00022568 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00115752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00194088 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00037928 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00135720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00020008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00043048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00096808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00353832 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00027176 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00137256 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00146984 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00050216 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00061992 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00089640 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00056360 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll
2015-07-07 23:15 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-07-07 23:15 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-07-07 23:15 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-07-07 23:15 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-07-07 23:15 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-01-20 00:03 - 2014-12-15 01:53 - 00223784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
2013-05-23 15:58 - 2013-05-23 15:58 - 00222024 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\wmdrmdll.dll
2015-06-25 21:34 - 2015-06-24 13:37 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-08-07 11:39 - 2014-08-07 11:39 - 00014336 _____ () C:\Program Files (x86)\COMPUTER BILD Account-Alarm\BCrypt.Net.dll
2015-07-07 23:12 - 2015-07-07 05:49 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libglesv2.dll
2015-07-07 23:12 - 2015-07-07 05:49 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libegl.dll
2015-07-10 23:58 - 2015-07-10 23:58 - 00098816 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\win32api.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00110080 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\pywintypes27.dll
2015-07-10 23:58 - 2015-07-10 23:58 - 00364544 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\pythoncom27.dll
2015-07-10 23:58 - 2015-07-10 23:58 - 00045568 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\_socket.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 01161216 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\_ssl.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00320512 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\win32com.shell.shell.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00713216 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\_hashlib.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 01175040 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\wx._core_.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00805888 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\wx._gdi_.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00811008 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\wx._windows_.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 01062400 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\wx._controls_.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00735232 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\wx._misc_.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00682496 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\pysqlite2._sqlite.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00087552 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\_ctypes.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00119808 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\win32file.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00108544 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\win32security.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00007168 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\hashobjs_ext.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00026624 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\usb_ext.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00167936 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\win32gui.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00018432 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\win32event.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00128512 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\_elementtree.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00127488 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\pyexpat.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00013824 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\common.time34.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00036864 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\_psutil_windows.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00038912 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\win32inet.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00011264 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\win32crypt.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00070656 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\wx._html2.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00027136 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\_multiprocessing.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00020480 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\_yappi.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00035840 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\win32process.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00686080 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\unicodedata.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00122368 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\wx._wizard.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00024064 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\win32pipe.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00010240 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\select.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00025600 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\win32pdh.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00525640 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\windows._lib_cacheinvalidation.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00017408 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\win32profile.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00022528 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\win32ts.pyd
2015-07-10 23:58 - 2015-07-10 23:58 - 00078336 _____ () C:\Users\webst\AppData\Local\Temp\_MEI75442\wx._animate.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\webst\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\webst\SkyDrive.old:ms-properties
AlternateDataStreams: C:\Users\webst\Downloads\Adaware_Installer_11.3.exe:BDU
AlternateDataStreams: C:\Users\webst\Downloads\cFosSpeed - CHIP-Installer.exe:BDU
AlternateDataStreams: C:\Users\webst\Downloads\download-adblock-chrome.exe:BDU
AlternateDataStreams: C:\Users\webst\Downloads\Dr Hardware 2014 - CHIP-Installer.exe:BDU
AlternateDataStreams: C:\Users\webst\Downloads\epm_trial.exe:BDU
AlternateDataStreams: C:\Users\webst\Downloads\Firefox Setup Stub 38.0.1.exe:BDU
AlternateDataStreams: C:\Users\webst\Downloads\FM-PDF-To-JPG-Converter-Pro-Setup.exe:BDU
AlternateDataStreams: C:\Users\webst\Downloads\Free-PDF-To-JPG-Converter-32Setup.exe:BDU
AlternateDataStreams: C:\Users\webst\Downloads\gimp-2.8.14-setup.exe:BDU
AlternateDataStreams: C:\Users\webst\Downloads\iview438g_setup.exe:BDU
AlternateDataStreams: C:\Users\webst\Downloads\jdk-8u31-windows-x64.exe:BDU
AlternateDataStreams: C:\Users\webst\Downloads\jdk-8u40-windows-i586.exe:BDU
AlternateDataStreams: C:\Users\webst\Downloads\Kies3Setup.exe:BDU
AlternateDataStreams: C:\Users\webst\Downloads\KiesSetup.exe:BDU
AlternateDataStreams: C:\Users\webst\Downloads\Knoppix - CHIP-Installer.exe:BDU
AlternateDataStreams: C:\Users\webst\Downloads\mbam-setup-2.0.4.1028.exe:BDU
AlternateDataStreams: C:\Users\webst\Downloads\Nicht bestätigt 630180.crdownload:BDU
AlternateDataStreams: C:\Users\webst\Downloads\pdf24-creator-6.9.2.exe:BDU
AlternateDataStreams: C:\Users\webst\Downloads\SetupShredderClassic4.exe:BDU
AlternateDataStreams: C:\Users\webst\Downloads\SG TCP Optimizer - CHIP-Installer.exe:BDU
AlternateDataStreams: C:\Users\webst\Downloads\UsenetNLSetup_1.30.exe:BDU
AlternateDataStreams: C:\Users\webst\Downloads\UseNeXTSetup_5.64.exe:BDU

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7867 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3858550174-89373323-3384911765-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\WALLPAPER.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\startupreg: EKStatusMonitor => 
HKLM\...\StartupApproved\StartupFolder: => "Trend Micro SafeSync.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Twonky Server.lnk"
HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run: => "EKIJ5000StatusMonitor"
HKLM\...\StartupApproved\Run32: => "amd_dc_opt"
HKLM\...\StartupApproved\Run32: => "EKStatusMonitor"
HKLM\...\StartupApproved\Run32: => "HDAudDeck"
HKLM\...\StartupApproved\Run32: => "HTC Sync Loader"
HKLM\...\StartupApproved\Run32: => "Conime"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "Sweetpacks Communicator"
HKLM\...\StartupApproved\Run32: => "EKIJ5000StatusMonitor"
HKLM\...\StartupApproved\Run32: => "PrivitizeVPN"
HKLM\...\StartupApproved\Run32: => "LGODDFU"
HKLM\...\StartupApproved\Run32: => "SearchSettings"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "GamingMouse"
HKLM\...\StartupApproved\Run32: => "NBAgent"
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\StartupApproved\StartupFolder: => "Logitech . Produktregistrierung.lnk"
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\StartupApproved\Run: => "AnyDVD"
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\StartupApproved\Run: => "KiesPreload"
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\StartupApproved\Run: => "Advanced SystemCare Ultimate"
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\StartupApproved\Run: => "BrowserChoice"
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\StartupApproved\Run: => "GoogleRadar"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{1D3E3606-4E0C-43C5-ABAB-6350F93EF7AC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{55BB1513-E639-4F49-97B1-4BF1BA7FB05D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0BCA122F-6757-4FD5-BD47-9CB477CFEAF8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{4BDA716B-40D1-4870-9E78-A077303546A6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{88C4758B-D0E4-41A9-BA9B-FE2ABB2C4ED7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EEABA0F5-AE3E-4027-B22B-243C45F06087}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7276D876-6B7A-482F-8E7A-6F8DA9E4ECC2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{B1FD3F97-306A-4488-94B5-59068A09874D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{BDD671E6-B27E-476E-8D34-89E8B5400D60}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A6954469-C588-49C4-AE77-9AE8816E1576}] => (Allow) LPort=5353
FirewallRules: [{64CA77BF-AE53-42A1-B1B0-FBEB6BF7CEF0}] => (Allow) LPort=9322
FirewallRules: [UDP Query User{DA6117F7-A42F-469A-B97C-848FF55322B0}E:\diablo iii\diablo iii.exe] => (Allow) E:\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{AF4DAFCC-0EA0-4250-AD68-DDAE41D34EC5}E:\diablo iii\diablo iii.exe] => (Allow) E:\diablo iii\diablo iii.exe
FirewallRules: [{28096E21-BE96-4EFD-96B5-3E054E47912F}] => (Allow) LPort=1900
FirewallRules: [{8ADDD5D4-776F-4DEF-8953-C25D072E3C19}] => (Allow) LPort=2869
FirewallRules: [{66D97BF4-7503-4BDF-8EA1-3993A88BF595}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{28A0B78D-F53A-4896-931E-400A958017A1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{BA495AE4-8D6B-4079-851D-E98163CA0B80}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8CAA6927-C553-407D-8B9E-722D806D4E07}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D505D524-B01A-48AE-865F-381F7D4EAFC8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{33059EB6-04E8-4B8A-B851-6202F5894482}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{8B4EEFA5-30E5-4CC4-94D7-CF70539CB1E6}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{4F457801-FE35-48BE-9699-D2FA0920BE7E}] => (Allow) C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
FirewallRules: [{48C1A766-E6A6-4EC9-B4DE-6330BFF15B57}] => (Allow) C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
FirewallRules: [{6BCDCCF9-7E83-480F-8467-0642B59126D4}] => (Allow) C:\Program Files (x86)\EASEUS\Todo Backup\bin\TbService.exe
FirewallRules: [{24CBD471-5B77-4B28-BC80-33CB4C1BCFE1}] => (Allow) C:\Program Files (x86)\EASEUS\Todo Backup\bin\TbService.exe
FirewallRules: [{D7FE4AD0-FB7B-40C2-AD5B-A2AFF151F37D}] => (Allow) C:\Program Files (x86)\EASEUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{DF79003F-ECBD-4324-816A-BA6ECA1DDE7E}] => (Allow) C:\Program Files (x86)\EASEUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{DE9F920A-59BC-4DEC-8AD8-BE9D432655A2}] => (Allow) LPort=5353
FirewallRules: [{107EBFC4-4B4C-4C16-A963-50547142A9F2}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{4953BAF8-D9FC-4B77-88D8-8A7712688E47}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{3A5A2922-BEE1-4806-8537-E6D55D3C08F7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{54FC2333-F6C3-4750-B6FE-ACE3B3C4EA87}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{0220B681-E57D-46B3-83A2-9F7D79DD1032}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{055C1C6B-10CC-4047-A382-F38638DA5D17}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{27A298A4-1E9C-41B9-B465-8CB738D68F11}] => (Allow) L:\Battle.net\Battle.net.exe
FirewallRules: [{CD04CDEA-5A71-4883-B6DA-7D00DE5A0080}] => (Allow) L:\Battle.net\Battle.net.exe
FirewallRules: [{00970529-0C9A-45AE-A10F-D48EA571E323}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1DB7AB1E-B655-4FDA-ABC0-8E0FCC4530FC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5C43D8D9-40E2-4BEF-AB6F-DA263A993B82}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{F8F6B1AF-991E-4275-84B6-92F5897F6E69}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{B699DC9B-1493-4100-9E0A-9711D0040E63}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EE7A4378-FDB9-4009-A3D8-089EDF7B7BEF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1BC716F9-574C-4C99-9D6B-C423A15B35FD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{33567BD9-60A0-411C-A426-B731F7D585B2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{65AEA234-6AE0-42DC-ABBF-F4ED791AEA10}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C0690558-91FD-49F1-8939-988D4F921C0C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{EFAED7AF-EE87-4544-A7B5-A2B46F8A10D9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E6BF8F43-A222-429C-9155-02F554620542}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5826263A-3C90-4B7D-B134-1A6590F8E746}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{4769C44B-1567-4346-909B-01D71F21EB83}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{0B87D580-D7ED-4A14-AFCE-F78DFC6B6E39}] => (Allow) C:\Program Files (x86)\Media Center Control\MCC Server.exe
FirewallRules: [{B2E0A544-81F1-448A-9AB5-B27B8FB76596}] => (Allow) C:\Program Files (x86)\Media Center Control\MCC Service.exe
FirewallRules: [{93066288-D6FC-45E3-94C5-0572F333D7BB}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{21EC2592-5BCD-433D-976F-BDC6194AAE7E}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{4EDB5EFB-C196-497B-BC10-CDD1ED43A320}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D938BEF2-090C-4CC1-9FC9-8D9FC4C3A79C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D84B4E97-C645-45A9-9582-3F2AED00B4D9}] => (Allow) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
FirewallRules: [{16B91582-DBFA-41A5-8167-599DCD27FEE0}] => (Allow) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
FirewallRules: [{BFAE6C50-292E-4337-8E14-35C2639396DA}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{9351FE30-0898-46EA-A627-453A387DD997}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{DC82F826-2E69-46E1-84A7-9A4C7BB71C5A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{1C9C759C-3CE9-4421-9821-8EDA6924C231}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{3659B125-60E3-4BB6-B023-62BEF0CBBF1F}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{256B2643-E400-46CF-AE59-5B0E61B7A990}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{8CD758C4-5315-4167-8FFA-8102A35EE54C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{88F0E05D-0469-4B29-8C7E-9F592EF7AA2B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3B7D02AD-B366-44E0-97C0-4D9C7C0E6CD6}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
FirewallRules: [{E4642B43-8B6C-4A3E-BB33-F81DD1424955}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
FirewallRules: [{E23D2A1D-D169-448D-9412-D6682B7131D6}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
FirewallRules: [{D36124E2-8E0A-4A98-B10D-EBDCC2EC1D45}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
FirewallRules: [{DC2A5B40-B0A9-4B3E-B163-ADC273ADF7CD}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
FirewallRules: [{F72941E4-5F29-4D38-A5A0-93DFA6711AE9}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
FirewallRules: [{0AB6B704-B01E-44DB-A50E-9F7759CC9451}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
FirewallRules: [{6D9257EF-48F0-4920-98A9-AC468094D340}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
FirewallRules: [{28C87EB7-99B0-4FA6-9C2D-BD3D12B11941}] => (Allow) C:\Program Files (x86)\EASEUS\Todo Backup\bin\TbService.exe
FirewallRules: [{947855D2-0BA2-4F8A-A6C5-223503A34945}] => (Allow) C:\Program Files (x86)\EASEUS\Todo Backup\bin\TbService.exe
FirewallRules: [{7EF2DF1B-6274-46B9-BCA8-D7CC79D59507}] => (Allow) C:\Program Files (x86)\EASEUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{D5767B67-837C-4228-9317-3946672B36D3}] => (Allow) C:\Program Files (x86)\EASEUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{E0AD2B4C-49A2-4D94-A284-EDCD0E7ABAC7}] => (Allow) C:\Program Files (x86)\EASEUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{39B40890-A7BB-4215-934A-195339330595}] => (Allow) C:\Program Files (x86)\EASEUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{344C1921-A94D-4390-B8EB-9F9D5ACA8051}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4F454BB7-E3BB-40FF-8567-5D0ED621CC22}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0F6558CC-7EAA-4820-A916-88CCDD460BF8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{31009B7B-43B4-4F58-ADEE-13F1643E39E8}] => (Allow) C:\Program Files (x86)\EASEUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{2307A013-3EE9-4B6F-BF8B-236CEE3BFF5F}] => (Allow) C:\Program Files (x86)\EASEUS\Todo Backup\bin\TodoBackupService.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: VMLite Host-Only Ethernet Adapter
Description: VMLite Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMLite Inc.
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/10/2015 11:57:44 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/10/2015 11:54:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RECHTS-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/10/2015 11:54:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RECHTS-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/10/2015 11:54:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RECHTS-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/10/2015 11:54:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RECHTS-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/10/2015 11:54:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RECHTS-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/10/2015 11:54:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RECHTS-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/10/2015 11:54:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RECHTS-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/10/2015 11:54:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RECHTS-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/10/2015 11:54:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RECHTS-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


System errors:
=============
Error: (07/10/2015 11:57:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (07/10/2015 11:57:16 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.

Error: (07/10/2015 11:54:51 PM) (Source: DCOM) (EventID: 10010) (User: RECHTS-PC)
Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}

Error: (07/10/2015 11:54:50 PM) (Source: DCOM) (EventID: 10010) (User: RECHTS-PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/10/2015 11:54:50 PM) (Source: DCOM) (EventID: 10010) (User: RECHTS-PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/10/2015 11:54:50 PM) (Source: DCOM) (EventID: 10010) (User: RECHTS-PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/10/2015 11:54:50 PM) (Source: DCOM) (EventID: 10010) (User: RECHTS-PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/10/2015 11:54:50 PM) (Source: DCOM) (EventID: 10010) (User: RECHTS-PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/10/2015 11:54:50 PM) (Source: DCOM) (EventID: 10010) (User: RECHTS-PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/10/2015 11:54:50 PM) (Source: DCOM) (EventID: 10010) (User: RECHTS-PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


Microsoft Office:
=========================
Error: (07/10/2015 11:57:44 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/10/2015 11:54:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RECHTS-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (07/10/2015 11:54:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RECHTS-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (07/10/2015 11:54:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RECHTS-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (07/10/2015 11:54:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RECHTS-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (07/10/2015 11:54:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RECHTS-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (07/10/2015 11:54:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RECHTS-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (07/10/2015 11:54:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RECHTS-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (07/10/2015 11:54:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RECHTS-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (07/10/2015 11:54:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RECHTS-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141


CodeIntegrity Errors:
===================================
  Date: 2015-04-18 15:28:05.141
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-04-18 15:28:04.948
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-04-18 15:28:04.762
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-04-18 15:28:04.515
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-04-18 15:28:04.345
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-04-18 15:28:04.185
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-04-18 15:28:01.696
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-04-18 15:28:00.322
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-04-18 14:37:23.868
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-04-18 14:37:23.618
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 61%
Total physical RAM: 4095.3 MB
Available physical RAM: 1594.37 MB
Total Virtual: 8191.3 MB
Available Virtual: 5018.79 MB

==================== Drives ================================

Drive c: (Platte C: (Boot)) (Fixed) (Total:472.42 GB) (Free:249.2 GB) NTFS
Drive d: (Linux Mint 17.1) (CDROM) (Total:1.44 GB) (Free:0 GB) CDFS
Drive e: (Platte 2 / Spiele E:) (Fixed) (Total:345.57 GB) (Free:272.63 GB) NTFS
Drive f: (Safe USB) (Removable) (Total:7.4 GB) (Free:2.19 GB) NTFS
Drive l: (UsenetFiles) (Fixed) (Total:459 GB) (Free:120.61 GB) NTFS
Drive o: (Platte 2 / rest) (Fixed) (Total:296.51 GB) (Free:91.93 GB) NTFS
Drive s: () (Removable) (Total:7.41 GB) (Free:5.35 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 34EDD9FE)
Partition 1: (Active) - (Size=86 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=472.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=459 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 23F55897)
Partition 1: (Not Active) - (Size=345.6 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=296.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=289.4 GB) - (Type=05)

========================================================
Disk: 2 (Size: 7.4 GB) (Disk ID: 30F03C67)
Partition 1: (Not Active) - (Size=7.4 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 7.4 GB) (Disk ID: 5D8353DC)
Partition 1: (Not Active) - (Size=7.4 GB) - (Type=0B)

==================== End of log ============================
         
--- --- --- GMER Logfile:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-11 00:48:59
Windows 6.2.9200  x64 
Running: v1rl70gt.exe


---- Registry - GMER 2.1 ----

Reg  HKLM\SYSTEM\CurrentControlSet\Control\CI\Telemetry@LastUpdate                                                                                   2015-07-09T17:59:07.0000000Z
Reg  HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime                                                                               0xC5 0x16 0xA8 0x11 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime                                                                                  0xA8 0x78 0xAA 0x11 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime                                                                              0x8B 0x00 0xD2 0xBA ...
Reg  HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime                                                                           0xC3 0x9E 0xCF 0xBA ...
Reg  HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@en-GB                                                                           936
Reg  HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\AVA225AE427AJA029803_29_07D7_DF^2F3A20B42A8A78F49319A943224CC413@Timestamp  0x15 0x4A 0x3E 0x12 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid                                                                                                880
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{5EBF3E1E-F7EE-4BD3-8B35-A9211B0E948C}\Connection@Name     isatap.net
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber                                                              4523004
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                               1971719663
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId                                               947
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime                                             447514726
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime                                                                            28818
Reg  HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID                                                                                4907070f-ff38-4af7-8ecf-8367334
Reg  HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\AITEventLog@FileCounter                                                                    2
Reg  HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\SQMLogger@FileCounter                                                                      7
Reg  HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter                                                                  2
Reg  HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{32539b67-8a2f-4927-a9fd-2b70e6c257fd}@LastProbeTime                           1436569599
Reg  HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{5EBF3E1E-F7EE-4BD3-8B35-A9211B0E948C}@ReusableType                           0
Reg  HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{5EBF3E1E-F7EE-4BD3-8B35-A9211B0E948C}@DefunctTimestamp                       0xBC 0x36 0x9C 0x55 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime                                                                 ?Fr?, ?Jul ?10 ?15, 11:33:17???????????????????????????????????
Reg  HKLM\SYSTEM\CurrentControlSet\Services\SDScannerService@ServiceWebPortFileScannerActive                                                         0
Reg  HKLM\SYSTEM\CurrentControlSet\Services\SDScannerService@ServiceWebPortFirewallActive                                                            0
Reg  HKLM\SYSTEM\CurrentControlSet\Services\SDUpdateService@ServiceWebPortActive                                                                     0
Reg  HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                                 76754
Reg  HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                                                24741
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                             C:\Program Files (x86)\DAEMON Tools Pro\
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                             0x00 0x00 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                             0
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                          0x65 0xB9 0xBC 0x07 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                       
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                 0x81 0xFA 0x73 0xC4 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                  
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                            0xF4 0xF3 0xC2 0x18 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence                                                                          933
Reg  HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A1B19695-79E8-4F6B-950F-271E91094527}@LeaseObtainedTime                     1436562397
Reg  HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A1B19695-79E8-4F6B-950F-271E91094527}@T1                                    1436605597
Reg  HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A1B19695-79E8-4F6B-950F-271E91094527}@T2                                    1436637997
Reg  HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A1B19695-79E8-4F6B-950F-271E91094527}@LeaseTerminatesTime                   1436648797
Reg  HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient@SpecialPollTimeRemaining                                                 time.windows.com,7cbfe65???????????
Reg  HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop                                                                0
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer@GlobalAssocChangedCounter                                                               4337
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown                                                                  1
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}\iexplore@Count                                  1211
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\iexplore@Count                                  461
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\Grid@Logo100                                                                      %USERPROFILE%\AppData\Local\Microsoft\Windows\Explorer\TileCacheLogo-666859_100.dat
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime                                        0xAD 0x3E 0xE9 0x5E ...
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime                                   0xAD 0x3E 0xE9 0x5E ...
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@OtherBandwidthBucketCounter                                              5205
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@OtherRequestBucketCounter                                                0
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime                                          0xAD 0x3E 0xE9 0x5E ...
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalBandwidthBucketCounter                                             5205
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalRequestBucketCounter                                               0
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime                                         0xAD 0x3E 0xE9 0x5E ...
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastUploadTime                                                           0x1B 0x4D 0xDB 0xC3 ...
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@RoamingSyncToken                                                         LM%3d63572160187390%3bID%3dB464C958DD23D223!104%3bLR%3d63572160766460%3bEP%3d4%3bTD%3dTrue%3bSO%3d0
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest                                          0x82 0x9B 0x49 0x03 ...
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations                                                           493
Reg  HKCU\Software\Microsoft\Windows\Windows Error Reporting@LastRateLimitedDumpGenerationTime                                                       0x65 0x58 0xFB 0xB1 ...
Reg  HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation                                                                     C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.9.9600.17729_f4d62e9e3e89196fbe7236f157f7cefd4a83c21d_00000000_05577d68
Reg  HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CheckingForSolutionDialog                                               0x78 0x05 0x09 0x00 ...
Reg  HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CloseDialog                                                             0x12 0x06 0x15 0x00 ...

---- EOF - GMER 2.1 ----
         
--- --- ---
__________________

Alt 12.07.2015, 11:13   #4
schrauber
/// the machine
/// TB-Ausbilder
 

pum.bad.proxy kommt immer wieder - Standard

pum.bad.proxy kommt immer wieder



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    IObit Apps Toolbar v7.0


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.07.2015, 14:28   #5
snuggel123
 
pum.bad.proxy kommt immer wieder - Standard

pum.bad.proxy kommt immer wieder



Hallo und Danke schon mal für deine Hilfe !

Nun mal der Reihe nach, der (M)Bammmmm :-)

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 7/12/2015
Suchlaufzeit: 13:46
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.07.12.02
Rootkit-Datenbank: v2015.07.10.01
Lizenz: Premium-Version
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Aktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: webst

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 441269
Abgelaufene Zeit: 28 Min., 3 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 1
PUM.Bad.Proxy, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:50131;https=127.0.0.1:50131, In Quarantäne, [3ba73da30c7ef54173c11de3976cdc24]

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
ADW Cleaner :

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.208 - Bericht erstellt 12/07/2015 um 14:21:52
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-11.1 [Server]
# Betriebssystem : Windows 8.1 Pro  (x64)
# Benutzername : webst - RECHTS-PC
# Gestarted von : C:\Users\webst\Desktop\adwcleaner_4.208.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v38.0.1 (x86 de)


-\\ Google Chrome v43.0.2357.132


*************************

AdwCleaner[R0].txt - [17835 Bytes] - [30/10/2013 21:10:44]
AdwCleaner[R10].txt - [2017 Bytes] - [22/10/2014 13:19:00]
AdwCleaner[R11].txt - [4471 Bytes] - [08/07/2015 21:54:40]
AdwCleaner[R12].txt - [2612 Bytes] - [08/07/2015 23:00:31]
AdwCleaner[R13].txt - [2924 Bytes] - [09/07/2015 20:31:14]
AdwCleaner[R14].txt - [2984 Bytes] - [09/07/2015 21:14:08]
AdwCleaner[R15].txt - [3000 Bytes] - [09/07/2015 21:28:08]
AdwCleaner[R16].txt - [5188 Bytes] - [09/07/2015 23:53:47]
AdwCleaner[R17].txt - [2860 Bytes] - [12/07/2015 14:21:12]
AdwCleaner[R1].txt - [867 Bytes] - [30/10/2013 21:16:31]
AdwCleaner[R2].txt - [36307 Bytes] - [07/10/2014 00:12:44]
AdwCleaner[R3].txt - [1266 Bytes] - [07/10/2014 00:34:10]
AdwCleaner[R4].txt - [1327 Bytes] - [07/10/2014 00:35:32]
AdwCleaner[R5].txt - [1314 Bytes] - [07/10/2014 00:47:31]
AdwCleaner[R6].txt - [1374 Bytes] - [09/10/2014 00:08:30]
AdwCleaner[R7].txt - [1435 Bytes] - [09/10/2014 01:09:49]
AdwCleaner[R8].txt - [1555 Bytes] - [11/10/2014 02:59:40]
AdwCleaner[R9].txt - [1747 Bytes] - [17/10/2014 22:44:25]
AdwCleaner[S0].txt - [17638 Bytes] - [30/10/2013 21:11:00]
AdwCleaner[S10].txt - [2830 Bytes] - [09/07/2015 21:29:12]
AdwCleaner[S11].txt - [5018 Bytes] - [09/07/2015 23:54:49]
AdwCleaner[S12].txt - [2248 Bytes] - [12/07/2015 14:21:52]
AdwCleaner[S1].txt - [927 Bytes] - [30/10/2013 21:16:59]
AdwCleaner[S2].txt - [36836 Bytes] - [07/10/2014 00:15:07]
AdwCleaner[S3].txt - [1390 Bytes] - [07/10/2014 00:36:05]
AdwCleaner[S4].txt - [1496 Bytes] - [09/10/2014 01:20:26]
AdwCleaner[S5].txt - [1681 Bytes] - [17/10/2014 22:45:43]
AdwCleaner[S6].txt - [2077 Bytes] - [22/10/2014 13:21:13]
AdwCleaner[S7].txt - [3974 Bytes] - [08/07/2015 21:56:26]
AdwCleaner[S8].txt - [2440 Bytes] - [08/07/2015 23:01:15]
AdwCleaner[S9].txt - [3042 Bytes] - [09/07/2015 21:15:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S12].txt - [2839  Bytes] ##########
         
--- --- ---

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.5 (07.12.2015:1)
OS: Windows 8.1 Pro x64
Ran by webst on Sun 07/12/2015 at 14:37:52.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_1F44CB0EF79C5A00329816E6692A365E



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\IObit\Driver Booster
Successfully deleted: [Folder] C:\Users\webst\AppData\Roaming\IObit\Driver Booster



~~~ Chrome


[C:\Users\webst\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\webst\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\webst\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\webst\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/12/2015 at 14:44:48.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.5 (07.12.2015:1)
OS: Windows 8.1 Pro x64
Ran by webst on Sun 07/12/2015 at 14:59:53.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_1F44CB0EF79C5A00329816E6692A365E



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome


[C:\Users\webst\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\webst\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\webst\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\webst\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/12/2015 at 15:06:29.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Zum Schluss halte nochmal frst :-)


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-07-2015
Ran by webst (administrator) on RECHTS-PC on 12-07-2015 15:12:33
Running from C:\Users\webst\Desktop
Loaded Profiles: webst (Available Profiles: webst & Joerg)
Platform: Windows 8.1 Pro (X64) OS Language: Englisch (Großbritannien)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwtxapps.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxcr.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [380544 2012-06-28] (Alcor Micro Corp.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-29] (Logitech Inc.)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1691112 2015-04-06] (Bitdefender)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] ()
HKLM-x32\...\Run: [COMPUTERBILD-Abzockschutz] => C:\Program Files (x86)\COMPUTERBILD-Abzockschutz\bin\COMPUTERBILD-Abzockschutz.exe [537664 2014-04-15] (J3S GmbH)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe [2086568 2014-03-06] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [Steganos HotKeys] => C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe [100864 2014-02-25] (Steganos Software GmbH)
HKLM-x32\...\Run: [SAFE14 File Redirection Starter] => C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe [17408 2014-02-25] (Steganos Software GmbH)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-06-23] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [8088488 2014-05-14] (SlySoft, Inc.)
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Run: [GoogleRadar] => C:\Program Files (x86)\GoogleClean\GoogleRadar.exe [1540096 2014-06-17] ()
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Run: [COMPUTER BILD Account-Alarm] => C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe [2058752 2014-08-07] (J3S GmbH)
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Run: [Bitdefender-Geldb�rse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-02-25] (Bitdefender)
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Run: [SAFE14 Browser Monitor] => C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe [70144 2014-02-25] (Steganos Software GmbH)
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21969480 2015-05-19] (Google)
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Run: [GoogleChromeAutoLaunch_1F44CB0EF79C5A00329816E6692A365E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-07] (Google Inc.)
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\MountPoints2: {5585cfe9-9a0e-11e3-811a-002522baf411} - "K:\setup.exe" 
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\MountPoints2: {9bf800cc-4643-11e3-807a-806e6f6e6963} - "F:\zdata\cobi.exe" 
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\MountPoints2: {b3611562-311c-11e4-823d-002522baf411} - "D:\zdata\cobi.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Twonky Server.lnk [2014-11-30]
ShortcutTarget: Twonky Server.lnk -> C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
Startup: C:\Users\webst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms [2013-12-21] ()
Startup: C:\Users\webst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk [2013-10-30]
ShortcutTarget: Mediencenter.lnk -> C:\Users\webst\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [01Mediencenter_InSync] -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\webst\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2013-10-01] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [02Mediencenter_ToSync] -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\webst\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2013-10-01] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [03Mediencenter_Failed] -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\webst\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2013-10-01] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-10-20] (IvoSoft)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-10-20] (IvoSoft)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3858550174-89373323-3384911765-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:50131;https=127.0.0.1:50131
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3858550174-89373323-3384911765-1001 -> D3DFC7F3C04E40DBA16BBBB3D4EE9F74 URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=114576&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3858550174-89373323-3384911765-1001 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.de/search?q={searchTerms}
BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-25] (Bitdefender)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-10-20] (IvoSoft)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2013-10-20] (IvoSoft)
BHO-x32: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-25] (Bitdefender)
BHO-x32: CBAbzockschutz.InitToolbarBHO -> {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} -> C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-05-06] (DivX, LLC)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-10-20] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-27] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-14] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-27] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2013-10-20] (IvoSoft)
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-25] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-25] (Bitdefender)
Toolbar: HKU\S-1-5-21-3858550174-89373323-3384911765-1001 -> Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-25] (Bitdefender)
Toolbar: HKU\S-1-5-21-3858550174-89373323-3384911765-1001 -> No Name - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Hosts: 127.0.0.1	localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1
Tcpip\..\Interfaces\{A1B19695-79E8-4F6B-950F-271E91094527}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{A1B19695-79E8-4F6B-950F-271E91094527}: [DhcpNameServer] 192.168.192.1
Tcpip\..\Interfaces\{AD9A15D4-3B70-42BD-9897-2085400DBD1B}: [DhcpNameServer] 192.168.192.1

FireFox:
========
FF ProfilePath: C:\Users\webst\AppData\Roaming\Mozilla\Firefox\Profiles\uwdjitzd.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-08] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-08] ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-05-06] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-01-21]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-05-22]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2015-01-21]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome: 
=======
CHR Profile: C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-23]
CHR Extension: (No Name) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-23]
CHR Extension: (No Name) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-23]
CHR Extension: (No Name) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-23]
CHR Extension: (Adblock Plus) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-13]
CHR Extension: (Google Search) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-23]
CHR Extension: (Bitdefender Wallet) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2015-01-21]
CHR Extension: (Google Sheets) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-23]
CHR Extension: (AdBlock) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Top Eleven) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljphpjlafmmdmegmfbkacafhbegjfkkn [2014-11-23]
CHR Extension: (No Name) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo [2015-03-28]
CHR Extension: (Google Wallet) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-23]
CHR Extension: (Gmail) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-23]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0; C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-12-09] (Bitdefender)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [397176 2012-08-16] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2012-08-16] (BlueStack Systems, Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37416 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2281248 2014-10-07] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 MediaCenterControl; C:\Program Files (x86)\Media Center Control\MCC Service.exe [337408 2014-01-07] (Markus Gehlhaar) [File not signed]
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2013-10-20] (Microsoft Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175752 2015-06-23] (Sandboxie Holdings, LLC)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [10240 2014-10-29] (Microsoft Corporation)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-12] (TuneUp Software)
R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [885576 2013-05-23] ()
S2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [586568 2013-05-23] (PacketVideo)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
S2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)
S4 VMLiteService; C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-04-06] (Bitdefender)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2013-10-20] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S4 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580648 2012-07-17] (WiseCleaner.com) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-02-25] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [262544 2015-02-25] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-02-25] (BitDefender)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2015-02-25] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [79192 2013-07-30] (BitDefender)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [74616 2012-08-16] (BlueStack Systems)
R2 DRHARD64; C:\WINDOWS\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHARD64; C:\WINDOWS\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHMSR64; C:\WINDOWS\system32\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R2 DRHMSR64; C:\WINDOWS\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] ()
U3 dtscsidrv; C:\Windows\System32\Drivers\dtscsidrv.sys [309248 2014-01-31] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-02-20] (Disc Soft Ltd)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-15] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R1 GDKBFlt; C:\WINDOWS\system32\drivers\GDKBFlt64.sys [20992 2014-09-05] (G Data Software AG)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160544 2015-04-06] (BitDefender LLC)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [66360 2012-10-03] (Logitech Inc.)
S3 LGSUsbFilt; C:\Windows\system32\DRIVERS\LGSUsbFilt.Sys [43832 2012-10-03] (Logitech Inc.)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2013-10-20] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-06-18] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-06-18] ()
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [190088 2015-06-23] (Sandboxie Holdings, LLC)
R1 SLEE_18_DRIVER; C:\WINDOWS\Sleen1864.sys [109144 2014-01-30] (Softwareentwicklung Remus - ArchiCrypt - )
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2014-01-31] (Duplex Secure Ltd.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-10-15] (BitDefender S.R.L.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] ()
S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] ()
S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] ()
R1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.)
S3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [146216 2010-08-11] (VMLite, Inc.)
R3 VBoxNetFlt; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [165800 2010-08-11] (VMLite, Inc.)
R1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.)
R3 vmlitestor; C:\Windows\system32\DRIVERS\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.)
R1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 EUBAKUP0; \??\C:\WINDOWS\system32\drivers\EUBAKUP0.sys [X]
S3 EUBKMON0; \??\C:\WINDOWS\system32\drivers\EUBKMON0.sys [X]
S3 EUFDDISK0; \??\C:\WINDOWS\system32\drivers\EUFDDISK0.sys [X]
U3 idsvc; No ImagePath
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\WNt500x64\Sandra.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-12 15:12 - 2015-07-12 15:12 - 02130944 _____ (Farbar) C:\Users\webst\Desktop\FRST64.exe
2015-07-12 15:12 - 2015-07-12 15:12 - 00000000 ____D C:\Users\webst\Desktop\FRST-OlderVersion
2015-07-12 15:06 - 2015-07-12 15:06 - 00001227 _____ C:\Users\webst\Desktop\JRT.txt
2015-07-12 14:35 - 2015-07-12 14:36 - 03034102 _____ (Malwarebytes Corporation) C:\Users\webst\Downloads\JRT.exe
2015-07-12 14:16 - 2015-07-12 14:16 - 00001343 _____ C:\Users\webst\Desktop\mbam.txt
2015-07-12 13:40 - 2015-07-12 13:40 - 00001314 _____ C:\Users\webst\Desktop\Revo Uninstaller.lnk
2015-07-12 13:40 - 2015-07-12 13:40 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-07-12 13:39 - 2015-07-12 13:39 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\webst\Downloads\revosetup95.exe
2015-07-11 00:48 - 2015-07-11 00:48 - 00010947 _____ C:\Users\webst\Desktop\gmer.log
2015-07-11 00:19 - 2015-07-11 00:58 - 00058298 _____ C:\Users\webst\Desktop\eins.odt
2015-07-11 00:17 - 2015-07-11 00:17 - 00380416 _____ C:\Users\webst\Downloads\v1rl70gt.exe
2015-07-11 00:10 - 2015-07-11 00:11 - 00084059 _____ C:\Users\webst\Desktop\Addition.txt
2015-07-11 00:09 - 2015-07-12 15:12 - 00032529 _____ C:\Users\webst\Desktop\FRST.txt
2015-07-11 00:09 - 2015-07-12 15:12 - 00000000 ____D C:\FRST
2015-07-11 00:07 - 2015-07-11 00:07 - 02112512 _____ (Farbar) C:\Users\webst\Downloads\FRST64.exe
2015-07-10 23:54 - 2015-07-10 23:54 - 00000662 _____ C:\Users\webst\Desktop\defogger_disable.log
2015-07-10 23:54 - 2015-07-10 23:54 - 00000198 _____ C:\Users\webst\defogger_reenable
2015-07-10 23:53 - 2015-07-10 23:52 - 00050477 _____ C:\Users\webst\Desktop\Defogger.exe
2015-07-10 23:52 - 2015-07-10 23:52 - 00050477 _____ C:\Users\webst\Downloads\Defogger.exe
2015-07-09 22:07 - 2015-07-11 02:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-07-09 22:07 - 2015-07-11 02:37 - 00000000 ____D C:\Program Files\RogueKiller
2015-07-09 22:07 - 2015-07-09 22:07 - 00037624 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-07-09 22:07 - 2015-07-09 22:07 - 00000880 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2015-07-09 22:06 - 2015-07-09 22:07 - 22640336 _____ (Adlice Software ) C:\Users\webst\Downloads\setup.exe
2015-07-09 20:29 - 2015-07-09 20:29 - 02248704 _____ C:\Users\webst\Desktop\adwcleaner_4.208.exe
2015-07-09 19:46 - 2015-07-09 19:46 - 00000000 ____D C:\Users\webst\Downloads\backups
2015-07-09 19:43 - 2015-07-09 19:43 - 00016285 _____ C:\Users\webst\Downloads\hijackthis.log
2015-07-09 19:40 - 2015-07-09 19:40 - 00388608 _____ (Trend Micro Inc.) C:\Users\webst\Downloads\hijackthis.exe
2015-07-08 23:33 - 2015-07-11 00:37 - 00000000 ____D C:\Users\webst\AppData\Local\CrashDumps
2015-07-08 23:30 - 2015-07-11 02:37 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-08 23:29 - 2015-07-08 23:29 - 21942344 _____ C:\Users\webst\Desktop\RogueKillerX64.exe
2015-07-08 22:16 - 2015-07-08 22:16 - 02953707 _____ (Malwarebytes Corporation) C:\Users\webst\Desktop\JRT.exe
2015-07-08 22:16 - 2015-07-08 22:16 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-RECHTS-PC-Windows-8.1-Pro-(64-bit).dat
2015-07-08 22:16 - 2015-07-08 22:16 - 00000000 ____D C:\RegBackup
2015-07-08 22:11 - 2015-07-08 22:11 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\webst\Downloads\tdsskiller.exe
2015-07-08 21:53 - 2015-07-08 21:53 - 02244096 _____ C:\Users\webst\Downloads\adwcleaner_4.207.exe
2015-07-08 00:17 - 2014-08-30 19:33 - 00000826 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20150708-001733.backup
2015-07-07 23:15 - 2015-07-11 02:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-07-07 23:15 - 2015-07-07 23:15 - 00001437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-07-07 23:15 - 2015-07-07 23:15 - 00001425 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-07-07 23:15 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2015-07-07 23:14 - 2015-07-07 23:14 - 01198368 _____ C:\Users\webst\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2015-07-06 08:17 - 2015-07-06 08:17 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\52CF4773.sys
2015-07-05 17:20 - 2015-07-05 17:20 - 05270008 _____ (Tangysoft Ltd. ) C:\Users\webst\Downloads\UseNeXTSetup_5.64 (1).exe
2015-07-05 17:20 - 2015-07-05 17:20 - 00001885 _____ C:\Users\webst\Desktop\UseNeXT by Tangysoft.lnk
2015-07-03 18:38 - 2015-07-03 18:38 - 00014767 _____ C:\Users\webst\Desktop\bruschatta.odt
2015-07-03 18:01 - 2015-07-03 18:01 - 00419080 _____ C:\WINDOWS\Minidump\070315-22656-01.dmp
2015-07-01 21:48 - 2015-07-03 18:01 - 517986007 _____ C:\WINDOWS\MEMORY.DMP
2015-07-01 21:48 - 2015-07-01 21:48 - 01057104 _____ C:\WINDOWS\Minidump\070115-28281-01.dmp
2015-07-01 19:34 - 2015-07-01 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-06-28 21:37 - 2015-06-28 21:37 - 00001146 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-28 21:36 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-28 21:36 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-28 21:36 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-27 20:14 - 2015-06-27 20:16 - 1549615104 _____ C:\Users\webst\Downloads\linuxmint-17.1-cinnamon-64bit.iso
2015-06-27 18:40 - 2015-06-27 18:40 - 00002093 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-06-27 18:40 - 2015-06-17 08:03 - 00571024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-06-27 18:38 - 2015-06-27 18:38 - 00562272 _____ (Oracle Corporation) C:\Users\webst\Downloads\chromeinstall-8u45 (1).exe
2015-06-27 18:38 - 2015-06-27 18:34 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-06-27 18:32 - 2015-06-27 18:32 - 00562272 _____ (Oracle Corporation) C:\Users\webst\Downloads\chromeinstall-8u45.exe
2015-06-25 22:07 - 2015-06-17 11:10 - 42729104 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 37748880 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 30481552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 22947144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 17724600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 16145200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 15866992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 15224784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 14497520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 13263056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 12855416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 11831856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 11011216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-06-25 22:07 - 2015-06-17 11:10 - 03395648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 02997544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 02932368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 02599752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 01898128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435330.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 01567576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 01557832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435330.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 01099992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 01060168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 01050768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 00982672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 00975176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 00938752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 00879000 _____ C:\WINDOWS\system32\nvmcumd.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 00204648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-06-25 22:07 - 2015-06-17 11:10 - 00176904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 00155280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 00150832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 00128696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 00040280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 00030966 _____ C:\WINDOWS\system32\nvinfo.pb
2015-06-25 21:34 - 2015-06-24 13:36 - 01571696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-06-25 21:34 - 2015-06-24 13:36 - 01320120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-06-25 21:33 - 2015-06-25 21:33 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-06-25 21:33 - 2015-05-19 05:29 - 00046768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-06-25 21:33 - 2015-05-19 05:14 - 00061616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2015-06-25 21:33 - 2015-05-19 05:14 - 00057520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-06-20 17:21 - 2015-06-20 17:21 - 00012601 _____ C:\Users\webst\Desktop\nl.odt
2015-06-17 19:07 - 2015-06-17 19:07 - 02633128 _____ C:\Users\webst\Downloads\mediencenter_pc_sync.exe
2015-06-17 19:05 - 2015-06-17 19:05 - 00010480 _____ C:\Users\webst\Desktop\controller.odt
2015-06-14 21:10 - 2015-06-14 21:10 - 00002080 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-06-14 21:10 - 2015-06-14 21:10 - 00002078 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-06-14 21:10 - 2015-06-14 21:10 - 00002068 _____ C:\Users\Public\Desktop\Google Docs.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-12 15:11 - 2014-09-30 16:39 - 00400463 _____ C:\WINDOWS\setupact.log
2015-07-12 15:08 - 2014-03-01 14:43 - 00000000 __RDO C:\Users\webst\SkyDrive
2015-07-12 15:07 - 2015-05-20 18:02 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-12 15:00 - 2014-11-30 20:40 - 00000000 ____D C:\ProgramData\TwonkyServer
2015-07-12 15:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-12 14:45 - 2012-11-27 02:16 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3858550174-89373323-3384911765-1001
2015-07-12 14:39 - 2013-10-30 21:10 - 00000000 ____D C:\AdwCleaner
2015-07-12 14:39 - 2013-02-19 19:04 - 00000000 ____D C:\Users\webst\AppData\Roaming\IObit
2015-07-12 14:39 - 2012-09-12 16:51 - 00000000 ____D C:\ProgramData\IObit
2015-07-12 14:36 - 2014-09-30 16:37 - 01349831 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-12 14:26 - 2013-10-30 18:53 - 00000000 ___RD C:\Users\webst\Mediencenter
2015-07-12 14:26 - 2013-10-22 06:38 - 00000000 ____D C:\Users\webst\AppData\Local\Deployment
2015-07-12 14:25 - 2015-05-20 18:02 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-12 14:25 - 2015-02-21 17:16 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-12 14:24 - 2015-05-06 21:35 - 00000298 _____ C:\WINDOWS\Tasks\AbelssoftPreloader.job
2015-07-12 14:24 - 2013-10-20 02:51 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-12 14:24 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-12 14:22 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-07-12 14:18 - 2013-09-10 20:11 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-12 14:14 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-12 13:45 - 2013-10-23 13:47 - 00000000 ____D C:\Users\webst\AppData\Roaming\ClassicShell
2015-07-12 11:52 - 2014-12-08 23:35 - 00000000 ___RD C:\Users\webst\Google Drive
2015-07-11 18:02 - 2012-11-29 01:07 - 00003934 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{04AACD24-98CB-4621-B465-62473BB835A0}
2015-07-11 11:50 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-11 02:46 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\tracing
2015-07-11 02:37 - 2015-05-21 19:50 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-11 02:37 - 2014-11-23 13:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-11 02:37 - 2014-04-14 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
2015-07-11 02:37 - 2014-04-14 18:58 - 00000000 ____D C:\Program Files (x86)\UseNeXT
2015-07-11 02:37 - 2014-03-03 16:15 - 00000000 ____D C:\Users\webst\AppData\Temp
2015-07-11 02:37 - 2013-10-30 19:38 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-07-11 02:37 - 2013-10-30 19:38 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-11 02:37 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppCompat
2015-07-11 02:25 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\registration
2015-07-11 00:59 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-10 23:54 - 2013-10-20 02:57 - 00000000 ____D C:\Users\webst
2015-07-08 21:18 - 2013-09-10 20:11 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-08 20:36 - 2013-05-15 21:58 - 00002636 _____ C:\WINDOWS\Sandboxie.ini
2015-07-07 23:12 - 2014-11-23 13:45 - 00002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-07 23:12 - 2014-05-16 18:06 - 00000000 ____D C:\Users\webst\VMLites
2015-07-06 12:41 - 2013-09-30 06:12 - 02419734 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-06 12:41 - 2012-08-02 12:49 - 01153556 _____ C:\WINDOWS\system32\perfh007.dat
2015-07-06 12:41 - 2012-08-02 12:49 - 00273612 _____ C:\WINDOWS\system32\perfc007.dat
2015-07-05 20:21 - 2014-04-14 18:58 - 00000000 ____D C:\Users\webst\AppData\Roaming\UseNeXT
2015-07-05 15:53 - 2012-08-07 16:14 - 00000072 _____ C:\Users\Public\LMDebug.log
2015-07-03 18:01 - 2013-10-24 19:19 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-01 23:02 - 2015-04-25 19:19 - 00000000 ____D C:\Users\webst\AppData\Roaming\Usenet.nl
2015-07-01 23:02 - 2012-08-07 20:08 - 00000000 ____D C:\Users\webst\AppData\Roaming\vlc
2015-06-28 21:37 - 2015-02-21 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-28 21:37 - 2015-02-21 17:16 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-27 19:56 - 2014-05-08 21:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-27 19:54 - 2012-08-04 22:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-27 18:40 - 2013-12-08 02:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-06-27 18:40 - 2013-10-20 02:51 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-27 18:38 - 2015-01-25 14:46 - 00000000 ____D C:\Program Files\Java
2015-06-27 18:38 - 2014-09-06 20:55 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-27 18:32 - 2014-02-12 16:44 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-25 22:10 - 2015-05-27 19:04 - 00000000 ____D C:\WINDOWS\LastGood
2015-06-25 22:08 - 2013-10-20 02:50 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-06-25 21:34 - 2013-12-08 02:43 - 00001435 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-06-24 13:36 - 2014-06-03 13:06 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-06-24 13:36 - 2014-06-03 13:06 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-06-17 08:48 - 2015-05-27 19:07 - 00062792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-06-17 08:48 - 2013-10-20 02:51 - 06873232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-06-17 08:48 - 2013-10-20 02:51 - 03492168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-06-17 08:48 - 2013-10-20 02:51 - 02558792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-06-17 08:48 - 2013-10-20 02:51 - 00937616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-06-17 08:48 - 2013-10-20 02:51 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-06-14 21:10 - 2014-12-08 23:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Files in the root of some directories =======

2014-09-10 12:14 - 2014-02-19 16:04 - 1383399 _____ () C:\Users\webst\AppData\Roaming\Ansichten.pdf
2014-08-31 18:51 - 2014-08-31 18:51 - 0000000 _____ () C:\Users\webst\AppData\Roaming\gdfw.log
2014-08-31 18:50 - 2014-09-05 18:49 - 0001755 _____ () C:\Users\webst\AppData\Roaming\gdscan.log
2014-10-18 18:41 - 2014-10-18 18:42 - 0001916 _____ () C:\Users\webst\AppData\Roaming\MyMicroBalanceConfig.ini
2014-09-10 12:14 - 2014-02-19 13:34 - 0810221 _____ () C:\Users\webst\AppData\Roaming\Spende.pdf
2013-07-27 00:03 - 2014-03-18 16:35 - 0000081 _____ () C:\Users\webst\AppData\Roaming\WB.CFG
2012-12-03 12:34 - 2012-12-03 14:40 - 0000036 _____ () C:\Users\webst\AppData\Local\housecall.guid.cache
2012-09-23 21:38 - 2012-09-23 21:38 - 0000236 _____ () C:\Users\webst\AppData\Local\LaunchHomeCenter.log
2015-03-12 03:14 - 2015-03-12 03:14 - 0001558 _____ () C:\Users\webst\AppData\Local\recently-used.xbel
2012-11-27 03:53 - 2012-11-27 03:53 - 0000017 _____ () C:\Users\webst\AppData\Local\resmon.resmoncfg
2012-08-02 13:33 - 2012-08-02 13:33 - 0017408 _____ () C:\Users\webst\AppData\Local\WebpageIcons.db
2013-11-19 19:29 - 2013-11-19 19:29 - 0000011 _____ () C:\ProgramData\.tv7
2014-05-27 19:20 - 2014-05-27 19:20 - 0000040 ___SH () C:\ProgramData\.zreglib
2014-02-12 16:45 - 2014-02-12 16:45 - 0000038 _____ () C:\ProgramData\InstallerWebUI.ini

Some files in TEMP:
====================
C:\Users\webst\AppData\Local\Temp\dllnt_dump.dll
C:\Users\webst\AppData\Local\Temp\Quarantine.exe
C:\Users\webst\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-12 14:46

==================== End of log ============================
         
--- --- ---

[/CODE]


Alt 13.07.2015, 07:05   #6
schrauber
/// the machine
/// TB-Ausbilder
 

pum.bad.proxy kommt immer wieder - Standard

pum.bad.proxy kommt immer wieder



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Removeproxy:
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> pum.bad.proxy kommt immer wieder

Alt 13.07.2015, 21:52   #7
snuggel123
 
pum.bad.proxy kommt immer wieder - Standard

Teil 1 (danach hat der PC selber neu gebootet)



Fix result of Farbar Recovery Scan Tool (x64) Version:12-07-2015
Ran by webst at 2015-07-13 17:53:05 Run:1
Running from C:\Users\webst\Desktop
Loaded Profiles: webst (Available Profiles: webst & Joerg)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Removeproxy:
Emptytemp:
*****************


========= RemoveProxy: =========

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => 578.8 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 17:53:44 ====

hi, ob das so rund läuft ?

Ne Zeit nach dem Scan wieder keine Internetverbindung,
beim Versuch auf den Gerätemanager zu zugreifen Bluescreen :-(


Also weiter :

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=28ec330d93f54b48a230bd8be977042d
# end=init
# utc_time=2015-07-13 04:13:51
# local_time=2015-07-13 06:13:51 (+0100, Mitteleuropäische Sommerzeit)
# country="United States"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 24776
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=28ec330d93f54b48a230bd8be977042d
# end=updated
# utc_time=2015-07-13 04:15:54
# local_time=2015-07-13 06:15:54 (+0100, Mitteleuropäische Sommerzeit)
# country="United States"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=28ec330d93f54b48a230bd8be977042d
# engine=24776
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-13 04:58:47
# local_time=2015-07-13 06:58:47 (+0100, Mitteleuropäische Sommerzeit)
# country="United States"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Bitdefender Antivirus'
# compatibility_mode=2065 16777213 100 100 2700 140652036 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 10265589 28246503 0 0
# scanned=116210
# found=9
# cleaned=0
# scan_time=2573
sh=3BF287EA0ABB98BB1E6DAFAF23AD461348BDD5DA ft=1 fh=dc599e14579776ce vn="Variante von MSIL/Rebrand.LittleRegClean.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Registry Dr\Helper.dll.vir"
sh=CD8BF29C36E26FC6464563D1BB4E729A5E69FC9E ft=1 fh=3776843039d7c0b1 vn="Variante von MSIL/Rebrand.LittleRegClean.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Registry Dr\RegistryDr.exe.vir"
sh=95826B332BD1AC0543C2BA4DB637D082A994B1E5 ft=1 fh=f3159d8e366dd55a vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\webst\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=749E0C6D85971204E397EAE65ED10A9A4AEF40AB ft=1 fh=ef830199de104882 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\webst\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=93AD648467F47DC2708810D169F26F4A814778C5 ft=1 fh=e589ccabe231da4b vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\webst\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=848C686280EAA04B172FCCFFBD312132A0C46172 ft=1 fh=7764b0effb0b9556 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\webst\AppData\Local\Temp\OCS\ocs_v7f.exe.vir"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\webst\AppData\Roaming\1H1Q\Open Office Packages\uninstaller.exe.vir"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\webst\AppData\Roaming\zip opener packages\uninstaller.exe.vir"
sh=D044AD1BF2519902A814B3C02B562BB86332ACDA ft=1 fh=f2b76819120959bf vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\IObit\ASCDownloader\ASCSetup.exe"
         
Security Check :

Code:
ATTFilter
 Results of screen317's Security Check version 1.004  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Bitdefender Antivirus   
Windows Defender        
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 AntiBrowserSpy     
 Secunia PSI (3.0.0.7011)   
 TuneUp Utilities 2014   
 TuneUp Utilities Language Pack (de-DE) 
 TuneUp Utilities 2014 (de-DE)  
 TuneUp Utilities 2014   
 Java 8 Update 45  
 Java SE Development Kit 8 Update 40 
  Adobe Flash Player 	17.0.0.191 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (38.0.1) 
 Mozilla Thunderbird 24.6.0 Thunderbird out of Date!  
 Google Chrome (43.0.2357.130) 
 Google Chrome (43.0.2357.132) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Spybot Teatimer.exe is disabled! 
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Bitdefender Bitdefender 2015 vsserv.exe  
 Bitdefender Bitdefender 2015 updatesrv.exe  
 Bitdefender Bitdefender SafeBox safeboxservice.exe  
 Bitdefender Bitdefender 2015 bdagent.exe  
 Bitdefender Bitdefender 2015 bdwtxag.exe  
 Bitdefender Bitdefender 2015 Antispam32 bdwtxapps.exe 
 Bitdefender Bitdefender 2015 bdwtxcr.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
Hi, und wieder kein Internet :-)
Neustart und Netzwerkadapter wieder aktiviert :-(


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015
Ran by webst (administrator) on RECHTS-PC on 13-07-2015 19:34:41
Running from C:\Users\webst\Desktop
Loaded Profiles: webst (Available Profiles: webst & Joerg)
Platform: Windows 8.1 Pro (X64) OS Language: Englisch (Großbritannien)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
() C:\Program Files (x86)\AAVUpdateManager\aavus.exe
(ABBYY) C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files (x86)\EASEUS\Todo Backup\bin\TodoBackupService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(J3S GmbH) C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwtxapps.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(Deutsche Telekom AG) C:\Users\webst\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EASEUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxcr.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [380544 2012-06-28] (Alcor Micro Corp.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-29] (Logitech Inc.)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1691112 2015-04-06] (Bitdefender)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] ()
HKLM-x32\...\Run: [COMPUTERBILD-Abzockschutz] => C:\Program Files (x86)\COMPUTERBILD-Abzockschutz\bin\COMPUTERBILD-Abzockschutz.exe [537664 2014-04-15] (J3S GmbH)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe [2086568 2014-03-06] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [Steganos HotKeys] => C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe [100864 2014-02-25] (Steganos Software GmbH)
HKLM-x32\...\Run: [SAFE14 File Redirection Starter] => C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe [17408 2014-02-25] (Steganos Software GmbH)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-06-23] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [8088488 2014-05-14] (SlySoft, Inc.)
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Run: [GoogleRadar] => C:\Program Files (x86)\GoogleClean\GoogleRadar.exe [1540096 2014-06-17] ()
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Run: [COMPUTER BILD Account-Alarm] => C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe [2058752 2014-08-07] (J3S GmbH)
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Run: [Bitdefender-Geldb�rse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-02-25] (Bitdefender)
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Run: [SAFE14 Browser Monitor] => C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe [70144 2014-02-25] (Steganos Software GmbH)
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21969480 2015-05-19] (Google)
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Run: [GoogleChromeAutoLaunch_1F44CB0EF79C5A00329816E6692A365E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-07] (Google Inc.)
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\MountPoints2: {5585cfe9-9a0e-11e3-811a-002522baf411} - "K:\setup.exe" 
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\MountPoints2: {9bf800cc-4643-11e3-807a-806e6f6e6963} - "F:\zdata\cobi.exe" 
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\MountPoints2: {b3611562-311c-11e4-823d-002522baf411} - "D:\zdata\cobi.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Twonky Server.lnk [2014-11-30]
ShortcutTarget: Twonky Server.lnk -> C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
Startup: C:\Users\webst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms [2013-12-21] ()
Startup: C:\Users\webst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk [2013-10-30]
ShortcutTarget: Mediencenter.lnk -> C:\Users\webst\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [01Mediencenter_InSync] -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\webst\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2013-10-01] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [02Mediencenter_ToSync] -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\webst\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2013-10-01] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [03Mediencenter_Failed] -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\webst\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2013-10-01] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-10-20] (IvoSoft)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-10-20] (IvoSoft)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3858550174-89373323-3384911765-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3858550174-89373323-3384911765-1001 -> D3DFC7F3C04E40DBA16BBBB3D4EE9F74 URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=114576&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3858550174-89373323-3384911765-1001 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.de/search?q={searchTerms}
BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-25] (Bitdefender)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-10-20] (IvoSoft)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2013-10-20] (IvoSoft)
BHO-x32: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-25] (Bitdefender)
BHO-x32: CBAbzockschutz.InitToolbarBHO -> {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} -> C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-05-06] (DivX, LLC)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-10-20] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-27] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-14] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-27] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2013-10-20] (IvoSoft)
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-25] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-25] (Bitdefender)
Toolbar: HKU\S-1-5-21-3858550174-89373323-3384911765-1001 -> Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-25] (Bitdefender)
Toolbar: HKU\S-1-5-21-3858550174-89373323-3384911765-1001 -> No Name - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Hosts: 127.0.0.1	localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1
Tcpip\..\Interfaces\{A1B19695-79E8-4F6B-950F-271E91094527}: [DhcpNameServer] 192.168.192.1

FireFox:
========
FF ProfilePath: C:\Users\webst\AppData\Roaming\Mozilla\Firefox\Profiles\uwdjitzd.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-08] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-08] ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-05-06] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-01-21]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-05-22]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2015-01-21]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome: 
=======
CHR Profile: C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-23]
CHR Extension: (No Name) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-23]
CHR Extension: (No Name) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-23]
CHR Extension: (No Name) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-23]
CHR Extension: (Adblock Plus) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-13]
CHR Extension: (Google Search) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-23]
CHR Extension: (Bitdefender Wallet) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2015-01-21]
CHR Extension: (Google Sheets) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-23]
CHR Extension: (AdBlock) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Top Eleven) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljphpjlafmmdmegmfbkacafhbegjfkkn [2014-11-23]
CHR Extension: (No Name) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\lplgmijfnicgfhoccpjcbkidkkcaiapo [2015-03-28]
CHR Extension: (Google Wallet) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-23]
CHR Extension: (Gmail) - C:\Users\webst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-23]
CHR HKU\S-1-5-21-3858550174-89373323-3384911765-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0; C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-12-09] (Bitdefender)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [397176 2012-08-16] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2012-08-16] (BlueStack Systems, Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37416 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2281248 2014-10-07] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 MediaCenterControl; C:\Program Files (x86)\Media Center Control\MCC Service.exe [337408 2014-01-07] (Markus Gehlhaar) [File not signed]
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2013-10-20] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175752 2015-06-23] (Sandboxie Holdings, LLC)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [10240 2014-10-29] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-12] (TuneUp Software)
R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [885576 2013-05-23] ()
R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [586568 2013-05-23] (PacketVideo)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)
S4 VMLiteService; C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-04-06] (Bitdefender)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2013-10-20] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S4 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580648 2012-07-17] (WiseCleaner.com) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-02-25] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [262544 2015-02-25] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-02-25] (BitDefender)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2015-02-25] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [79192 2013-07-30] (BitDefender)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [74616 2012-08-16] (BlueStack Systems)
R2 DRHARD64; C:\WINDOWS\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHARD64; C:\WINDOWS\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHMSR64; C:\WINDOWS\system32\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R2 DRHMSR64; C:\WINDOWS\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] ()
U3 dtscsidrv; C:\Windows\System32\Drivers\dtscsidrv.sys [309248 2014-01-31] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-02-20] (Disc Soft Ltd)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-15] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R1 GDKBFlt; C:\WINDOWS\system32\drivers\GDKBFlt64.sys [20992 2014-09-05] (G Data Software AG)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160544 2015-04-06] (BitDefender LLC)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [66360 2012-10-03] (Logitech Inc.)
S3 LGSUsbFilt; C:\Windows\system32\DRIVERS\LGSUsbFilt.Sys [43832 2012-10-03] (Logitech Inc.)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2013-10-20] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-06-18] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-06-18] ()
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [190088 2015-06-23] (Sandboxie Holdings, LLC)
R1 SLEE_18_DRIVER; C:\WINDOWS\Sleen1864.sys [109144 2014-01-30] (Softwareentwicklung Remus - ArchiCrypt - )
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2014-01-31] (Duplex Secure Ltd.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-10-15] (BitDefender S.R.L.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] ()
S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] ()
S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] ()
R1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.)
S3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [146216 2010-08-11] (VMLite, Inc.)
R3 VBoxNetFlt; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [165800 2010-08-11] (VMLite, Inc.)
R1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.)
R3 vmlitestor; C:\Windows\system32\DRIVERS\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.)
R1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 EUBAKUP0; \??\C:\WINDOWS\system32\drivers\EUBAKUP0.sys [X]
S3 EUBKMON0; \??\C:\WINDOWS\system32\drivers\EUBKMON0.sys [X]
S3 EUFDDISK0; \??\C:\WINDOWS\system32\drivers\EUFDDISK0.sys [X]
U3 idsvc; No ImagePath
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\WNt500x64\Sandra.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 19:31 - 2015-07-13 19:30 - 00852662 _____ C:\Users\webst\Desktop\SecurityCheck.exe
2015-07-13 19:30 - 2015-07-13 19:30 - 00852662 _____ C:\Users\webst\Downloads\SecurityCheck.exe
2015-07-13 19:14 - 2015-07-13 19:15 - 00985824 _____ C:\WINDOWS\Minidump\071315-36796-01.dmp
2015-07-13 18:12 - 2015-07-13 18:12 - 02870984 _____ (ESET) C:\Users\webst\Downloads\esetsmartinstaller_deu.exe
2015-07-13 17:52 - 2015-07-13 17:52 - 02133504 _____ (Farbar) C:\Users\webst\Desktop\FRST64.exe
2015-07-13 17:22 - 2015-07-13 17:22 - 00002770 _____ C:\WINDOWS\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2015-07-12 16:37 - 2015-07-12 16:37 - 00000000 _____ C:\autoexec.bat
2015-07-12 16:35 - 2015-07-12 16:35 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\webst\Downloads\SpyHunter-Installer.exe
2015-07-12 15:12 - 2015-07-13 17:52 - 00000000 ____D C:\Users\webst\Desktop\FRST-OlderVersion
2015-07-12 15:06 - 2015-07-12 15:06 - 00001227 _____ C:\Users\webst\Desktop\JRT.txt
2015-07-12 14:35 - 2015-07-12 14:36 - 03034102 _____ (Malwarebytes Corporation) C:\Users\webst\Downloads\JRT.exe
2015-07-12 14:16 - 2015-07-12 14:16 - 00001343 _____ C:\Users\webst\Desktop\mbam.txt
2015-07-12 13:40 - 2015-07-12 13:40 - 00001314 _____ C:\Users\webst\Desktop\Revo Uninstaller.lnk
2015-07-12 13:40 - 2015-07-12 13:40 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-07-12 13:39 - 2015-07-12 13:39 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\webst\Downloads\revosetup95.exe
2015-07-11 00:48 - 2015-07-11 00:48 - 00010947 _____ C:\Users\webst\Desktop\gmer.log
2015-07-11 00:19 - 2015-07-11 00:58 - 00058298 _____ C:\Users\webst\Desktop\eins.odt
2015-07-11 00:17 - 2015-07-11 00:17 - 00380416 _____ C:\Users\webst\Downloads\v1rl70gt.exe
2015-07-11 00:10 - 2015-07-11 00:11 - 00084059 _____ C:\Users\webst\Desktop\Addition.txt
2015-07-11 00:09 - 2015-07-13 19:34 - 00035802 _____ C:\Users\webst\Desktop\FRST.txt
2015-07-11 00:09 - 2015-07-13 19:34 - 00000000 ____D C:\FRST
2015-07-11 00:07 - 2015-07-11 00:07 - 02112512 _____ (Farbar) C:\Users\webst\Downloads\FRST64.exe
2015-07-10 23:54 - 2015-07-10 23:54 - 00000662 _____ C:\Users\webst\Desktop\defogger_disable.log
2015-07-10 23:54 - 2015-07-10 23:54 - 00000198 _____ C:\Users\webst\defogger_reenable
2015-07-10 23:53 - 2015-07-10 23:52 - 00050477 _____ C:\Users\webst\Desktop\Defogger.exe
2015-07-10 23:52 - 2015-07-10 23:52 - 00050477 _____ C:\Users\webst\Downloads\Defogger.exe
2015-07-09 22:07 - 2015-07-11 02:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-07-09 22:07 - 2015-07-11 02:37 - 00000000 ____D C:\Program Files\RogueKiller
2015-07-09 22:07 - 2015-07-09 22:07 - 00037624 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-07-09 22:07 - 2015-07-09 22:07 - 00000880 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2015-07-09 22:06 - 2015-07-09 22:07 - 22640336 _____ (Adlice Software ) C:\Users\webst\Downloads\setup.exe
2015-07-09 20:29 - 2015-07-09 20:29 - 02248704 _____ C:\Users\webst\Desktop\adwcleaner_4.208.exe
2015-07-09 19:46 - 2015-07-09 19:46 - 00000000 ____D C:\Users\webst\Downloads\backups
2015-07-09 19:43 - 2015-07-09 19:43 - 00016285 _____ C:\Users\webst\Downloads\hijackthis.log
2015-07-09 19:40 - 2015-07-09 19:40 - 00388608 _____ (Trend Micro Inc.) C:\Users\webst\Downloads\hijackthis.exe
2015-07-08 23:33 - 2015-07-11 00:37 - 00000000 ____D C:\Users\webst\AppData\Local\CrashDumps
2015-07-08 23:30 - 2015-07-11 02:37 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-08 23:29 - 2015-07-08 23:29 - 21942344 _____ C:\Users\webst\Desktop\RogueKillerX64.exe
2015-07-08 22:16 - 2015-07-08 22:16 - 02953707 _____ (Malwarebytes Corporation) C:\Users\webst\Desktop\JRT.exe
2015-07-08 22:16 - 2015-07-08 22:16 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-RECHTS-PC-Windows-8.1-Pro-(64-bit).dat
2015-07-08 22:16 - 2015-07-08 22:16 - 00000000 ____D C:\RegBackup
2015-07-08 22:11 - 2015-07-08 22:11 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\webst\Downloads\tdsskiller.exe
2015-07-08 21:53 - 2015-07-08 21:53 - 02244096 _____ C:\Users\webst\Downloads\adwcleaner_4.207.exe
2015-07-08 00:17 - 2014-08-30 19:33 - 00000826 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20150708-001733.backup
2015-07-07 23:15 - 2015-07-11 02:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-07-07 23:15 - 2015-07-07 23:15 - 00001437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-07-07 23:15 - 2015-07-07 23:15 - 00001425 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-07-07 23:15 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2015-07-07 23:14 - 2015-07-07 23:14 - 01198368 _____ C:\Users\webst\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2015-07-06 08:17 - 2015-07-06 08:17 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\52CF4773.sys
2015-07-05 17:20 - 2015-07-05 17:20 - 05270008 _____ (Tangysoft Ltd. ) C:\Users\webst\Downloads\UseNeXTSetup_5.64 (1).exe
2015-07-05 17:20 - 2015-07-05 17:20 - 00001885 _____ C:\Users\webst\Desktop\UseNeXT by Tangysoft.lnk
2015-07-03 18:38 - 2015-07-03 18:38 - 00014767 _____ C:\Users\webst\Desktop\bruschatta.odt
2015-07-03 18:01 - 2015-07-13 19:14 - 609142487 _____ C:\WINDOWS\MEMORY.DMP
2015-07-01 19:34 - 2015-07-01 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-06-28 21:37 - 2015-06-28 21:37 - 00001146 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-28 21:36 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-28 21:36 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-28 21:36 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-27 20:14 - 2015-06-27 20:16 - 1549615104 _____ C:\Users\webst\Downloads\linuxmint-17.1-cinnamon-64bit.iso
2015-06-27 18:40 - 2015-06-27 18:40 - 00002093 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-06-27 18:40 - 2015-06-17 08:03 - 00571024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-06-27 18:38 - 2015-06-27 18:38 - 00562272 _____ (Oracle Corporation) C:\Users\webst\Downloads\chromeinstall-8u45 (1).exe
2015-06-27 18:38 - 2015-06-27 18:34 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-06-27 18:32 - 2015-06-27 18:32 - 00562272 _____ (Oracle Corporation) C:\Users\webst\Downloads\chromeinstall-8u45.exe
2015-06-25 22:07 - 2015-06-17 11:10 - 42729104 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 37748880 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 30481552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 22947144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 17724600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 16145200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 15866992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 15224784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 14497520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 13263056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 12855416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 11831856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 11011216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-06-25 22:07 - 2015-06-17 11:10 - 03395648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 02997544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 02932368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 02599752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 01898128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435330.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 01567576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 01557832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435330.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 01099992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 01060168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 01050768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 00982672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 00975176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 00938752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 00879000 _____ C:\WINDOWS\system32\nvmcumd.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 00204648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-06-25 22:07 - 2015-06-17 11:10 - 00176904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 00155280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 00150832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 00128696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 00040280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-06-25 22:07 - 2015-06-17 11:10 - 00030966 _____ C:\WINDOWS\system32\nvinfo.pb
2015-06-25 21:34 - 2015-06-24 13:36 - 01571696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-06-25 21:34 - 2015-06-24 13:36 - 01320120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-06-25 21:33 - 2015-06-25 21:33 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-06-25 21:33 - 2015-05-19 05:29 - 00046768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-06-25 21:33 - 2015-05-19 05:14 - 00061616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2015-06-25 21:33 - 2015-05-19 05:14 - 00057520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-06-20 17:21 - 2015-06-20 17:21 - 00012601 _____ C:\Users\webst\Desktop\nl.odt
2015-06-17 19:07 - 2015-06-17 19:07 - 02633128 _____ C:\Users\webst\Downloads\mediencenter_pc_sync.exe
2015-06-17 19:05 - 2015-06-17 19:05 - 00010480 _____ C:\Users\webst\Desktop\controller.odt
2015-06-14 21:10 - 2015-06-14 21:10 - 00002080 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-06-14 21:10 - 2015-06-14 21:10 - 00002078 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-06-14 21:10 - 2015-06-14 21:10 - 00002068 _____ C:\Users\Public\Desktop\Google Docs.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 19:27 - 2014-09-30 16:39 - 00404159 _____ C:\WINDOWS\setupact.log
2015-07-13 19:27 - 2013-10-23 13:47 - 00000000 ____D C:\Users\webst\AppData\Roaming\ClassicShell
2015-07-13 19:26 - 2014-09-30 16:37 - 01465332 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-13 19:23 - 2014-12-08 23:35 - 00000000 ___RD C:\Users\webst\Google Drive
2015-07-13 19:22 - 2014-11-30 20:40 - 00000000 ____D C:\ProgramData\TwonkyServer
2015-07-13 19:22 - 2012-11-29 01:07 - 00003934 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{04AACD24-98CB-4621-B465-62473BB835A0}
2015-07-13 19:21 - 2014-03-01 14:43 - 00000000 ___DO C:\Users\webst\SkyDrive
2015-07-13 19:21 - 2013-10-30 18:53 - 00000000 ___RD C:\Users\webst\Mediencenter
2015-07-13 19:18 - 2013-10-22 06:38 - 00000000 ____D C:\Users\webst\AppData\Local\Deployment
2015-07-13 19:18 - 2013-09-10 20:11 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-13 19:16 - 2015-05-20 18:02 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-13 19:16 - 2015-02-21 17:16 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-13 19:15 - 2015-05-06 21:35 - 00000298 _____ C:\WINDOWS\Tasks\AbelssoftPreloader.job
2015-07-13 19:15 - 2013-10-20 02:57 - 00000000 ____D C:\Users\webst
2015-07-13 19:15 - 2013-10-20 02:51 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-13 19:15 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-13 19:15 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-13 19:14 - 2013-10-24 19:19 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-13 19:07 - 2015-05-20 18:02 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-13 19:07 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-13 19:02 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-13 18:16 - 2013-09-30 06:12 - 02419734 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-13 18:16 - 2012-08-02 12:49 - 01153556 _____ C:\WINDOWS\system32\perfh007.dat
2015-07-13 18:16 - 2012-08-02 12:49 - 00273612 _____ C:\WINDOWS\system32\perfc007.dat
2015-07-13 18:01 - 2014-09-30 16:35 - 00357138 _____ C:\WINDOWS\PFRO.log
2015-07-13 18:00 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-07-12 20:08 - 2012-11-27 02:16 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3858550174-89373323-3384911765-1001
2015-07-12 19:59 - 2014-04-14 18:58 - 00000000 ____D C:\Users\webst\AppData\Roaming\UseNeXT
2015-07-12 14:39 - 2013-10-30 21:10 - 00000000 ____D C:\AdwCleaner
2015-07-12 14:39 - 2013-02-19 19:04 - 00000000 ____D C:\Users\webst\AppData\Roaming\IObit
2015-07-12 14:39 - 2012-09-12 16:51 - 00000000 ____D C:\ProgramData\IObit
2015-07-11 11:50 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-11 02:46 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\tracing
2015-07-11 02:37 - 2015-05-21 19:50 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-11 02:37 - 2014-11-23 13:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-11 02:37 - 2014-04-14 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
2015-07-11 02:37 - 2014-04-14 18:58 - 00000000 ____D C:\Program Files (x86)\UseNeXT
2015-07-11 02:37 - 2014-03-03 16:15 - 00000000 ____D C:\Users\webst\AppData\Temp
2015-07-11 02:37 - 2013-10-30 19:38 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-07-11 02:37 - 2013-10-30 19:38 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-11 02:37 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppCompat
2015-07-11 02:25 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\registration
2015-07-08 21:18 - 2013-09-10 20:11 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-08 20:36 - 2013-05-15 21:58 - 00002636 _____ C:\WINDOWS\Sandboxie.ini
2015-07-07 23:12 - 2014-11-23 13:45 - 00002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-07 23:12 - 2014-05-16 18:06 - 00000000 ____D C:\Users\webst\VMLites
2015-07-05 15:53 - 2012-08-07 16:14 - 00000072 _____ C:\Users\Public\LMDebug.log
2015-07-01 23:02 - 2015-04-25 19:19 - 00000000 ____D C:\Users\webst\AppData\Roaming\Usenet.nl
2015-07-01 23:02 - 2012-08-07 20:08 - 00000000 ____D C:\Users\webst\AppData\Roaming\vlc
2015-06-28 21:37 - 2015-02-21 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-28 21:37 - 2015-02-21 17:16 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-27 19:56 - 2014-05-08 21:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-27 19:54 - 2012-08-04 22:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-27 18:40 - 2013-12-08 02:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-06-27 18:40 - 2013-10-20 02:51 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-27 18:38 - 2015-01-25 14:46 - 00000000 ____D C:\Program Files\Java
2015-06-27 18:38 - 2014-09-06 20:55 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-27 18:32 - 2014-02-12 16:44 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-25 22:10 - 2015-05-27 19:04 - 00000000 ____D C:\WINDOWS\LastGood
2015-06-25 22:08 - 2013-10-20 02:50 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-06-25 21:34 - 2013-12-08 02:43 - 00001435 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-06-24 13:36 - 2014-06-03 13:06 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-06-24 13:36 - 2014-06-03 13:06 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-06-17 08:48 - 2015-05-27 19:07 - 00062792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-06-17 08:48 - 2013-10-20 02:51 - 06873232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-06-17 08:48 - 2013-10-20 02:51 - 03492168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-06-17 08:48 - 2013-10-20 02:51 - 02558792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-06-17 08:48 - 2013-10-20 02:51 - 00937616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-06-17 08:48 - 2013-10-20 02:51 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-06-14 21:10 - 2014-12-08 23:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Files in the root of some directories =======

2014-09-10 12:14 - 2014-02-19 16:04 - 1383399 _____ () C:\Users\webst\AppData\Roaming\Ansichten.pdf
2014-08-31 18:51 - 2014-08-31 18:51 - 0000000 _____ () C:\Users\webst\AppData\Roaming\gdfw.log
2014-08-31 18:50 - 2014-09-05 18:49 - 0001755 _____ () C:\Users\webst\AppData\Roaming\gdscan.log
2014-10-18 18:41 - 2014-10-18 18:42 - 0001916 _____ () C:\Users\webst\AppData\Roaming\MyMicroBalanceConfig.ini
2014-09-10 12:14 - 2014-02-19 13:34 - 0810221 _____ () C:\Users\webst\AppData\Roaming\Spende.pdf
2013-07-27 00:03 - 2014-03-18 16:35 - 0000081 _____ () C:\Users\webst\AppData\Roaming\WB.CFG
2012-12-03 12:34 - 2012-12-03 14:40 - 0000036 _____ () C:\Users\webst\AppData\Local\housecall.guid.cache
2012-09-23 21:38 - 2012-09-23 21:38 - 0000236 _____ () C:\Users\webst\AppData\Local\LaunchHomeCenter.log
2015-03-12 03:14 - 2015-03-12 03:14 - 0001558 _____ () C:\Users\webst\AppData\Local\recently-used.xbel
2012-11-27 03:53 - 2012-11-27 03:53 - 0000017 _____ () C:\Users\webst\AppData\Local\resmon.resmoncfg
2012-08-02 13:33 - 2012-08-02 13:33 - 0017408 _____ () C:\Users\webst\AppData\Local\WebpageIcons.db
2013-11-19 19:29 - 2013-11-19 19:29 - 0000011 _____ () C:\ProgramData\.tv7
2014-05-27 19:20 - 2014-05-27 19:20 - 0000040 ___SH () C:\ProgramData\.zreglib
2014-02-12 16:45 - 2014-02-12 16:45 - 0000038 _____ () C:\ProgramData\InstallerWebUI.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-13 19:03

==================== End of log ============================
         
--- --- ---

[/CODE]

Hey, im Moment alles extrem brav, Malwarebytes findet nichts mehr und selbst Windows Updates gehen wieder ! ( da hat es sich am meisten weggehangen :-)

Wenn es das war, meinen liebsten Dank !

Wenn nicht melde ich mich wieder.

ps.
Aber woran lag es nun genau ? Was hat es eigentlich entfernt ? Warum hat es Bitdefender nicht verhindert usw. ?

Alt 14.07.2015, 10:09   #8
schrauber
/// the machine
/// TB-Ausbilder
 

pum.bad.proxy kommt immer wieder - Standard

pum.bad.proxy kommt immer wieder



Da war schon einiges los an Malware. Ist jezt aber alles runter.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\MountPoints2: {5585cfe9-9a0e-11e3-811a-002522baf411} - "K:\setup.exe" 
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\MountPoints2: {9bf800cc-4643-11e3-807a-806e6f6e6963} - "F:\zdata\cobi.exe" 
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\MountPoints2: {b3611562-311c-11e4-823d-002522baf411} - "D:\zdata\cobi.exe" 
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3858550174-89373323-3384911765-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Windows Repair Tool laufen lassen:
Windows reparieren - so geht's - Anleitungen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.07.2015, 12:51   #9
snuggel123
 
pum.bad.proxy kommt immer wieder - Standard

pum.bad.proxy kommt immer wieder



Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version:12-07-2015
Ran by webst at 2015-07-14 11:54:41 Run:2
Running from C:\Users\webst\Desktop
Loaded Profiles: webst (Available Profiles: webst & Joerg)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\MountPoints2: {5585cfe9-9a0e-11e3-811a-002522baf411} - "K:\setup.exe" 
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\MountPoints2: {9bf800cc-4643-11e3-807a-806e6f6e6963} - "F:\zdata\cobi.exe" 
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\...\MountPoints2: {b3611562-311c-11e4-823d-002522baf411} - "D:\zdata\cobi.exe" 
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3858550174-89373323-3384911765-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Emptytemp:
*****************

HKU\S-1-5-21-3858550174-89373323-3384911765-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\LinkResolveIgnoreLinkInfo => value removed successfully
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKU\S-1-5-21-3858550174-89373323-3384911765-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value removed successfully
"HKU\S-1-5-21-3858550174-89373323-3384911765-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5585cfe9-9a0e-11e3-811a-002522baf411}" => key removed successfully
HKCR\CLSID\{5585cfe9-9a0e-11e3-811a-002522baf411} => key not found. 
"HKU\S-1-5-21-3858550174-89373323-3384911765-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bf800cc-4643-11e3-807a-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{9bf800cc-4643-11e3-807a-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-3858550174-89373323-3384911765-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3611562-311c-11e4-823d-002522baf411}" => key removed successfully
HKCR\CLSID\{b3611562-311c-11e4-823d-002522baf411} => key not found. 
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully.
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-3858550174-89373323-3384911765-1001\SOFTWARE\Policies\Google" => key removed successfully
EmptyTemp: => 292.9 MB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 11:55:04 ====
         
So nachdem Windows Repair Tool, was machen wir dann ?

Genau, ein Backup :-)


Und danke nochmal !!!!!

Alt 15.07.2015, 08:40   #10
schrauber
/// the machine
/// TB-Ausbilder
 

pum.bad.proxy kommt immer wieder - Standard

pum.bad.proxy kommt immer wieder



Bestehen noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.07.2015, 20:37   #11
snuggel123
 
pum.bad.proxy kommt immer wieder - Standard

pum.bad.proxy kommt immer wieder



Hi Schrauber,

alles ist okay !

Welchen Virenscanner kannst Du bei Malware empfehlen?
( um den Befall zu verhindern )


Habe diverse durch, Avirus, Kaspersky, Bitdefender und jetzt mal F-Secure.


Dazu halt Malwarebytes und ne Sandboxie.


Aber immer hat man wieder was :-(


Es gibt keinen wirklichen Schutz ausser Rechner aus zu lassen, oder ? :-)

Alt 19.07.2015, 14:12   #12
schrauber
/// the machine
/// TB-Ausbilder
 

pum.bad.proxy kommt immer wieder - Standard

pum.bad.proxy kommt immer wieder



sagen wir so: Wenn du malware willst, unbedingt, bekommste sie auch



Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu pum.bad.proxy kommt immer wieder
.dll, administrator, adobe, avg, bluestacks, browser, computer, defender, explorer, failed, firewall, flash player, google, helper, hijack, kaspersky, kommt immer wieder, launch, mozilla, nvidia, registry, rundll, safer networking, services.exe, software, system, temp, windows, winlogon.exe



Ähnliche Themen: pum.bad.proxy kommt immer wieder


  1. Interneteinstellungen gehen immer wieder auf Proxy
    Plagegeister aller Art und deren Bekämpfung - 03.10.2014 (23)
  2. dllhost.exe kommt immer wieder
    Log-Analyse und Auswertung - 06.09.2014 (5)
  3. CouponDropDown kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 04.05.2013 (37)
  4. GVU, Polizei, BKA Trojaner kommt immer und immer wieder
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (3)
  5. Stimme kommt immer wieder.
    Plagegeister aller Art und deren Bekämpfung - 28.08.2011 (1)
  6. Es erstellt sich immer ein Ordner und er kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 14.04.2011 (1)
  7. Trojaner kommt immer wieder
    Log-Analyse und Auswertung - 05.08.2010 (19)
  8. JS.Redirector.455 kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 07.11.2009 (1)
  9. Altnet kommt immer wieder
    Log-Analyse und Auswertung - 28.01.2009 (0)
  10. Virus kommt immer wieder !
    Plagegeister aller Art und deren Bekämpfung - 18.01.2009 (1)
  11. Trojaner kommt immer wieder...
    Log-Analyse und Auswertung - 24.08.2008 (11)
  12. uEXci4uY.exe kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 11.07.2008 (22)
  13. Trojaner, kommt immer wieder...!
    Plagegeister aller Art und deren Bekämpfung - 14.01.2007 (3)
  14. Fehler kommt immer wieder ...
    Antiviren-, Firewall- und andere Schutzprogramme - 22.12.2006 (2)
  15. Gefixtes kommt immer wieder!
    Log-Analyse und Auswertung - 07.03.2005 (7)
  16. TR.ZAPCHAST kommt immer wieder !?!?!
    Plagegeister aller Art und deren Bekämpfung - 08.12.2004 (22)
  17. Startseite kommt immer wieder
    Log-Analyse und Auswertung - 12.08.2004 (2)

Zum Thema pum.bad.proxy kommt immer wieder - Hey, das Teil nervt :-) Hoffe man kann helfen. Die gewünschten Logs : Code: Alles auswählen Aufklappen ATTFilter Hey, das Teil nervt :-) Hoffe man kann helfen. Die gewünschten Logs - pum.bad.proxy kommt immer wieder...
Archiv
Du betrachtest: pum.bad.proxy kommt immer wieder auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.