Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: "Ads by Discount Man" durch Trojan:Win32/Colisi.B?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 16.08.2015, 12:46   #1
Bouncer999
 
"Ads by Discount Man" durch Trojan:Win32/Colisi.B? - Standard

"Ads by Discount Man" durch Trojan:Win32/Colisi.B?



Hallo liebes Trojaner-Board Team,

vor rund 2 Monaten hat mein Chrome Browser angefangen Werbungen mit dem Hinweis "Ads by DiscountMan" einzublenden, der Name hat dann auch manchmal variiert. Es wurden auch u.a. immer wieder die "Reimage Repair Website" geöffnet. Ich habe dann natürlich im Internet recherchiert und mich durch unzählige Malwarescanner, Adwarescanner etc durchgeackert doch nichts hat gegen diese lästige Extension im Browser geholfen. Nun habe ich den Laptop folgerichtig kaum benutzt und schon garnicht für sensible Daten(Bankkonto usw). Doch als ich heute meinen Laptop gestartet habe, hat Microsoft Security Essentials etwas entdeckt: "Trojan:Win32/Colisi.B". Nach dem Entfernen dieser Datei war auch plötzlich die hartnäckige Extension im Chrome Browser verschwunden und es wurde keine Werbung mehr zugeschaltet. Ich habe aber dann noch sicherheitshalber Scans mit AdwCleaner, Malwarebytes Anti-Malware sowie mit dem ESET Online Scanner durchgeführt, wobei AdwCleaner und ESET wieder etwas gefunden haben. Dies hat mich stutzig gemacht und bin dann zum Glück auf euch hier gestoßen und hoffe auf euer Expertenwissen

Nun zu den Logfiles:

FRST:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-08-2015 01
Ran by Daniel (administrator) on DANIEL-LAPTOP (16-08-2015 11:46:25)
Running from D:\Bibliotheken\Downloads
Loaded Profiles: Daniel (Available Profiles: Daniel)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Englisch (USA)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
( ) C:\Windows\System32\lxbkcoms.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe
(National Instruments Corporation) D:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) D:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(National Instruments Corporation) D:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments Corporation) D:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Authentec) C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
(National Instruments Corporation) D:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(Bison Inc.) C:\Program Files (x86)\BisonCam\PID_0361\DeLay.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Users\Daniel\AppData\Local\Amazon Music\Amazon Music Helper.exe
(© 2015 Microsoft Corporation) C:\Users\Daniel\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(National Instruments Corporation) D:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
(Apple Inc.) D:\Programme\iTunes\iTunesHelper.exe
(Adobe Systems Inc.) C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Advanced Micro Devices Inc.) D:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) D:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Motorola Solutions, Inc.) D:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) D:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) D:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2817320 2011-07-28] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [DeLay] => C:\Program Files (x86)\BisonCam\PID_0361\DeLay.exe [53248 2008-12-05] (Bison Inc.)
HKLM\...\Run: [KeepSafe] => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe [38728 2011-10-21] (Authentec)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "D:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1374720 2010-11-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => D:\Programme\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\Acrotray.exe [640376 2008-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AceGain LiveUpdate] => D:\Program Files (x86)\AceGain\LiveUpdate\LiveUpdate.exe
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-07-09] (Raptr, Inc)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => D:\Program Files\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-06-22] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-275163941-716568953-1963556569-1000\...\Run: [Amazon Music] => C:\Users\Daniel\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886784 2015-07-06] ()
HKU\S-1-5-21-275163941-716568953-1963556569-1000\...\Run: [BingSvc] => C:\Users\Daniel\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2013-07-26]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk [2014-11-12]
ShortcutTarget: NI Error Reporting.lnk -> D:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2014-11-19]
ShortcutTarget: An OneNote senden.lnk -> D:\Programme\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {BC6D10E6-AE59-4cef-83DB-FD4C9BC7B7F2} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll [2011-10-21] (Authentec)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {93BB455E-3D52-4fba-9733-E5103B30FC12} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll [2011-10-21] (Authentec)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-004752
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-004752&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-275163941-716568953-1963556569-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-004752&q={searchTerms}
HKU\S-1-5-21-275163941-716568953-1963556569-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-at/?ocid=iehp
HKU\S-1-5-21-275163941-716568953-1963556569-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-004752
HKU\S-1-5-21-275163941-716568953-1963556569-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-004752
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-004752&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-004752&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-275163941-716568953-1963556569-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-004752&q={searchTerms}
SearchScopes: HKU\S-1-5-21-275163941-716568953-1963556569-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-004752&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Programme\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Programme\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Programme\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Winsock: Catalog5 10 D:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512 2013-05-11] (National Instruments Corporation)
Winsock: Catalog5-x64 10 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560 2013-05-11] (National Instruments Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3DE3B051-154F-485F-AC96-0364F46F7A31}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-07-25] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Programme\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\AuthenTec TrueSuite\x86\npffwloplugin.dll [2012-08-24] (AuthenTec, Inc)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-275163941-716568953-1963556569-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Daniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-01-08] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-04-06]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-26]
CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-26]
CHR Extension: (Google Search) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-26]
CHR Extension: (Google Wallet) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-08]
CHR Extension: (Gmail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-26]
CHR HKLM-x32\...\Chrome\Extension: [oelloajafbopojkjmieelljfkcmdpdhf] - C:\Program Files\AuthenTec TrueSuite\x86\tschrome.crx [2012-08-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bluetooth Device Monitor; D:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [1206648 2014-12-04] (Motorola Solutions, Inc.)
R2 Bluetooth Media Service; D:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1710456 2015-01-13] (Motorola Solutions, Inc.)
R2 Bluetooth OBEX Service; D:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [1165688 2014-10-28] (Motorola Solutions, Inc.)
R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [2125160 2012-08-24] (AuthenTec, Inc)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
S2 iBtSiva; D:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [131312 2015-03-20] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319080 2015-06-04] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-15] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-15] (Intel Corporation)
R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53544 2013-06-12] (National Instruments Corporation)
R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63792 2013-06-12] (National Instruments Corporation)
R2 lxbk_device; C:\Windows\system32\lxbkcoms.exe [565928 2008-02-19] ( )
R2 lxbk_device; C:\Windows\SysWOW64\lxbkcoms.exe [537256 2008-02-19] ( )
R2 mitsijm2014; C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe [952608 2013-01-25] (Autodesk, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 NIApplicationWebServer; D:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57696 2013-12-10] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [81248 2013-12-10] (National Instruments Corporation)
R2 NIDomainService; D:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [380720 2013-06-12] (National Instruments Corporation)
R2 nimDNSResponder; D:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [260976 2013-05-11] (National Instruments Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NiSvcLoc; D:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [90440 2013-12-10] (National Instruments Corporation)
R2 NISystemWebServer; D:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57680 2013-12-10] (National Instruments Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [995568 2015-08-09] (Overwolf LTD)
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [35840 2012-06-28] () [File not signed]
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [315488 2015-02-18] (Skype Technologies)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [14848 2012-02-24] (Intel Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
S3 BMCMEMUSB; C:\Windows\System32\Drivers\bmcmusb.sys [23760 2010-08-13] (BMC Messsysteme GmbH)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-17] (Disc Soft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-22] (Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [22776 2011-12-22] (Intel Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 btmaux; system32\DRIVERS\btmaux.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-16 11:41 - 2015-08-16 11:41 - 00084675 _____ C:\Users\Daniel\Desktop\Addition.txt
2015-08-16 11:40 - 2015-08-16 11:44 - 00031893 _____ C:\Users\Daniel\Desktop\FRST.txt
2015-08-16 11:39 - 2015-08-16 11:46 - 00000000 ____D C:\FRST
2015-08-16 11:38 - 2015-08-16 11:38 - 02173952 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2015-08-16 11:36 - 2015-08-16 11:36 - 00000544 _____ C:\Users\Daniel\Desktop\defogger_disable.log
2015-08-16 11:36 - 2015-08-16 11:36 - 00000168 _____ C:\Users\Daniel\defogger_reenable
2015-08-16 11:28 - 2015-08-16 11:28 - 00050477 _____ C:\Users\Daniel\Desktop\Defogger.exe
2015-08-16 07:50 - 2015-08-16 07:50 - 00000718 _____ C:\Users\Daniel\Desktop\eset.txt
2015-08-16 06:24 - 2015-08-16 06:24 - 00000149 _____ C:\Users\Daniel\Desktop\Microsoft Security Essentials findet wiederholt Trojan-Win32 und BrowserModifier-Win32.url
2015-08-16 05:26 - 2015-08-16 05:26 - 00000142 _____ C:\Users\Daniel\Desktop\Löschen von Dateien mithilfe der Datenträgerbereinigung - Windows-Hilfe.url
2015-08-16 04:59 - 2015-08-16 05:00 - 00003220 _____ C:\Windows\System32\Tasks\avastBCLRestart_chrome.exe
2015-08-16 04:56 - 2015-08-16 05:05 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\AVAST Software
2015-08-16 04:31 - 2015-08-16 04:37 - 00000000 ____D C:\ProgramData\SecTaskMan
2015-08-16 04:31 - 2015-08-16 04:31 - 00000000 ____D C:\Users\Daniel\AppData\Local\SecTaskMan
2015-08-16 03:43 - 2015-08-16 03:43 - 00000880 _____ C:\AdwCleaner[S1].txt
2015-08-16 03:40 - 2015-08-16 03:40 - 00000814 _____ C:\AdwCleaner[S4].txt
2015-08-16 03:31 - 2015-08-16 03:31 - 00001682 _____ C:\AdwCleaner[C1].txt
2015-08-16 03:30 - 2015-08-16 03:30 - 00001406 _____ C:\AdwCleaner[S3].txt
2015-07-25 06:36 - 2015-07-25 06:36 - 00000325 _____ C:\Users\Daniel\Desktop\Malware entfernen- Versteckte Spy- und Adware finden - PC ..-.url
2015-07-25 06:36 - 2015-07-25 06:36 - 00000319 _____ C:\Users\Daniel\Desktop\Wie entfernt man Adware und Malware endgültig vom PC-.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-16 11:43 - 2009-07-14 06:45 - 00020096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-16 11:43 - 2009-07-14 06:45 - 00020096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-16 11:39 - 2013-07-25 21:46 - 00702220 _____ C:\Windows\system32\perfh007.dat
2015-08-16 11:39 - 2013-07-25 21:46 - 00151098 _____ C:\Windows\system32\perfc007.dat
2015-08-16 11:39 - 2009-07-14 07:13 - 01632994 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-16 11:38 - 2013-07-26 01:48 - 01479707 _____ C:\Windows\WindowsUpdate.log
2015-08-16 11:37 - 2015-05-06 19:31 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Raptr
2015-08-16 11:36 - 2013-07-26 01:48 - 00000000 ____D C:\Users\Daniel
2015-08-16 11:35 - 2013-09-09 19:38 - 00102188 _____ C:\Windows\setupact.log
2015-08-16 11:35 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-16 11:17 - 2013-09-12 17:57 - 00192856 _____ C:\Windows\PFRO.log
2015-08-16 06:09 - 2015-06-05 00:09 - 00000356 _____ C:\Windows\Tasks\SubprogSplitter.job
2015-08-16 03:19 - 2014-11-25 10:56 - 00000754 _____ C:\Users\Daniel\AppData\Local\GUNT PT500 dyn.ini
2015-08-16 02:59 - 2015-04-01 14:58 - 00000000 ____D C:\Program Files (x86)\Overwolf
2015-08-09 19:09 - 2015-06-21 14:37 - 00000024 _____ C:\Users\Daniel\AppData\Roaming\appdataFr25.bin
2015-07-19 19:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-07-18 23:47 - 2013-09-15 18:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

==================== Files in the root of some directories =======

2015-06-21 14:37 - 2015-08-09 19:09 - 0000024 _____ () C:\Users\Daniel\AppData\Roaming\appdataFr25.bin
2014-03-22 22:18 - 2014-03-22 22:18 - 0003584 _____ () C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-25 10:56 - 2015-08-16 03:19 - 0000754 _____ () C:\Users\Daniel\AppData\Local\GUNT PT500 dyn.ini
2014-04-16 17:27 - 2014-04-16 20:06 - 0001494 _____ () C:\Users\Daniel\AppData\Local\RecConfig.xml
2015-04-01 04:41 - 2015-04-01 04:41 - 0002807 _____ () C:\Users\Daniel\AppData\Local\recently-used.xbel
2013-07-26 02:10 - 2013-07-26 02:10 - 0005377 _____ () C:\Users\Daniel\AppData\Local\WiDiSetupLog.20130726.021021.txt
2014-01-03 20:29 - 2014-01-03 23:13 - 0000041 ___SH () C:\ProgramData\.zreglib
2009-12-15 13:33 - 2009-12-15 13:33 - 0007778 _____ () C:\ProgramData\AW_Texte.bin
2014-10-15 08:21 - 2014-10-15 08:21 - 0000029 _____ () C:\ProgramData\GUNT GUNT WP300.ini dyn.ini
2008-06-23 14:47 - 2008-06-23 14:47 - 0001308 _____ () C:\ProgramData\GUNT WP300.ini
2008-11-13 11:35 - 2008-11-13 11:35 - 0001313 _____ () C:\ProgramData\GUNT WP310.ini
2013-07-25 22:09 - 2013-09-08 19:10 - 0000248 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2010-06-30 10:07 - 2010-06-30 10:07 - 0002111 _____ () C:\ProgramData\PT 500.04.ini
2014-03-13 19:36 - 2014-03-13 19:36 - 0443275 _____ () C:\ProgramData\Software_Terminologie.txt

Some files in TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\AcDeltree.exe
C:\Users\Daniel\AppData\Local\Temp\amd-catalyst-omega-14.12-without-dotnet45-win7-64bit.exe
C:\Users\Daniel\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\Daniel\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Daniel\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Daniel\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Daniel\AppData\Local\Temp\HitmanPro.exe
C:\Users\Daniel\AppData\Local\Temp\install-drivers-4.4.455.exe
C:\Users\Daniel\AppData\Local\Temp\JavaRa.exe
C:\Users\Daniel\AppData\Local\Temp\jli.dll
C:\Users\Daniel\AppData\Local\Temp\jre-7u45-windows-i586.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Daniel\AppData\Local\Temp\keytool.exe
C:\Users\Daniel\AppData\Local\Temp\LabJackV117_driversonly.exe
C:\Users\Daniel\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Daniel\AppData\Local\Temp\mhfns1pt.dll
C:\Users\Daniel\AppData\Local\Temp\msvcr100.dll
C:\Users\Daniel\AppData\Local\Temp\node.exe
C:\Users\Daniel\AppData\Local\Temp\ntwdblib.dll
C:\Users\Daniel\AppData\Local\Temp\ose00001.exe
C:\Users\Daniel\AppData\Local\Temp\PidGenX.dll
C:\Users\Daniel\AppData\Local\Temp\Quarantine.exe
C:\Users\Daniel\AppData\Local\Temp\raptrpatch.exe
C:\Users\Daniel\AppData\Local\Temp\raptr_stub.exe
C:\Users\Daniel\AppData\Local\Temp\rtdrvmon.exe
C:\Users\Daniel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Daniel\AppData\Local\Temp\sqlite3.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-19 00:10

==================== End of log ============================
         
Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version:14-08-2015 01
Ran by Daniel (2015-08-16 11:46:40)
Running from D:\Bibliotheken\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-275163941-716568953-1963556569-500 - Administrator - Disabled)
Daniel (S-1-5-21-275163941-716568953-1963556569-1000 - Administrator - Enabled) => C:\Users\Daniel
Guest (S-1-5-21-275163941-716568953-1963556569-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-275163941-716568953-1963556569-1000\...\Amazon Amazon Music) (Version: 3.9.7.901 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{14D58A97-B60E-A858-34D8-95469C02F7EC}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2013 v.11.0.6 (HKLM-x32\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.6 - Ashampoo GmbH & Co. KG)
AuthenTec Fingerprint Driver (Version: 1.6.1.0342 - AuthenTec) Hidden
AuthenTec TrueSuite (HKLM\...\{9A4D399F-F790-4326-A9E4-64DF25E0EBE1}) (Version: 5.2.500.16 - AuthenTec, Inc.)
Autodesk Inventor Content Center Libraries 2014 (Desktop Content) (HKLM\...\{B46DECD1-1864-4EF1-0000-22D71E81877C}) (Version: 18.0.17000.0000 - Autodesk)
Autodesk Inventor Professional 2014 - Deutsch (German) (HKLM\...\Autodesk Inventor Professional 2014) (Version: 18.0.17000.0000 - Autodesk)
Autodesk Inventor Professional 2014 (Version: 18.0.17000.0000 - Autodesk) Hidden
Autodesk Inventor Professional 2014 Language Pack - Deutsch (German) (Version: 18.0.17000.0000 - Autodesk) Hidden
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2014 (HKLM-x32\...\{5C29CC1F-218F-4C30-948A-11066CAC59FB}) (Version: 4.0.19.0 - Autodesk)
Battlefield Vietnam(TM) (HKLM-x32\...\{E35B3C63-E958-4E31-A178-95D22024109A}) (Version:  - )
BFVCC Server Manager (HKLM-x32\...\BFVCC Server Manager1.00_A Beta) (Version:  - )
Bilder-CD Produktionsorganisation, 8. Aufl. - Einzellizenz (HKLM-x32\...\Bilder-CD Produktionsorganisation_is1) (Version:  - Verlag Europa-Lehrmittel)
BisonCam (HKLM-x32\...\{5BBC4803-C96E-4D3E-9D1D-2E43774C4062}) (Version:  - BisonCam)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version:  - Valve)
Eco Materials Adviser for Autodesk Inventor 2014 (64-bit) (HKLM\...\{530B8614-C5DE-475B-AF6F-71BED461552C}) (Version: 4.4.1.0 - Granta Design Limited)
FIFA 13 (HKLM-x32\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.8.0.0 - Electronic Arts)
Finger Printer (HKLM-x32\...\InstallShield_{793C03D1-884D-4C11-A7F6-07F3FDF10066}) (Version: 2.00.0000 - )
Finger Printer (x32 Version: 2.00.0000 - ) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free YouTube Download version 3.2.30.319 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.30.319 - DVDVideoSoft Ltd.)
G.U.N.T. PT500.04 (HKLM-x32\...\{20CAA3E9-2F37-4FEC-901B-66646223CD58}) (Version: 2.6.0 - G.U.N.T. Gerätebau GmbH)
G.U.N.T._WP3X0 (HKLM-x32\...\{C9F3B2E1-55D2-4198-93FC-E292D2147209}) (Version: 3.8.0 - G.U.N.T. Gerätebau GmbH)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
HeidiSQL 8.1.0.4545 (HKLM-x32\...\HeidiSQL_is1) (Version: 8.1 - Ansgar Becker)
Hotkey 6.0082 (HKLM-x32\...\InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}) (Version: 6.0082 - NoteBook)
Hotkey 6.0082 (x32 Version: 6.0082 - NoteBook) Hidden
Intel Extreme Tuning Utility (HKLM-x32\...\{7C1CA9A1-4A23-4CC5-AC7E-D81D9E0C9493}) (Version: 3.1.105.0 - Intel Corporation)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4226 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel(R) Wireless Bluetooth(R)(patch version 17.1.1512.771) (HKLM\...\{302600C1-6BDF-4FD1-1501-148929CC1385}) (Version: 17.1.1501.0514 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{89a03d4c-5e14-4180-984e-6932893138fc}) (Version: 17.14.0 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version:  - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 10.3.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.3.5 - )
L.A. Noire (HKLM-x32\...\{915726DF-7891-444A-AA03-0DF1D64F561A}) (Version: 1.00.0000 - Rockstar Games)
LabJack (HKLM-x32\...\LabJack) (Version:  - )
Lexmark X1100 Series (HKLM\...\Lexmark X1100 Series) (Version:  - Lexmark International, Inc.)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Mathcad PDSi viewable support (HKLM-x32\...\Mathcad PDSi viewable support) (Version: 9.0.0 - Adobe Systems)
Mathcad PDSi viewable support (x32 Version: 9.0.0 - Adobe Systems) Hidden
Mathcad Prime 2.0 (HKLM\...\{CC0987FE-EC76-41E0-AD67-BCD9E4E27C4F}) (Version: 2.0.1 - PTC)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office Language Pack 2013  - German/Deutsch (HKLM\...\Office15.OMUI.de-de) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{3c3aafc8-d898-43ec-998f-965ffdae065a}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSI Kombustor 2.5.0 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version:  - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
National Instruments - Software (HKLM-x32\...\NI Uninstaller) (Version:  - National Instruments)
NI Authentication 13.5.0 (64-bit) (Version: 13.5.70 - National Instruments) Hidden
NI Authentication 13.5.0 (x32 Version: 13.5.70 - National Instruments) Hidden
NI Curl 13.5.0 (64-bit) (Version: 13.5.69 - National Instruments) Hidden
NI Curl 13.5.0 (x32 Version: 13.5.69 - National Instruments) Hidden
NI Error Reporting 2013 SP1 (x32 Version: 13.1.98 - National Instruments) Hidden
NI EulaDepot (x32 Version: 3.20.362 - National Instruments) Hidden
NI GMP Windows 32-bit Installer 13.5.0 (x32 Version: 13.50.15 - National Instruments) Hidden
NI GMP Windows 64-bit Installer 13.5.0 (Version: 13.50.15 - National Instruments) Hidden
NI LabVIEW 2011 Real-Time NBFifo (x32 Version: 11.0.250.0 - National Instruments) Hidden
NI LabVIEW 2013 Deployment Framework (x32 Version: 13.0.428 - National Instruments) Hidden
NI LabVIEW Real-Time FIFO for Runtime (x32 Version: 8.5.264.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2011 SP1 (x32 Version: 11.0.448.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 8.5.1 (x32 Version: 8.5.306.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2011 (x32 Version: 11.0.449.0 - National Instruments) Hidden
NI LabVIEW Web Server for Run-Time Engine (x32 Version: 11.0.375.0 - National Instruments) Hidden
NI Logos 5.5 (64-bit) (Version: 5.5.293 - National Instruments) Hidden
NI Logos 5.5 (x32 Version: 5.5.293 - National Instruments) Hidden
NI Logos XT Support (x32 Version: 5.5.294 - National Instruments) Hidden
NI Logos64 XT Support (Version: 5.5.294 - National Instruments) Hidden
NI Math Kernel Libraries (64-bit) (Version: 1.0.10.0 - National Instruments) Hidden
NI Math Kernel Libraries (x32 Version: 1.0.10.0 - National Instruments) Hidden
NI Math Kernel Libraries (x32 Version: 1.0.861.0 - National Instruments) Hidden
NI MDF Support (x32 Version: 3.20.362 - National Instruments) Hidden
NI mDNS Responder 2.2 for Windows 64-bit (Version: 2.20.49152 - National Instruments) Hidden
NI mDNS Responder 2.2.0 (x32 Version: 2.20.49152 - National Instruments) Hidden
NI Measurement Studio ComponentWorks 3D Graph (x32 Version: 8.6.10603 - National Instruments) Hidden
NI NI LabVIEW 2011 SP1 Run-Time Engine Non-English Support (x32 Version: 11.0.302.0 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (64-bit) (Version: 1.0.29.0 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (x32 Version: 1.0.29.0 - National Instruments) Hidden
NI Service Locator 13.5 (x32 Version: 13.5.70 - National Instruments) Hidden
NI SSL Support (64-bit) (Version: 13.5.69 - National Instruments) Hidden
NI SSL Support (x32 Version: 13.5.69 - National Instruments) Hidden
NI System State Publisher (64-bit) (Version: 13.1.97 - National Instruments) Hidden
NI System State Publisher (x32 Version: 13.1.97 - National Instruments) Hidden
NI System Web Server 13.5 (x32 Version: 13.5.69 - National Instruments) Hidden
NI System Web Server Base 13.5.0 (64-bit) (Version: 13.5.69 - National Instruments) Hidden
NI System Web Server Base 13.5.0 (x32 Version: 13.5.69 - National Instruments) Hidden
NI TDM Streaming 2.5 (64-bit) (Version: 2.5.46 - National Instruments) Hidden
NI TDM Streaming 2.5 (x32 Version: 2.5.46 - National Instruments) Hidden
NI Trace Engine (64-bit) (Version: 13.5.69 - National Instruments) Hidden
NI Trace Engine (x32 Version: 13.5.69 - National Instruments) Hidden
NI Uninstaller (x32 Version: 3.20.362 - National Instruments) Hidden
NI VC2008MSMs x64 (Version: 9.0.401 - National Instruments) Hidden
NI VC2008MSMs x86 (x32 Version: 9.0.401 - National Instruments) Hidden
NI Web Application Server 13.5 (64-bit) (Version: 13.5.70 - National Instruments) Hidden
NI Web Application Server 13.5 (x32 Version: 13.5.70 - National Instruments) Hidden
OpenProj (HKLM-x32\...\{13702021-43FB-480C-912F-D9B74A538288}) (Version: 1.4.0 - Serena Software Inc.)
Origin (HKLM-x32\...\Origin) (Version: 9.0.10.69 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.88.41.0 - Overwolf Ltd.)
PTC Quality Agent (HKLM-x32\...\{DE75B409-8D86-4574-944D-3B5E25D87B30}) (Version: 2.0.0.0 - PTC)
PunkBuster für Battlefield Vietnam (HKLM-x32\...\{D07643A3-CE41-4286-8C78-EB9C83E76DDB}) (Version:  - )
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.54.309.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.27020 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.1 - Rockstar Games)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0100-0407-1000-0000000FF1CE}_Office15.OMUI.de-de_{4A8F14BC-FE6D-4FC8-AA48-14D574A71843}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.18.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
THX TruStudio Pro (HKLM-x32\...\{82F99DC9-389A-4528-940C-88248731A620}) (Version: TAMB-CVS1D-1-LB R07 - Creative Technology Limited)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)
TrackMania 2 - Canyon (HKLM-x32\...\{6DF1B3E4-3EF6-4BFD-8C60-ABBCD423B5A6}_is1) (Version: v1.0 - RAF)
Unity Web Player (HKU\S-1-5-21-275163941-716568953-1963556569-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.OMUI.de-de_{CBCC2FD8-7DFE-4752-95B5-2E447C226F45}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.OMUI.de-de_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
WebCam Installer (HKLM-x32\...\InstallShield_{2A14D7BC-1876-4B38-830B-18856C27F550}) (Version: 4.04 - WebCam)
WebCam Installer (x32 Version: 4.04 - WebCam) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{00F064D8-FEC3-48ac-B07D-39C314D1727B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\TestServer.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{1029ABC3-2457-11D5-8E9D-0010B541CD80}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Compatibility\Bin\DbxBridge.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{13009989-EFB5-48C9-8BD2-943E0392BD71}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxAppCtrl.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{162EF0A1-5A33-46F2-ACCF-CA388B084A09}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{18A21864-E37B-42b9-9612-2C1E8C450A29}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{21DB88B0-BFBF-11D4-8DE6-0010B541CAA8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\iDrop.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{244298EC-E661-11d4-BC13-0010B5891E89}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\TI.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{2F8377FC-50C1-44EF-AB7A-8FF1BB8EA277}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{3497C2EC-5684-4B21-AF74-F6760E0221DC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{3897B445-D5B8-410d-899A-9789B8ADB643}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Compatibility\Bin\DbxBridge.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{3C3F63EA-C7BA-11d4-8E60-0010B541CD80}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Compatibility\Bin\DbxBridge.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{3FC94EB5-AEBD-4f3f-A2A4-B6CE57113C01}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxAppDocView.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{44A52280-AE56-490D-890C-89FB7279ED6B}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{45122C53-8483-4b62-B15A-EAA9FE5FC3D5}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{4C80573A-9150-11d2-B772-0060B0F159EF}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxAppDocView.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{4D29B490-49B2-11D0-93C3-7E0706000000}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{4E6F2E83-E7F0-4333-9772-875EB733C820}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxTest.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{622F6193-E4DD-46E6-BC66-2ED88E9FD28D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{62FBB030-24C7-11D3-B78D-0060B0F159EF}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{644190AE-BD8F-493F-B63D-C79404AC5E07}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{6FDE7A70-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{6FDE7A71-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{6FDE7A72-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{6FDE7A73-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{6FDE7A74-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{6FDE7A77-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtCp.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{72EC5CC5-88F3-45B1-A865-0A327DF58CC8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{76283A80-50DD-11D3-A7E3-00C04F79D7BC}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{7BA16B3F-1AB3-4BD7-B959-52C4B8504EE9}\InprocServer32 -> AcInetUI.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{81D07C3D-0350-11D3-B7C2-0060B0EC020B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxAppCtrl.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{834CE679-2E47-49DE-9E41-FEC87E9192EB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{8421A29C-54B8-11D1-9837-0060B03C43C8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\SolidObject.Dll ()
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{846217D0-8954-11D2-8DCD-0060B0C32531}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\UCxTextBtn.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{846217D1-8954-11D2-8DCD-0060B0C32531}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\UCxTextBtn.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{8B0E6BD9-610C-11D1-9842-0060B03C43C8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\SolidObject.Dll ()
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\TestServer.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{97E17F04-17DF-11d5-BC38-0010B5891E89}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\BodyReceiver.dll ()
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{B6B5DC40-96E3-11d2-B774-0060B0F159EF}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{B8E7214B-25CA-4116-84CB-E86FB9625B36}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{BBF9FDF1-52DC-11D0-8C04-0800090BE8EC}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{BE54741D-E02B-4572-93D6-105AF4EDE777}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{BF224DC3-B602-4EEE-BFE9-9E4E0AED6837}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{BF4CC07E-E9BB-40D6-873F-855B211033B9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{C061C82C-D041-4214-BB07-B608107CEFCB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{C2D4ACCC-A3D1-4A0A-AD59-0DD8BA3D5EE1}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{C343ED84-A129-11d3-B799-0060B0F159EF}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxApprenticeServer.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{C92F8F8C-8B2C-11d4-B872-0060B0EC020B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{CFEE2BAF-14F9-4D23-853D-B6E2BCC14263}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{D7A1987D-4A73-11D1-9A4B-080009DCE505}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ColorButton.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{D7A1987E-4A73-11D1-9A4B-080009DCE505}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ColorButton.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{DA1F437C-9BD9-11d4-B87C-0060B0EC020B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{DB207560-8449-4FAF-BDC2-61676EB012D4}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{DB5D476B-3FF4-4E9D-A606-1E2B473BE571}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\AcInetUI.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{DCA7356C-FF94-4b20-AE04-7AA6A8E14117}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{DDA9A20F-5B56-49F5-9465-CE82FC199352}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{DE6B563C-B074-4BF1-A8A0-B3FED8703E99}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{E1C85E9F-60B2-4007-80C3-2C5E09474C3B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxInventorUtilities.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\TestServer.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{E60F81E1-49B3-11D0-93C3-7E0706000000}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{F13E75B9-6AF6-49CB-80B3-6D2FF6E09932}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{F61064CC-DBFB-47ee-9BC8-CA5A1CBDF0DA}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\InvResc.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{FA62F626-EBD5-4dc5-B970-D9E81E0E20E0}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{FB469644-3F14-4403-ACCA-6B13486FF7BD}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\InvTXTStack.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}\InprocServer32 -> axdb.dll No File

==================== Restore Points =========================

18-07-2015 23:58:05 Windows Update
24-07-2015 20:00:09 Windows Update
02-08-2015 04:12:53 Windows Update
09-08-2015 19:24:02 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2011-09-21 14:42 - 00000950 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 mp02.maniaplanet.com
127.0.0.1 mp01.maniaplanet.com
127.0.0.1 mp03.maniaplanet.com
127.0.0.1 game.maniaplanet.com


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B66E21E-62C9-41BF-BAB8-9A599EF41CBE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {1687E894-4D95-4813-BDE6-1096B90ED626} - System32\Tasks\SubprogSplitter => c:\programdata\{b696ba41-44ec-d83c-b696-6ba4144ee905}\4680700327730883464b.exe <==== ATTENTION
Task: {1809969E-D28D-411E-95FC-07B52B8FE92E} - System32\Tasks\avastBCLRestart_chrome.exe => Chrome.exe 
Task: {19DAE073-5295-4527-BC58-DB0000F06AF9} - System32\Tasks\Amazon Music Helper => C:\Users\Daniel\AppData\Local\Amazon Music\Amazon Music Helper.exe [2015-07-06] ()
Task: {1AD7D723-C923-464B-ACE6-1B170714A58F} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-08-09] (Overwolf LTD)
Task: {3B057293-0A04-4F9E-B662-AA4A0E793860} - System32\Tasks\{D8A22D5C-A4C1-41D2-87D9-9A33166D1EF7} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.0.102/de/abandoninstall?page=tsProgressBar
Task: {4363DA6F-625A-4118-92D4-F01FFCDF6BE1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A746AAAC-5DD0-494B-986B-C5E47AE7901D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {CCF7B3DC-F4A5-41D8-83A1-1195FBC7629D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {D04CB132-C336-467C-84BB-B80A2895DF4E} - System32\Tasks\{4867A6DC-FE48-4375-8DCD-4B7BB9A09120} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.0.102/de/abandoninstall?page=tsMain
Task: {D8B8770D-6003-43A2-A6C0-565DF7325A57} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EE6599E3-FA88-45CF-8D90-CF5C7FC853EB} - System32\Tasks\CCleanerSkipUAC => D:\Programme\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\SubprogSplitter.job => c:\programdata\{b696ba41-44ec-d83c-b696-6ba4144ee905}\4680700327730883464b.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2013-07-26 02:04 - 2012-03-15 06:48 - 00127320 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2012-06-28 16:44 - 2012-06-28 16:44 - 00035840 _____ () C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
2012-08-24 03:37 - 2012-08-24 03:37 - 01136488 _____ () C:\Program Files\AuthenTec TrueSuite\DataManager.dll
2012-08-24 03:38 - 2012-08-24 03:38 - 00087400 _____ () C:\Program Files\AuthenTec TrueSuite\ssutil.dll
2013-07-26 02:13 - 2010-11-12 12:38 - 00241152 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-12-27 15:57 - 2015-07-06 19:47 - 05886784 _____ () C:\Users\Daniel\AppData\Local\Amazon Music\Amazon Music Helper.exe
2012-11-19 10:37 - 2012-11-19 10:37 - 04747264 _____ () C:\Program Files (x86)\Hotkey\Hotkey.exe
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-06-06 14:50 - 2009-06-06 14:50 - 00019968 _____ () C:\Program Files (x86)\Hotkey\Audiodll.dll
2013-06-07 10:59 - 2013-06-07 10:59 - 01958560 _____ () D:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\niwsrp.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 20:17 - 2011-02-15 20:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-23 00:57 - 2010-11-23 00:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2014-08-14 02:37 - 2014-08-14 02:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2014-08-14 02:37 - 2014-08-14 02:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-23 00:57 - 2010-11-23 00:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-21 02:05 - 2013-11-21 02:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-23 00:57 - 2010-11-23 00:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-18 02:56 - 2014-06-18 02:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 20:17 - 2011-02-15 20:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-23 01:06 - 2010-11-23 01:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2015-05-26 00:34 - 2015-05-22 22:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-26 00:34 - 2015-05-22 22:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
2013-07-26 02:04 - 2012-03-06 09:27 - 01198872 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:C96E8EEDE02BF6BD

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-275163941-716568953-1963556569-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B1B789CE-E8BB-40BD-A45F-5F9726F6021A}] => (Allow) D:\Programme\Microsoft Office\Office15\lync.exe
FirewallRules: [{8E5B7BA2-26B4-436D-9224-304779CF399C}] => (Allow) D:\Programme\Microsoft Office\Office15\lync.exe
FirewallRules: [{D3273947-66EA-49F0-9103-B98485A102FC}] => (Allow) D:\Programme\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{497EB0BE-DB81-448C-AB2C-CA6898C14457}] => (Allow) D:\Programme\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D5EC304A-3D7E-4469-8947-3594ACA84A2B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{5AF002FF-35E0-47EB-AF72-607B45EEC25C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FDCDFCE2-2506-4E73-A80B-DFFA2BCE505B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{485CB457-4EDC-4CA6-9BDC-9C9C5AA766E8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9A71C8DA-427D-455A-A381-76AE53A7E8B5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0A468F93-B583-44D5-9745-9D95BBF77A5D}] => (Allow) D:\Programme\Skype\Phone\Skype.exe
FirewallRules: [{F2431B55-DCA7-400E-A5B7-B813E49B57E4}] => (Allow) D:\Programme\Steam\Steam.exe
FirewallRules: [{D61A59F1-99E4-4F2B-8D1D-881C0ECB2269}] => (Allow) D:\Programme\Steam\Steam.exe
FirewallRules: [TCP Query User{E53146AE-F5C2-4EE8-89B8-276E60CC9B5D}D:\programme\steam\steamapps\common\day of defeat source\hl2.exe] => (Block) D:\programme\steam\steamapps\common\day of defeat source\hl2.exe
FirewallRules: [UDP Query User{E0FE4015-36F1-4477-99BC-A0101565A115}D:\programme\steam\steamapps\common\day of defeat source\hl2.exe] => (Block) D:\programme\steam\steamapps\common\day of defeat source\hl2.exe
FirewallRules: [{D719AD8F-1E3D-4996-B556-DD99D2632728}] => (Allow) D:\Programme\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{10A3F75A-C3D4-481D-B399-C5C5D0BF11A4}] => (Allow) D:\Programme\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [TCP Query User{A6455AC7-5470-45E9-9C6F-162C3CAF693B}D:\programme\rockstar games\grand theft auto iv\gtaiv.exe] => (Allow) D:\programme\rockstar games\grand theft auto iv\gtaiv.exe
FirewallRules: [UDP Query User{FAAFCCDD-28A9-4958-89B3-3AAFD5E4E3B5}D:\programme\rockstar games\grand theft auto iv\gtaiv.exe] => (Allow) D:\programme\rockstar games\grand theft auto iv\gtaiv.exe
FirewallRules: [TCP Query User{DC823C36-C508-4DE2-ADED-C51C17381DC1}F:\xampp\apache\bin\httpd.exe] => (Allow) F:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{5FDDA66C-C8DD-4219-B9AA-880BE72E3246}F:\xampp\apache\bin\httpd.exe] => (Allow) F:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{3E38C86A-9D11-482C-90A7-770528CEA066}F:\xampp\mysql\bin\mysqld.exe] => (Allow) F:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{6D612BC3-60C9-41BF-BBBD-EF18C744C4E8}F:\xampp\mysql\bin\mysqld.exe] => (Allow) F:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{EE9E8031-784C-41A9-BFA6-0C434C26BDDF}D:\programme\tmnationsforever\tmforever.exe] => (Allow) D:\programme\tmnationsforever\tmforever.exe
FirewallRules: [UDP Query User{107FDC06-BEAB-4DA3-8C77-5FE6EB8CC641}D:\programme\tmnationsforever\tmforever.exe] => (Allow) D:\programme\tmnationsforever\tmforever.exe
FirewallRules: [{E4607DEC-2A59-4896-B5E5-EBF5B630FB78}] => (Allow) D:\Programme\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2911FC0C-C5DC-4DC7-9013-1FADD34AA8C8}] => (Allow) D:\Programme\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8B9DD51C-23B6-4347-BE4B-05F74F3D8E3B}] => (Allow) D:\Programme\Microsoft Office\Office15\outlook.exe
FirewallRules: [TCP Query User{802B41C7-ED0B-4BBE-98BD-5731D0D0F95B}G:\xampp\apache\bin\httpd.exe] => (Allow) G:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{F9E9B5EA-FB3D-4481-83C6-6F604E1B83BD}G:\xampp\apache\bin\httpd.exe] => (Allow) G:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{254DB4CB-E0BB-4E3F-A323-D664C426B960}G:\xampp\mysql\bin\mysqld.exe] => (Allow) G:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{38D8A519-7055-4D6E-9026-6546559ECD4C}G:\xampp\mysql\bin\mysqld.exe] => (Allow) G:\xampp\mysql\bin\mysqld.exe
FirewallRules: [{9D2C9130-79B4-4E08-B0C4-D09227011A05}] => (Allow) C:\Windows\SysWOW64\lxbkcoms.exe
FirewallRules: [{5105F25E-4E8A-4C24-91F0-DD9425005441}] => (Allow) C:\Windows\SysWOW64\lxbkcoms.exe
FirewallRules: [{EC563B20-203B-4B4A-B5F4-6ADB66AB4C40}] => (Allow) C:\Windows\System32\lxbkcoms.exe
FirewallRules: [{7D23FE7F-32FA-4361-A6A5-5EB4C0DA8250}] => (Allow) C:\Windows\System32\lxbkcoms.exe
FirewallRules: [{ACD05752-E5C3-4C98-ACF8-D3B796740AC7}] => (Allow) D:\Programme\iTunes\iTunes.exe
FirewallRules: [{F2AD6067-EEB0-46DC-BBF8-7DF362699745}] => (Allow) C:\Users\Daniel\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{1BA14B21-9B97-4B70-BF62-5ACCA8ED664F}] => (Allow) C:\Users\Daniel\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{031C8371-70D9-4AF8-98F5-728022A9C2B8}] => (Allow) D:\Programme\Steam\SteamApps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{42F3FCD5-3480-420F-92A6-CB2166D15FD9}] => (Allow) D:\Programme\Steam\SteamApps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{AF729252-A2ED-4398-87B6-6CE1D43D5781}] => (Allow) D:\Programme\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C86BB734-F42F-475F-A36B-90AFD8DB52A5}] => (Allow) D:\Programme\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E66612D7-25F5-4126-B86C-EF906264B08D}] => (Allow) D:\Programme\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{8295E8F5-0CC9-40C0-B990-BD9166873292}] => (Allow) D:\Programme\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{8F97D5A2-E46B-4D90-8B07-E826FB6298F5}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 13\Game\fifa13.exe
FirewallRules: [{9E2C4AEA-AACE-47A6-B2FD-7C914963C430}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 13\Game\fifa13.exe
FirewallRules: [{B83D42A5-00BE-4BE7-9702-63F6FD46D5B4}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{8CF293F8-6562-4F7A-8FA2-8479158925FE}] => (Allow) LPort=2869
FirewallRules: [{2FC93AAC-AF4A-48AA-8A1F-86696C80BA96}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{A8285B8A-B4D8-4DD9-B920-E4F43CAF9ACE}D:\program files (x86)\nadeo\trackmania 2 - canyon\maniaplanet.exe] => (Block) D:\program files (x86)\nadeo\trackmania 2 - canyon\maniaplanet.exe
FirewallRules: [UDP Query User{BEC986C1-00F0-4B49-8A08-D31CABEAB6F9}D:\program files (x86)\nadeo\trackmania 2 - canyon\maniaplanet.exe] => (Block) D:\program files (x86)\nadeo\trackmania 2 - canyon\maniaplanet.exe
FirewallRules: [TCP Query User{2810FE31-F60F-4F3D-91E3-839DD3230F1A}D:\program files (x86)\nadeo\trackmania 2 - canyon\maniaplanet.exe] => (Block) D:\program files (x86)\nadeo\trackmania 2 - canyon\maniaplanet.exe
FirewallRules: [UDP Query User{68950810-F5C3-4212-9915-244E54E5DFDE}D:\program files (x86)\nadeo\trackmania 2 - canyon\maniaplanet.exe] => (Block) D:\program files (x86)\nadeo\trackmania 2 - canyon\maniaplanet.exe
FirewallRules: [{A9C2A7E2-75FE-4C61-8B15-6FCD44513AE3}] => (Allow) D:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
FirewallRules: [{3B848BF1-A2CB-49D8-BEDD-6E15C4BDB929}] => (Allow) D:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
FirewallRules: [{22EC3136-CADE-4416-9D77-F40268D55AD2}] => (Allow) D:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
FirewallRules: [{C229CA86-D1D2-4089-A45B-2E31E803BAF1}] => (Allow) C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
FirewallRules: [{4F08CF52-B016-4A68-944C-1304C9C0BE35}] => (Allow) C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
FirewallRules: [{CD4A55A3-AC69-4910-B11D-11764353D2A1}] => (Allow) D:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
FirewallRules: [{E9F3CA92-CAD3-46F6-BDA4-C9D733553497}] => (Allow) D:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
FirewallRules: [{8A3BB187-468E-4D84-9792-02A814D0A23C}] => (Allow) D:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
FirewallRules: [{DF58609B-7294-4D7B-8E9A-A4EABA727F0B}] => (Allow) D:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
FirewallRules: [TCP Query User{FF9C14CB-63EB-43A2-9750-DEE866B4FE04}G:\microsoft toolkit.exe] => (Allow) G:\microsoft toolkit.exe
FirewallRules: [UDP Query User{0110405C-0201-4528-AC61-D578D8F92ACB}G:\microsoft toolkit.exe] => (Allow) G:\microsoft toolkit.exe
FirewallRules: [{42326DE0-E0D9-4B63-A78F-1A2C87E18555}] => (Allow) D:\Programme\Microsoft Office\Office15\lync.exe
FirewallRules: [{EF528D6C-42E6-4A8C-8623-CAD0CC637A99}] => (Allow) D:\Programme\Microsoft Office\Office15\lync.exe
FirewallRules: [{7F230829-4F19-4415-BD4F-887FF5B3DCA5}] => (Allow) D:\Programme\Steam\bin\steamwebhelper.exe
FirewallRules: [{A8847C5B-98CE-4601-B56A-E03DB11C66E3}] => (Allow) D:\Programme\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{8137B10F-DAE6-4B17-9D30-7D544ACAF825}D:\program files (x86)\skype\phone\skype.exe] => (Allow) D:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{C6B622B5-2323-422F-8865-AA5D962DCF8D}D:\program files (x86)\skype\phone\skype.exe] => (Allow) D:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{4F321CDD-12AE-4228-95FB-A48DD8BD4F84}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{4841B3A1-AE58-4F4A-BE07-44B878006C88}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{26866624-4E49-4B98-BA99-1C8966CD9301}D:\program files (x86)\bfvcc server manager\bfvcc.exe] => (Block) D:\program files (x86)\bfvcc server manager\bfvcc.exe
FirewallRules: [UDP Query User{6B46B3C7-0FDD-4DFA-88BF-F256B75D2C37}D:\program files (x86)\bfvcc server manager\bfvcc.exe] => (Block) D:\program files (x86)\bfvcc server manager\bfvcc.exe
FirewallRules: [TCP Query User{F017A171-A948-4C0A-99DE-D4840AC7D00B}D:\program files (x86)\ea games\battlefield vietnam\bfvietnam.exe] => (Allow) D:\program files (x86)\ea games\battlefield vietnam\bfvietnam.exe
FirewallRules: [UDP Query User{9F1AFC27-5FBB-4D18-B598-1AACEE5EAC77}D:\program files (x86)\ea games\battlefield vietnam\bfvietnam.exe] => (Allow) D:\program files (x86)\ea games\battlefield vietnam\bfvietnam.exe
FirewallRules: [TCP Query User{7A157B85-2C30-44F2-B25D-E75C4722A092}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Block) D:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{27F35123-6339-4D0A-A59F-99FFDC3C25B1}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Block) D:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{6197E6C3-8978-4A8A-BC9B-19B54BC600FD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{9CF963D2-290A-4EDF-A907-564569673FC1}F:\microsoft toolkit.exe] => (Allow) F:\microsoft toolkit.exe
FirewallRules: [UDP Query User{E3D54590-39B2-41D5-991F-FC456E1351A6}F:\microsoft toolkit.exe] => (Allow) F:\microsoft toolkit.exe
FirewallRules: [{77AAC876-CD66-4F06-95BE-C500C4D376C3}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{31E2B4B2-361E-4A0E-A87D-2573508821C7}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{B98AC8CA-2D7B-4CA7-968A-523483A5CB4D}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{5166CE3F-24AE-4E6C-9B44-515727A6D82A}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/16/2015 07:03:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/16/2015 05:56:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/16/2015 03:42:39 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/16/2015 03:28:32 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/20/2015 05:39:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 999

Error: (07/20/2015 05:39:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 999

Error: (07/20/2015 05:39:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/20/2015 02:48:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3354

Error: (07/20/2015 02:48:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3354

Error: (07/20/2015 02:48:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (08/16/2015 11:37:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/16/2015 11:34:55 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/16/2015 11:34:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/16/2015 11:31:22 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/16/2015 11:20:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/16/2015 07:52:47 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/16/2015 06:00:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (08/16/2015 06:00:55 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Daniel\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/16/2015 06:00:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (08/16/2015 06:00:54 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Daniel\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


Microsoft Office:
=========================
Error: (08/16/2015 07:03:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestD:\Bibliotheken\Downloads\esetsmartinstaller_deu (1).exe

Error: (08/16/2015 05:56:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestD:\Bibliotheken\Downloads\esetsmartinstaller_deu (1).exe

Error: (08/16/2015 03:42:39 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestD:\Bibliotheken\Downloads\esetsmartinstaller_deu.exe

Error: (08/16/2015 03:28:32 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestD:\Bibliotheken\Downloads\esetsmartinstaller_deu.exe

Error: (07/20/2015 05:39:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 999

Error: (07/20/2015 05:39:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 999

Error: (07/20/2015 05:39:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/20/2015 02:48:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3354

Error: (07/20/2015 02:48:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3354

Error: (07/20/2015 02:48:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 19%
Total physical RAM: 16275.72 MB
Available physical RAM: 13175.14 MB
Total Virtual: 32549.65 MB
Available Virtual: 29264.93 MB

==================== Drives ================================

Drive c: (SSD) (Fixed) (Total:109.47 GB) (Free:6.74 GB) NTFS
Drive d: (HDD) (Fixed) (Total:698.54 GB) (Free:572.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 5A8B7A23)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 5A8B7A3B)
Partition 1: (Not Active) - (Size=109.5 GB) - (Type=07 NTFS)

==================== End of log ============================
         
Defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:36 on 16/08/2015 (Daniel)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...


-=E.O.F=-
         
Gmer:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-08-16 12:10:39
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\00000075 ATA_____ rev.500_ 119,24GB
Running: Gmer-19357.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\kwriikoc.sys


---- Registry - GMER 2.1 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4b6764f3796                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4b6764f3796@64b3109a56f1         0x23 0xBF 0x85 0xA2 ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4b6764f3796 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4b6764f3796@64b3109a56f1             0x23 0xBF 0x85 0xA2 ...

---- EOF - GMER 2.1 ----
         
Eset Online Scanner:
Code:
ATTFilter
C:\Program Files (x86)\Google\Chrome\Application\chrome.dll	Variante von Win32/ExtenBro.BK Trojaner
C:\Users\Daniel\AppData\Local\Temp\DMR\dmr_72.exe	Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung
D:\Bibliotheken\Downloads\Revo Uninstaller Portable - CHIP-Installer.exe	Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung
         
Ich habe noch weitere Logfiles von AdwCleaner, Microsoft Security Essentials sowie Malwarebytes Anti-Malware kann sie aber aufgrund Platzmangels nicht mehr anführen, wobei letzterer heute im Gegensatz zu vor 2 Monaten nichts gefunden hat, habe aber beide Logfiles falls sie benötigt werden.

Alt 16.08.2015, 12:56   #2
schrauber
/// the machine
/// TB-Ausbilder
 

"Ads by Discount Man" durch Trojan:Win32/Colisi.B? - Standard

"Ads by Discount Man" durch Trojan:Win32/Colisi.B?



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________

__________________

Alt 17.08.2015, 07:22   #3
Bouncer999
 
"Ads by Discount Man" durch Trojan:Win32/Colisi.B? - Standard

"Ads by Discount Man" durch Trojan:Win32/Colisi.B?



Hallo schrauber,

habe 2 Mal gescannt, beides Mal wurde er nicht fündig. Hier trotzdem die Logs

1. Scan:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.08.17.02
  rootkit: v2015.08.16.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17843
Daniel :: DANIEL-LAPTOP [administrator]

17.08.2015 07:35:07
mbar-log-2015-08-17 (07-35-07).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 445431
Time elapsed: 10 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
2. Scan:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.08.17.02
  rootkit: v2015.08.16.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17843
Daniel :: DANIEL-LAPTOP [administrator]

17.08.2015 07:48:30
mbar-log-2015-08-17 (07-48-30).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 445335
Time elapsed: 7 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
__________________

Alt 17.08.2015, 14:58   #4
schrauber
/// the machine
/// TB-Ausbilder
 

"Ads by Discount Man" durch Trojan:Win32/Colisi.B? - Standard

"Ads by Discount Man" durch Trojan:Win32/Colisi.B?



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Task: {1687E894-4D95-4813-BDE6-1096B90ED626} - System32\Tasks\SubprogSplitter => c:\programdata\{b696ba41-44ec-d83c-b696-6ba4144ee905}\4680700327730883464b.exe <==== ATTENTION
c:\programdata\{b696ba41-44ec-d83c-b696-6ba4144ee905}
Task: C:\Windows\Tasks\SubprogSplitter.job => c:\programdata\{b696ba41-44ec-d83c-b696-6ba4144ee905}\4680700327730883464b.exe <==== ATTENTION
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.08.2015, 19:16   #5
Bouncer999
 
"Ads by Discount Man" durch Trojan:Win32/Colisi.B? - Standard

"Ads by Discount Man" durch Trojan:Win32/Colisi.B?



Hier die Fixlog.txt:
Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version:16-08-2015
Ran by Daniel (2015-08-17 20:07:26) Run:1
Running from C:\Users\Daniel\Desktop\FRST
Loaded Profiles: Daniel (Available Profiles: Daniel)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Task: {1687E894-4D95-4813-BDE6-1096B90ED626} - System32\Tasks\SubprogSplitter => c:\programdata\{b696ba41-44ec-d83c-b696-6ba4144ee905}\4680700327730883464b.exe <==== ATTENTION
c:\programdata\{b696ba41-44ec-d83c-b696-6ba4144ee905}
Task: C:\Windows\Tasks\SubprogSplitter.job => c:\programdata\{b696ba41-44ec-d83c-b696-6ba4144ee905}\4680700327730883464b.exe <==== ATTENTION
Emptytemp:
         

*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1687E894-4D95-4813-BDE6-1096B90ED626}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1687E894-4D95-4813-BDE6-1096B90ED626}" => key removed successfully
C:\Windows\System32\Tasks\SubprogSplitter => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SubprogSplitter" => key removed successfully
"c:\programdata\{b696ba41-44ec-d83c-b696-6ba4144ee905}" => File/Folder not found.
C:\Windows\Tasks\SubprogSplitter.job => moved successfully.
EmptyTemp: => 6.2 GB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 20:08:25 ====
         


Alt 18.08.2015, 11:08   #6
schrauber
/// the machine
/// TB-Ausbilder
 

"Ads by Discount Man" durch Trojan:Win32/Colisi.B? - Standard

"Ads by Discount Man" durch Trojan:Win32/Colisi.B?



Chrome gemacht?
__________________
--> "Ads by Discount Man" durch Trojan:Win32/Colisi.B?

Alt 18.08.2015, 16:41   #7
Bouncer999
 
"Ads by Discount Man" durch Trojan:Win32/Colisi.B? - Standard

"Ads by Discount Man" durch Trojan:Win32/Colisi.B?



Ja, ich habe aber die 64-bit Version heruntergeladen und damit den Browser zurückgesetzt. Sollte ich dies mit der zuvor genutzten 32-bit Version machen oder ist das egal?

Alt 19.08.2015, 07:49   #8
schrauber
/// the machine
/// TB-Ausbilder
 

"Ads by Discount Man" durch Trojan:Win32/Colisi.B? - Standard

"Ads by Discount Man" durch Trojan:Win32/Colisi.B?



Das ist egal. Noch probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.08.2015, 09:17   #9
Bouncer999
 
"Ads by Discount Man" durch Trojan:Win32/Colisi.B? - Standard

"Ads by Discount Man" durch Trojan:Win32/Colisi.B?



Nein momentan fällt mir nichts auf, scheint gut zu laufen. Kann ich nun den Laptop wieder nutzen ohne große Sorgen tragen zu müssen? :-D

EDIT: Wenn ich mich auslogge und dann unregistriert im Forum surfe, wird diese Reimage-Repair Werbung eingeblendet. Zufall oder was Ernstes?


Geändert von Bouncer999 (21.08.2015 um 09:53 Uhr)

Alt 22.08.2015, 09:44   #10
schrauber
/// the machine
/// TB-Ausbilder
 

"Ads by Discount Man" durch Trojan:Win32/Colisi.B? - Standard

"Ads by Discount Man" durch Trojan:Win32/Colisi.B?



Normal für nicht angemeldete Nutzer. Hast Du einen Adblocker im Einsatz?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.08.2015, 16:56   #11
Bouncer999
 
"Ads by Discount Man" durch Trojan:Win32/Colisi.B? - Standard

"Ads by Discount Man" durch Trojan:Win32/Colisi.B?



Das Problem ist, dass immer dieselben 2-3 Werbungen eingeblendet werden und da die Reimage-Repair Werbung bekanntlich nicht seriös ist mach ich mir da schon Sorgen ob sich da nicht noch irgendwo was versteckt. Adblocker benutze ich keinen.

Alt 23.08.2015, 07:31   #12
schrauber
/// the machine
/// TB-Ausbilder
 

"Ads by Discount Man" durch Trojan:Win32/Colisi.B? - Standard

"Ads by Discount Man" durch Trojan:Win32/Colisi.B?



Dann installier mal ein Adblock Addon wie Adblock Edge und teste nochmal
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.08.2015, 08:29   #13
Bouncer999
 
"Ads by Discount Man" durch Trojan:Win32/Colisi.B? - Standard

"Ads by Discount Man" durch Trojan:Win32/Colisi.B?



Mit Adblock erscheint keine Werbung mehr. Kann ich nun davon ausgehen, dass dies ganz reguläre Werbung war? Oder ist es möglich, dass diese auch durch ein Schadprogramm manipuliert wird? Ansonsten wär meine letzte Frage ob ich mich nun wieder sicher fühlen kann

Alt 23.08.2015, 19:23   #14
schrauber
/// the machine
/// TB-Ausbilder
 

"Ads by Discount Man" durch Trojan:Win32/Colisi.B? - Standard

"Ads by Discount Man" durch Trojan:Win32/Colisi.B?



Nee, diese Werbung ist normal, deswegen gibt es ja Adblocker


Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren .
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu "Ads by Discount Man" durch Trojan:Win32/Colisi.B?
bonjour, browser, cpu, defender, desktop, device driver, dnsapi.dll, entfernen, error, fehler, flash player, google, internet, mozilla, popup, realtek, registry, rundll, security, services.exe, software, svchost.exe, system, trojan, udp, usb, windows



Ähnliche Themen: "Ads by Discount Man" durch Trojan:Win32/Colisi.B?


  1. Eset findet "Win32/Bundled.Toolbar.Google.D" und "Win32/OpenCandy.C"
    Plagegeister aller Art und deren Bekämpfung - 22.09.2015 (10)
  2. "Ads by Discount Dragon" entfernen
    Anleitungen, FAQs & Links - 16.12.2013 (2)
  3. Windows7PC - Win32Adware-gen und Win32:Dropper-gen erst nach vollst. Scan durch AVAST gefunden - Kreditkarte "gehackt"
    Log-Analyse und Auswertung - 28.10.2013 (9)
  4. ZoneAlarm meldet Fund: "Trojan-Spy.Win32.Zbot.nesk"
    Log-Analyse und Auswertung - 18.07.2013 (11)
  5. "Licensevalidator.exe" u.A.: ESET meldet "Win32/Kryptik.ADPW trojan" sowie "Win32/Gataka.A trojan"
    Log-Analyse und Auswertung - 12.04.2012 (21)
  6. "Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (11)
  7. Generelle Frage zu bestimmten Trojaner "Trojan.Win32.Agent"
    Log-Analyse und Auswertung - 06.12.2011 (9)
  8. viren "Trojan:Win32/Bumat!rts" und "Exploit Java/CVE-2010-0840.ew" auf Laptop
    Plagegeister aller Art und deren Bekämpfung - 05.10.2011 (8)
  9. Malwarereinigung: "TR/Kazy.25747.40", "Trojan.Downloader..." und "Backdoor: Win32Cycbot.B"
    Log-Analyse und Auswertung - 09.06.2011 (1)
  10. Trojaner(?) - "Backdoor:Win32/Cycbot.B" fund durch Windows Defender
    Plagegeister aller Art und deren Bekämpfung - 19.03.2011 (23)
  11. "trojan-dropper.win32.Agent.dglg" und "trojan.Win32.Autohit.wh"
    Log-Analyse und Auswertung - 03.02.2011 (10)
  12. "0.05870814618642739.exe" ("Win32:Trojan-gen") in "C:\Users\***\AppData\Local\Temp\"
    Plagegeister aller Art und deren Bekämpfung - 02.01.2011 (25)
  13. Virusbefall durch " Backdoor:Win32/Cycbot.B ",kann ihn nicht beseitigen
    Plagegeister aller Art und deren Bekämpfung - 11.12.2010 (1)
  14. AVG findet "Trojan horse Generic15.EAM", Antimalware "Trojan.Agent" + "Rootkit.Agent"
    Plagegeister aller Art und deren Bekämpfung - 03.11.2009 (13)
  15. "Trojan-Spy.Win32.Zbot.ikh" hat Rechner lahm gelegt! Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 23.07.2009 (1)
  16. Firefox öffnet neue Fenster. "trojan.win32.generic"
    Log-Analyse und Auswertung - 17.12.2008 (1)
  17. HILFE: "Win32:HLLW.Gavir:5" und "Trojan.Proxy.Ranky
    Log-Analyse und Auswertung - 12.01.2007 (4)

Zum Thema "Ads by Discount Man" durch Trojan:Win32/Colisi.B? - Hallo liebes Trojaner-Board Team, vor rund 2 Monaten hat mein Chrome Browser angefangen Werbungen mit dem Hinweis "Ads by DiscountMan" einzublenden, der Name hat dann auch manchmal variiert. Es wurden - "Ads by Discount Man" durch Trojan:Win32/Colisi.B?...
Archiv
Du betrachtest: "Ads by Discount Man" durch Trojan:Win32/Colisi.B? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.