Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Computer ist langsam, Installation von Antiviren/Spam-Software nicht möglich, Werbung auf Webseiten (https://www.trojaner-board.de/162088-windows-7-computer-langsam-installation-antiviren-spam-software-moeglich-werbung-webseiten.html)

niko laus 22.12.2014 20:46
Windows 7: Computer ist langsam, Installation von Antiviren/Spam-Software nicht möglich, Werbung auf Webseiten
 
Guten Abend,

Auf meinem PC hat sich heute Malware installiert. Es haben sich unter anderem die Programme 'YTDownloader' und 'Shopper Pro' installiert. Diese Programme lassen sich nicht entfernen.
Seit die Malware auf dem Computer ist, ist diese langsam - vor allem das Hochfahren dauert sehr lange, auf den Internetseiten sind vermehrt Werbebanner, es lassen sich keine Programme installieren.
Ich habe versucht Malwarebytes bzw ADW Cleaner herunterzuladen. Beim Versuch die Programme zu installieren kommen folgende Fehlermeldungen:
- the setup files are corrupted
- ....exe ist keine zulässige win32 anwendung

Ich habe einen Scan mit Spybot Search and Destroy durchgeführt. Leider bevor ich auf eurer Seite war, denn ich habe kein Logfile davon gespeichert. Spybot hat Malware gefunden und auch gelöscht. Dennoch bestehen die Probleme nach wie vor.

Der Avast - Viren Scanner hat Bedrohungen mit dem Namen: Win32 Malware Gen gefunden.




FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-12-2014 01
Ran by niki (administrator) on NIKI-PC on 22-12-2014 19:31:05
Running from E:\
Loaded Profile: niki (Available profiles: niki)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
() C:\Users\niki\AppData\Local\privacyrubyBckp\privacyrubyBckp.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(YTDownloader) C:\Program Files (x86)\YTDownloader\YTDownloader.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\niki\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Windows\SysWOW64\addonwordRecovery\addonwordRecovery.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\ShopperPro\JSDriver\1.38.0.1449\jsdrv.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-05] (IDT, Inc.)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4805936 2012-08-23] (Intel(R) Corporation)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [371024 2013-03-05] (Wave Systems Corp.)
HKLM\...\Run: [DFEPApplication] => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-15] (Dell Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [132920 2013-05-31] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [371896 2012-05-23] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-12-22] (AVAST Software)
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.38.0.1449\jsdrv.exe [3224576 2014-12-21] ()
HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988456 2014-12-22] (YTDownloader)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\...\Run: [Drucker] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE [223232 2008-11-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\...\Run: [niko laus] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE [223232 2008-11-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\...\Run: [EPSON SX510W Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE [223232 2008-11-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [468192 2014-10-15] (Sony)
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\...\Run: [EPSON SX510W Series (Kopie 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE [223232 2008-11-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\...\Run: [JULIA] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE [223232 2008-11-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\niki\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.38.0.1449\jsdrv.exe [3224576 2014-12-21] ()
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988456 2014-12-22] (YTDownloader)
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\...\RunOnce: [Adobe Speed Launcher] => 1419272656
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\...\MountPoints2: {557b6f1b-4752-11e4-88cd-f01faf413b22} - E:\Startme.exe
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257208 2012-05-23] (Citrix Systems, Inc.)
Lsa: [Authentication Packages] msv1_0 wvauth
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\niki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\niki\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\niki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:56075;https=127.0.0.1:56075
ProxyEnable: [S-1-5-21-3543611772-1706178384-50430059-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3543611772-1706178384-50430059-1000] => http=127.0.0.1:22133
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX&q={searchTerms}
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-AT&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fwww.google.com&OSP=
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3543611772-1706178384-50430059-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-3543611772-1706178384-50430059-1000 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPEB9455D2-AB5B-47BB-BF9B-73864E11D0B5&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3543611772-1706178384-50430059-1000 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-3543611772-1706178384-50430059-1000 -> {54C23A79-90E0-473C-B392-F0789B7170A7} URL =
BHO: Sense -> {11111111-1111-1111-1111-110611901159} -> C:\Program Files (x86)\Sense\Sense-bho64.dll (Object Browser)
BHO: Ge-Force -> {11111111-1111-1111-1111-110611911129} -> C:\Program Files (x86)\Ge-Force\Ge-Force-bho64.dll (iWebar)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll (Goobzo Ltd.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Sense -> {11111111-1111-1111-1111-110611901159} -> C:\Program Files (x86)\Sense\Sense-bho.dll (Object Browser)
BHO-x32: Ge-Force -> {11111111-1111-1111-1111-110611911129} -> C:\Program Files (x86)\Ge-Force\Ge-Force-bho.dll (iWebar)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll (Goobzo Ltd.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\niki\AppData\Roaming\Mozilla\Firefox\Profiles\oy1et1va.default-1412713448957
FF SelectedSearchEngine: mystartsearch
FF Homepage: www.orf.at
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*'))%20%7B%20return%20'PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\niki\AppData\Roaming\Mozilla\Firefox\Profiles\oy1et1va.default-1412713448957\searchplugins\ask-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml
FF Extension: Shopper-Pro - C:\Users\niki\AppData\Roaming\Mozilla\Firefox\Profiles\oy1et1va.default-1412713448957\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2014-12-22]
FF Extension: Adblock Plus - C:\Users\niki\AppData\Roaming\Mozilla\Firefox\Profiles\oy1et1va.default-1412713448957\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-22]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: No Name - wrc@avast.com [Not Found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-01]
CHR Extension: (Google Drive) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-15]
CHR Extension: (YouTube) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-01]
CHR Extension: (Adblock Plus) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-08]
CHR Extension: (Google-Suche) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-01]
CHR Extension: (Hola Better Internet Engine) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbfmioobedknooiakdehepogalbgkng [2014-10-08]
CHR Extension: (ZenMate) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-10-08]
CHR Extension: (Hola Besseres Internet) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-10-08]
CHR Extension: (Avast Online Security) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-22]
CHR Extension: (Google Wallet) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]
CHR Extension: (Google Mail) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-01]
CHR Extension: (BuyNsaave) - C:\ProgramData\lkffhhbainjiheccppdedpnljkkfcaii\ [2013-10-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 addonwordRecovery; C:\Windows\SysWOW64\addonwordRecovery\addonwordRecovery.exe [69120 2014-11-04] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-22] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-22] (Avast Software)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [163840 2011-12-01] (Broadcom Corporation) [File not signed]
R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-15] (Dell Inc.)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [231792 2013-03-11] ()
R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [163840 2007-12-17] (SEIKO EPSON CORPORATION) [File not signed]
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [126464 2007-01-11] (SEIKO EPSON CORPORATION) [File not signed]
R2 fc67e7a0; c:\Program Files (x86)\DeltaFix\DeltaFix.dll [4077568 2014-12-19] () [File not signed] <==== ATTENTION
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-22] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-22] (globalUpdate) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-05-23] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-31] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [21504 2013-01-21] (Dell, Inc.) [File not signed]
R2 privacyrubyBckp.exe; C:\Users\niki\AppData\Local\privacyrubyBckp\privacyrubyBckp.exe [165376 2014-11-04] () [File not signed]
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-05-23] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] () [File not signed]
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1773056 2013-02-26] (Wave Systems Corp.) [File not signed]
S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254824 2013-03-08] (Wave Systems Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)
S2 servervo; C:\Users\niki\AppData\Roaming\VOPackage\VOsrv.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-22] ()
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2013-09-17] (Broadcom Corporation.)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-09-28] (Sony Mobile Communications)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-05-23] ()
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58728 2014-12-22] (YTDownloader)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-05-23] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 SPDRIVER_1.38.0.1449; C:\Program Files (x86)\ShopperPro\JSDriver\1.38.0.1449\jsdrv.sys [52584 2014-12-21] ()
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-10] (Windows (R) Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [270728 2014-12-22] (Avast Software)
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-10] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-22 19:28 - 2014-12-22 19:28 - 00000197 _____ () C:\Windows\system32\2014-12-22-18-28-22.005-AvastVBoxSVC.exe-5540.log
2014-12-22 19:26 - 2014-12-22 19:31 - 00000000 ____D () C:\FRST
2014-12-22 19:16 - 2014-12-22 19:16 - 00000197 _____ () C:\Windows\system32\2014-12-22-18-16-36.048-AvastVBoxSVC.exe-6504.log
2014-12-22 18:32 - 2014-12-22 18:33 - 159918552 _____ () C:\Users\niki\Downloads\EmsisoftEmergencyKit.exe
2014-12-22 18:28 - 2014-12-22 18:28 - 19843752 _____ (Malwarebytes Corporation ) C:\Users\niki\Downloads\mbam-setup-2.0.4.1028(1).exe
2014-12-22 18:03 - 2014-12-22 18:04 - 19889997 _____ (Malwarebytes Corporation ) C:\Users\niki\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-22 16:18 - 2014-12-22 16:19 - 00000247 _____ () C:\Windows\system32\2014-12-22-15-18-59.012-aswFe.exe-7420.log
2014-12-22 16:07 - 2014-12-22 16:18 - 00000247 _____ () C:\Windows\system32\2014-12-22-15-07-28.049-aswFe.exe-6208.log
2014-12-22 16:07 - 2014-12-22 16:07 - 00000197 _____ () C:\Windows\system32\2014-12-22-15-07-22.084-AvastVBoxSVC.exe-4212.log
2014-12-22 15:46 - 2014-12-22 15:46 - 00000247 _____ () C:\Windows\system32\2014-12-22-14-46-02.063-aswFe.exe-1256.log
2014-12-22 15:45 - 2014-12-22 15:45 - 00000197 _____ () C:\Windows\system32\2014-12-22-14-45-47.088-AvastVBoxSVC.exe-2912.log
2014-12-22 15:29 - 2014-12-22 19:29 - 00006178 _____ () C:\Windows\Tasks\cb5767e0-25a7-441c-9384-f5e5d9c0a9f3-6.job
2014-12-22 15:29 - 2014-12-22 19:29 - 00005828 _____ () C:\Windows\Tasks\bc348f0e-6339-41bb-b1fa-50b586255ea4-6.job
2014-12-22 15:29 - 2014-12-22 19:24 - 00002412 _____ () C:\Windows\Tasks\bc348f0e-6339-41bb-b1fa-50b586255ea4-2.job
2014-12-22 15:29 - 2014-12-22 19:24 - 00000950 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-12-22 15:29 - 2014-12-22 19:23 - 00002418 _____ () C:\Windows\Tasks\cb5767e0-25a7-441c-9384-f5e5d9c0a9f3-2.job
2014-12-22 15:29 - 2014-12-22 18:27 - 00000000 ____D () C:\Program Files (x86)\Sense
2014-12-22 15:29 - 2014-12-22 18:03 - 00000000 ____D () C:\Program Files (x86)\Ge-Force
2014-12-22 15:29 - 2014-12-22 15:35 - 00000954 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-12-22 15:29 - 2014-12-22 15:29 - 00009206 _____ () C:\Windows\System32\Tasks\cb5767e0-25a7-441c-9384-f5e5d9c0a9f3-6
2014-12-22 15:29 - 2014-12-22 15:29 - 00008856 _____ () C:\Windows\System32\Tasks\bc348f0e-6339-41bb-b1fa-50b586255ea4-6
2014-12-22 15:29 - 2014-12-22 15:29 - 00005448 _____ () C:\Windows\System32\Tasks\cb5767e0-25a7-441c-9384-f5e5d9c0a9f3-2
2014-12-22 15:29 - 2014-12-22 15:29 - 00005442 _____ () C:\Windows\System32\Tasks\bc348f0e-6339-41bb-b1fa-50b586255ea4-2
2014-12-22 15:29 - 2014-12-22 15:29 - 00003952 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-12-22 15:29 - 2014-12-22 15:29 - 00003718 _____ () C:\Windows\System32\Tasks\SMupdate1
2014-12-22 15:29 - 2014-12-22 15:29 - 00003698 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-12-22 15:29 - 2014-12-22 15:29 - 00003578 _____ () C:\Windows\System32\Tasks\YTDownloader
2014-12-22 15:29 - 2014-12-22 15:29 - 00000247 _____ () C:\Windows\system32\2014-12-22-14-29-04.016-aswFe.exe-8556.log
2014-12-22 15:29 - 2014-12-22 15:29 - 00000000 ____D () C:\Users\niki\AppData\Local\globalUpdate
2014-12-22 15:29 - 2014-12-22 15:29 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-12-22 15:29 - 2014-12-22 15:29 - 00000000 ____D () C:\Program Files (x86)\e91ebb45-cfb2-49e2-b57a-d08f383054c5
2014-12-22 15:29 - 2014-12-22 15:29 - 00000000 ____D () C:\Program Files (x86)\bcfe1426-2038-4631-81a6-6e318fe3ee7e
2014-12-22 15:28 - 2014-12-22 15:29 - 00003568 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2014-12-22 15:28 - 2014-12-22 15:28 - 00004502 _____ () C:\Windows\System32\Tasks\ShopperPro
2014-12-22 15:28 - 2014-12-22 15:28 - 00003564 _____ () C:\Windows\System32\Tasks\ShopperProJSUpd
2014-12-22 15:28 - 2014-12-22 15:28 - 00003490 _____ () C:\Windows\System32\Tasks\SPDriver
2014-12-22 15:28 - 2014-12-22 15:28 - 00001951 _____ () C:\Users\niki\Desktop\YTDownloader.lnk
2014-12-22 15:28 - 2014-12-22 15:28 - 00000197 _____ () C:\Windows\system32\2014-12-22-14-28-45.064-AvastVBoxSVC.exe-5512.log
2014-12-22 15:28 - 2014-12-22 15:28 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2014-12-22 15:28 - 2014-12-22 15:28 - 00000000 ____D () C:\Users\niki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2014-12-22 15:28 - 2014-12-22 15:28 - 00000000 ____D () C:\Users\niki\AppData\Local\CrashRpt
2014-12-22 15:28 - 2014-12-22 15:28 - 00000000 ____D () C:\ProgramData\ShopperPro
2014-12-22 15:28 - 2014-12-22 15:28 - 00000000 ____D () C:\Program Files (x86)\YTDownloader
2014-12-22 15:28 - 2014-12-22 15:28 - 00000000 ____D () C:\Program Files (x86)\ShopperPro
2014-12-22 15:27 - 2014-12-22 15:27 - 00000000 ____D () C:\Users\niki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-12-22 15:22 - 2014-12-22 15:39 - 00000000 ____D () C:\Users\niki\AppData\Local\privacyrubyBckp
2014-12-22 15:22 - 2014-12-22 15:22 - 00000000 ____D () C:\Windows\SysWOW64\addonwordRecovery
2014-12-22 15:13 - 2014-12-22 15:13 - 00000000 ____D () C:\Users\niki\AppData\Roaming\AVAST Software
2014-12-22 15:12 - 2014-12-22 19:29 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-22 15:12 - 2014-12-22 15:12 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-22 15:12 - 2014-12-22 15:12 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-22 15:12 - 2014-12-22 15:12 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00001966 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-22 15:12 - 2014-12-22 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-22 15:11 - 2014-12-22 15:11 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-22 13:53 - 2014-12-22 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-22 13:50 - 2014-12-22 13:50 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-12-22 13:48 - 2014-12-22 13:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-12-22 13:46 - 2014-12-22 13:48 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-12-22 13:46 - 2014-12-22 13:46 - 00000000 ____D () C:\Windows\PCHEALTH
2014-12-22 13:43 - 2014-12-22 13:43 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-12-22 13:43 - 2014-12-22 13:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-12-22 13:42 - 2014-12-22 13:46 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-12-22 13:42 - 2014-12-22 13:42 - 00000000 __RHD () C:\MSOCache
2014-12-22 13:24 - 2014-12-22 13:24 - 00000000 ____D () C:\Users\niki\AppData\Local\WinZip
2014-12-22 13:23 - 2014-12-22 13:23 - 00002197 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-12-22 13:23 - 2014-12-22 13:23 - 00002191 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-12-22 13:23 - 2014-12-22 13:23 - 00000000 ____D () C:\ProgramData\WinZip
2014-12-22 13:23 - 2014-12-22 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-12-22 13:23 - 2014-12-22 13:23 - 00000000 ____D () C:\Program Files\WinZip
2014-12-22 13:02 - 2014-12-22 13:02 - 00000247 _____ () C:\Windows\system32\2014-12-22-12-02-23.023-aswFe.exe-4360.log
2014-12-22 12:52 - 2014-12-22 13:01 - 00000247 _____ () C:\Windows\system32\2014-12-22-11-52-54.069-aswFe.exe-4060.log
2014-12-22 12:52 - 2014-12-22 12:52 - 00000197 _____ () C:\Windows\system32\2014-12-22-11-52-44.044-AvastVBoxSVC.exe-4420.log
2014-12-22 12:38 - 2014-12-22 12:38 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-12-22 12:38 - 2014-12-22 12:38 - 00000000 ____D () C:\Windows\system32\vbox
2014-12-22 12:36 - 2014-12-22 12:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-12-22 12:36 - 2014-12-22 12:36 - 00000000 ____D () C:\Program Files\7-Zip
2014-12-22 12:30 - 2014-12-22 15:11 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-22 11:45 - 2014-12-22 11:45 - 00000000 ____D () C:\Bak
2014-12-20 17:52 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141220-175253.backup
2014-12-20 17:41 - 2014-12-20 17:47 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-20 17:41 - 2014-12-20 17:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-20 17:41 - 2014-12-20 17:41 - 00001393 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-20 17:41 - 2014-12-20 17:41 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-12-20 17:41 - 2014-12-20 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-12-20 17:41 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-12-19 17:28 - 2014-12-20 17:42 - 00000000 ____D () C:\Users\niki\AppData\Roaming\SkypEmoticons
2014-12-19 17:27 - 2014-12-19 17:27 - 00000000 ____D () C:\Program Files (x86)\DeltaFix
2014-12-19 17:26 - 2014-12-19 17:27 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdBlooCkee
2014-12-19 17:26 - 2014-12-19 17:26 - 00000000 ____D () C:\ProgramData\2125225651885494038
2014-12-19 17:25 - 2014-12-19 17:25 - 00000000 ____D () C:\ProgramData\lkffhhbainjiheccppdedpnljkkfcaii
2014-12-19 17:25 - 2014-12-19 17:25 - 00000000 ____D () C:\Program Files (x86)\BuyNsaave
2014-12-18 13:41 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 13:41 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 08:14 - 2014-12-17 08:14 - 00000000 ____D () C:\Users\niki\Documents\Bluetooth-Exchange-Ordner
2014-12-16 21:45 - 2014-12-22 18:52 - 00000000 ____D () C:\Users\niki\Documents\Outlook-Dateien
2014-12-14 22:06 - 2014-12-14 22:13 - 00000000 ____D () C:\Users\niki\AppData\Roaming\uTorrent
2014-12-10 22:56 - 2014-12-10 22:56 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 22:49 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 22:49 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 22:05 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 22:05 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 22:05 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 22:05 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 22:05 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 22:05 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 22:05 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 22:05 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 22:05 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 22:05 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 22:05 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 22:05 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 22:05 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 22:05 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 22:05 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 22:05 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 22:05 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 22:05 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 22:05 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 22:05 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 22:05 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 22:05 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 22:05 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 22:05 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 22:05 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 22:05 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 22:05 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 22:05 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 22:05 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 22:05 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 22:05 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 22:05 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 22:05 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 22:05 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 22:05 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 22:05 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 22:05 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 22:05 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 22:05 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 22:05 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 22:05 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 22:05 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 22:05 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 22:05 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 22:05 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 22:05 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 22:05 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 22:05 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 22:05 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 22:05 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 22:05 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 22:05 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 22:05 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 22:05 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 22:05 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 22:05 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 22:05 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 22:05 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 22:05 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 22:05 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 22:05 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 22:05 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 22:05 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 22:05 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 22:05 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 22:04 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 22:04 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 22:04 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 22:04 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 22:04 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 22:04 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 22:04 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 22:04 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 22:04 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 22:04 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 22:04 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 22:04 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 22:04 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 22:04 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 19:56 - 2014-12-09 19:56 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-09 19:27 - 2014-12-22 13:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-04 11:24 - 2014-12-04 13:32 - 00001064 _____ () C:\Users\niki\Desktop\Adobe Bridge CC (64bit).lnk
2014-12-03 23:17 - 2014-12-03 23:17 - 00000000 ____D () C:\ProgramData\APN
2014-12-03 18:27 - 2014-12-16 21:39 - 00000000 ____D () C:\Users\niki\Documents\Adobe
2014-12-03 10:58 - 2014-12-03 10:58 - 00001032 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CC (64bit).lnk
2014-12-03 10:23 - 2014-12-03 10:23 - 00003498 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-niki-PC-niki
2014-12-03 10:23 - 2014-12-03 10:23 - 00000000 ____D () C:\Users\niki\AppData\Roaming\PDAppFlex
2014-12-01 23:33 - 2014-12-20 17:55 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-12-01 23:27 - 2014-12-20 17:57 - 00000000 ____D () C:\Program Files\Adobe
2014-12-01 23:22 - 2014-12-03 10:57 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-01 23:17 - 2014-12-01 23:17 - 00000000 ___RD () C:\Users\niki\Creative Cloud Files
2014-12-01 23:14 - 2014-12-01 23:23 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-01 23:14 - 2014-12-01 23:14 - 00001311 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-12-01 23:14 - 2014-12-01 23:14 - 00001299 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-11-27 19:43 - 2014-12-02 00:11 - 00000000 ____D () C:\Users\niki\AppData\Roaming\fotoCharlyBestellsoftware
2014-11-27 19:43 - 2014-11-27 19:45 - 00000000 ____D () C:\Program Files (x86)\fotoCharlyBestellsoftware
2014-11-27 19:43 - 2014-11-27 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fotoCharly Bestellsoftware
2014-11-25 17:21 - 2014-11-25 17:21 - 00000000 ____D () C:\Users\niki\AppData\Roaming\IsolatedStorage
2014-11-25 17:21 - 2014-11-25 17:21 - 00000000 ____D () C:\Users\niki\AppData\Local\FileViewPro
2014-11-25 17:21 - 2014-11-25 17:21 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-11-25 17:17 - 2014-11-25 17:20 - 00000000 ____D () C:\Users\niki\AppData\Roaming\Solvusoft
2014-11-25 17:17 - 2014-11-25 17:17 - 00000000 ____D () C:\Spacekace
2014-11-25 17:17 - 2012-10-15 17:02 - 00019888 _____ (solvusoft) C:\Windows\system32\roboot64.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-22 19:31 - 2010-11-21 07:50 - 00702890 _____ () C:\Windows\system32\perfh007.dat
2014-12-22 19:31 - 2010-11-21 07:50 - 00150498 _____ () C:\Windows\system32\perfc007.dat
2014-12-22 19:31 - 2009-07-14 06:13 - 01628108 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-22 19:29 - 2013-09-17 21:42 - 01548441 _____ () C:\Windows\WindowsUpdate.log
2014-12-22 19:26 - 2014-11-03 19:18 - 00005014 _____ () C:\Windows\System32\Tasks\WSCEAA
2014-12-22 19:23 - 2013-10-01 22:18 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-22 19:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-22 19:23 - 2009-07-14 05:51 - 00107346 _____ () C:\Windows\setupact.log
2014-12-22 17:56 - 2013-09-17 21:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-22 17:04 - 2009-07-14 05:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-22 17:04 - 2009-07-14 05:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-22 16:25 - 2013-09-30 13:54 - 00000000 ____D () C:\Users\niki
2014-12-22 15:59 - 2010-11-21 04:47 - 00652580 _____ () C:\Windows\PFRO.log
2014-12-22 15:29 - 2014-04-27 11:35 - 00000000 ____D () C:\Program Files (x86)\Adobe Download Assistant
2014-12-22 15:28 - 2013-10-31 17:06 - 00000000 ____D () C:\Users\niki\AppData\Local\CrashDumps
2014-12-22 15:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-22 15:21 - 2013-11-05 21:21 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-12-22 15:05 - 2014-01-28 23:19 - 00000000 ___RD () C:\Users\niki\Dropbox
2014-12-22 15:05 - 2014-01-28 23:17 - 00000000 ____D () C:\Users\niki\AppData\Roaming\Dropbox
2014-12-22 15:05 - 2009-07-14 05:45 - 00437584 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-22 13:57 - 2013-09-30 13:55 - 00111936 _____ () C:\Users\niki\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-22 13:55 - 2013-09-30 15:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-22 13:51 - 2010-11-21 08:00 - 00000000 ____D () C:\Windows\ShellNew
2014-12-22 13:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-22 13:44 - 2009-07-14 03:34 - 00000612 _____ () C:\Windows\win.ini
2014-12-22 13:32 - 2013-09-17 22:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-12-22 13:32 - 2013-09-17 22:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-12-22 12:52 - 2013-09-30 13:54 - 00000000 ____D () C:\Users\niki\AppData\Local\VirtualStore
2014-12-22 11:57 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-22 11:06 - 2013-10-23 21:49 - 00000000 ____D () C:\Users\niki\AppData\Local\Adobe
2014-12-20 17:57 - 2013-10-23 21:50 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-16 21:46 - 2013-12-03 13:10 - 00000000 ____D () C:\Users\niki\Documents\Privat
2014-12-16 21:39 - 2013-10-02 17:03 - 00000000 ____D () C:\Users\niki\Documents\Diverses
2014-12-16 21:37 - 2013-10-13 15:35 - 00000000 ____D () C:\Users\niki\Documents\Medizin
2014-12-16 10:52 - 2013-10-01 22:23 - 00000000 ____D () C:\Users\niki\AppData\Roaming\Skype
2014-12-16 10:51 - 2014-09-22 22:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-16 10:51 - 2013-10-01 22:22 - 00000000 ____D () C:\ProgramData\Skype
2014-12-15 21:03 - 2014-01-28 23:18 - 00000000 ____D () C:\Users\niki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-14 22:57 - 2013-10-13 19:33 - 00000000 ____D () C:\Users\niki\AppData\Roaming\vlc
2014-12-11 11:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-10 22:56 - 2014-05-06 17:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 22:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 22:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 22:54 - 2013-09-30 14:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 22:51 - 2013-09-30 14:31 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 21:55 - 2013-10-01 21:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-10 09:14 - 2013-10-23 21:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 19:56 - 2013-09-17 21:42 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 19:56 - 2013-09-17 21:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 19:56 - 2013-09-17 21:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-03 23:14 - 2014-11-03 13:12 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-03 23:14 - 2014-11-03 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-03 23:13 - 2014-11-03 13:12 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-03 23:13 - 2014-01-21 12:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-03 18:27 - 2013-09-30 13:55 - 00000000 ____D () C:\Users\niki\AppData\Roaming\Adobe
2014-12-02 13:01 - 2014-11-15 13:23 - 00002028 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-12-02 13:01 - 2014-09-28 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-12-02 13:01 - 2013-09-17 14:38 - 00289014 _____ () C:\Windows\DPINST.LOG
2014-12-02 13:00 - 2013-09-17 21:50 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-01 23:27 - 2013-10-23 21:50 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-25 16:24 - 2013-10-23 16:42 - 00000000 ____D () C:\Users\niki\Documents\Juli SKJP
2014-11-24 16:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-24 14:04 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\niki\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0crjqw.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-15 14:54

==================== End Of Log ============================
--- --- ---

--- --- ---


FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-12-2014 01
Ran by niki at 2014-12-22 19:31:40
Running from E:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Anki (HKLM-x32\...\Anki) (Version:  - )
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec WinBio FingerPrint Software 64-bit (Version: 3.4.2.1016 - AuthenTec, Inc.) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2206 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{0C518F4B-8D5A-47A6-A1E2-B3F371486118}) (Version: 15.2.1.3 - Broadcom Corporation)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4954 - CDBurnerXP)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.1.201.3 - Citrix Systems, Inc.)
Custom (Version: 01.00.00.002 - Wave Systems Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.3.00003.072 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.2.1 - Dell)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 2.3.15502 - Invincea, Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
DellAccess (Version: 01.03.00.078 - Wave Systems Corp.) Hidden
Direkt Foto System 3.x (HKLM-x32\...\fotoCharly3_is1) (Version:  - )
Dropbox (HKU\S-1-5-21-3543611772-1706178384-50430059-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EMBASSY Client Core (Version: 01.03.00.123 - Wave Systems Corp.) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX510W Series Printer Uninstall (HKLM\...\EPSON SX510W Series) (Version:  - SEIKO EPSON Corporation)
ERAS Connector (Version: 02.09.05.0335 - Wave Systems Corp) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.2.13.304 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.29.304 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.29.304 - DVDVideoSoft Ltd.)
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
GemPcCCID (Version: 2.0.1 - Gemalto) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
IBM SPSS Statistics 22 (HKLM-x32\...\{104875A1-D083-4A34-BC4F-3F635B7F8EF7}) (Version: 22.0.0.0 - IBM Corp)
iDump (Freeware) Build:31 (HKLM-x32\...\{E8A602BF-C276-4DB2-A9FF-B4C30EA1CB7C}_is1) (Version:  - Escsoft)
iDump (HKLM-x32\...\{BC1624B0-E919-48FB-BABD-9DEF45270080}) (Version: 2.0.70.0 - EscSoft)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{ECE5B218-A086-4E18-A362-D11181681457}) (Version: 15.03.1000.1637 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mendeley Desktop 1.10.1 (HKLM-x32\...\Mendeley Desktop) (Version: 1.10.1 - Mendeley Ltd.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
O2Micro OZ776 SCR Driver (Version: 2.1.4.223GS - O2Micro) Hidden
O2Micro OZ776 SCR Driver (x32 Version: 2.1.4.223GS - O2Micro) Hidden
Online Plug-in (x32 Version: 13.1.201.3 - Citrix Systems, Inc.) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PBA Driver-x64 (Version: 1.0.1.8 - Dell Inc.) Hidden
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PortStand (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fc67e7a0}) (Version:  - PathProc) <==== ATTENTION
Preboot Manager (Version: 03.05.00.043 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.03.00.032 - Wave Systems Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Self-Service Plug-in (x32 Version: 3.2.0.24226 - Citrix Systems, Inc.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shopper-Pro (HKLM-x32\...\ShopperPro) (Version:  - ) <==== ATTENTION
SI TSS (Version: 2.1.41 - Security Innovation) Hidden
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.13.201409122125 - Sony Mobile Communications AB)
Sony PC Companion 2.10.236 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.236 - Sony)
SPBA (WBF) 5.9 (Version: 5.9.7.7232 - Authentec Inc.) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0036 - ST Microelectronics)
toolkit32for64bit (x32 Version: 7.70.13.0001 - Wave Systems Corp) Hidden
Trusted Drive Manager (Version: 5.0.2.24 - Wave Systems Corp.) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Wave Crypto Runtime 2.0.9.0 x64 (Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Crypto Runtime 2.0.9.0 x86 (x32 Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Infrastructure Installer (Version: 07.70.13.0001 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.15.00.024 - Wave Systems Corp) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2410 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )
YoutubeAdBlooCkee (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version:  - ) <==== ATTENTION
YTDownloader (HKLM-x32\...\YTDownloader) (Version:  - YTDownloader) <==== ATTENTION!

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3543611772-1706178384-50430059-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\niki\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3543611772-1706178384-50430059-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\niki\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3543611772-1706178384-50430059-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\niki\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3543611772-1706178384-50430059-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\niki\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3543611772-1706178384-50430059-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\niki\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3543611772-1706178384-50430059-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\niki\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3543611772-1706178384-50430059-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\niki\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3543611772-1706178384-50430059-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\niki\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3543611772-1706178384-50430059-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\niki\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

15-12-2014 21:28:03 Windows Update
18-12-2014 14:44:08 Windows Update
19-12-2014 17:10:30 WinZip 19.0 wird installiert
20-12-2014 17:42:54 WinZip 19.0 wird entfernt
21-12-2014 22:21:28 Windows Update
22-12-2014 11:45:29 Installed Microsoft Fix it 50755
22-12-2014 11:53:24 Configured Microsoft Office Professional Plus 2010
22-12-2014 12:03:37 Configured Microsoft Office Professional Plus 2010
22-12-2014 12:30:59 avast! antivirus system restore point
22-12-2014 12:35:15 Installed 7-Zip 9.20 (x64 edition)
22-12-2014 13:03:07 avast! antivirus system restore point
22-12-2014 13:23:00 WinZip 19.0 wird installiert
22-12-2014 13:26:26 Removed Microsoft Office Professional Plus 2010
22-12-2014 13:42:02 Installed Microsoft Office Professional Plus 2013
22-12-2014 13:42:18 PROPLUSR
22-12-2014 15:11:05 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-12-20 17:52 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com
127.0.0.1        123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {098BA1F3-2383-42FD-A854-09C5F5A16FFD} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [2014-12-22] (YTDownloader) <==== ATTENTION
Task: {109B33F4-1D57-4422-8C1B-56FB0F63EBAC} - System32\Tasks\bc348f0e-6339-41bb-b1fa-50b586255ea4-6 => C:\Program Files (x86)\Sense\bc348f0e-6339-41bb-b1fa-50b586255ea4-6.exe [2014-12-22] (Object Browser) <==== ATTENTION
Task: {1DA6CFD5-2229-4B8F-9EF7-4AC10535E76F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {218BB4C1-895A-4177-A1F2-4D68B914AEB5} - System32\Tasks\cb5767e0-25a7-441c-9384-f5e5d9c0a9f3-2 => C:\Program Files (x86)\Ge-Force\cb5767e0-25a7-441c-9384-f5e5d9c0a9f3-2.exe [2014-12-22] (iWebar) <==== ATTENTION
Task: {3462AA27-6810-4930-8BC4-F792B4165633} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3CB5335F-69EA-4EE4-8FEB-D31A6941DE9D} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-22] (globalUpdate) <==== ATTENTION
Task: {3EB95379-5F8D-457F-B5DE-EE99462AB3C3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {4CBD0801-22C5-43A3-B945-DF588E759076} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe [2014-12-22] (Goobzo) <==== ATTENTION
Task: {5711BA4A-D2B7-42D5-B2DC-8E02DA547935} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {628F1F76-104F-436E-B3A5-FE85CF53A43B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {645DF484-9A02-408E-927F-6EC0FA8B4451} - \AutoKMS No Task File <==== ATTENTION
Task: {65311E70-CF1F-4888-8A4C-024258D8C7A4} - System32\Tasks\cb5767e0-25a7-441c-9384-f5e5d9c0a9f3-6 => C:\Program Files (x86)\Ge-Force\cb5767e0-25a7-441c-9384-f5e5d9c0a9f3-6.exe [2014-12-22] (iWebar) <==== ATTENTION
Task: {65D055FD-5A97-433F-9CC3-5C1F1C563801} - System32\Tasks\bc348f0e-6339-41bb-b1fa-50b586255ea4-2 => C:\Program Files (x86)\Sense\bc348f0e-6339-41bb-b1fa-50b586255ea4-2.exe [2014-12-22] (Object Browser) <==== ATTENTION
Task: {74656568-B1E6-4A2F-B585-3DD9426229B9} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {776C6832-6ED4-4A91-BA5C-FFADCBE26BA7} - System32\Tasks\WSCEAA => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\WSCEAA.exe [2012-11-28] (Wave Systems Corp.)
Task: {7DFAB268-261F-4691-971E-532704E910AA} - System32\Tasks\ShopperPro => C:\Program Files (x86)\ShopperPro\ShopperPro.exe [2014-12-21] (Goobzo LTD) <==== ATTENTION
Task: {888C0386-3C26-4C09-9C94-F7CE9F4CFAA8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {961B9A16-853F-4AFD-B849-9E506A1C65A5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-01] (Google Inc.)
Task: {979920EE-841B-4809-B8FD-D5DECFD9352C} - System32\Tasks\SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.38.0.1449\jsdrv.exe [2014-12-21] () <==== ATTENTION
Task: {9FB96C9F-A8B0-4D60-9874-7410D4AC9E5D} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-22] (globalUpdate) <==== ATTENTION
Task: {AD6BEC6A-D9C4-406D-B9BE-96B3F04B3E6B} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {AF25970E-BBED-4152-98EB-B7DF646749DC} - System32\Tasks\{25A4A4B2-BB7F-426B-926C-C1EE53FA2B16} => pcalua.exe -a C:\Users\niki\Downloads\epson324758eu(1).exe -d C:\Users\niki\Downloads
Task: {B018D5E4-C4B5-4BB3-B47D-1F65C9735538} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {B65A4068-2F34-4643-86AC-B00A7BA6C55B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {B6FED4E6-B2C7-4E61-968E-D265A7BA2813} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-22] (AVAST Software)
Task: {CFF96343-5698-47F4-AE02-BA322122C22B} - System32\Tasks\GoogleUpdateTaskMachineUA1cec849d0b200ed => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-01] (Google Inc.)
Task: {D1A305AB-3E53-470E-B9D1-0F3613DF9A5E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {D25A777F-AF0E-4FE4-8588-F8AD180C3290} - System32\Tasks\AdobeAAMUpdater-1.0-niki-PC-niki => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
Task: {D439C3C1-9A65-4F89-A035-6F2DB7C1EAC4} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe [2014-12-21] (Goobzo) <==== ATTENTION
Task: {FCE188AC-2FD7-4F94-9052-57E85E3C3279} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\bc348f0e-6339-41bb-b1fa-50b586255ea4-2.job => C:\Program Files (x86)\Sense\bc348f0e-6339-41bb-b1fa-50b586255ea4-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\bc348f0e-6339-41bb-b1fa-50b586255ea4-6.job => C:\Program Files (x86)\Sense\bc348f0e-6339-41bb-b1fa-50b586255ea4-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\cb5767e0-25a7-441c-9384-f5e5d9c0a9f3-2.job => C:\Program Files (x86)\Ge-Force\cb5767e0-25a7-441c-9384-f5e5d9c0a9f3-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\cb5767e0-25a7-441c-9384-f5e5d9c0a9f3-6.job => C:\Program Files (x86)\Ge-Force\cb5767e0-25a7-441c-9384-f5e5d9c0a9f3-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cec849d0b200ed.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2013-03-11 16:05 - 2013-03-11 16:05 - 00231792 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
2013-03-11 16:04 - 2013-03-11 16:04 - 00039280 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\DeviceStatus.dll
2012-05-11 15:47 - 2012-05-11 15:47 - 00003072 _____ () C:\Program Files (x86)\Security Innovation\SI TSS\bin\TspPopup_DEU.dll
2014-12-22 15:22 - 2014-11-04 12:21 - 00165376 _____ () C:\Users\niki\AppData\Local\privacyrubyBckp\privacyrubyBckp.exe
2013-09-17 23:18 - 2012-03-27 04:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-09-28 22:41 - 2014-06-23 08:07 - 00113376 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2014-09-26 14:40 - 2014-09-26 14:40 - 06237856 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-12-22 15:11 - 2014-12-22 15:11 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-22 15:11 - 2014-12-22 15:11 - 05846160 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-12-22 15:22 - 2014-11-04 12:22 - 00069120 _____ () C:\Windows\SysWOW64\addonwordRecovery\addonwordRecovery.exe
2014-12-22 15:28 - 2014-12-21 19:10 - 03224576 _____ () C:\Program Files (x86)\ShopperPro\JSDriver\1.38.0.1449\jsdrv.exe
2014-12-22 19:16 - 2014-12-22 19:16 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122201\algo.dll
2014-12-22 15:12 - 2014-12-22 15:12 - 04491192 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-19 17:27 - 2014-12-19 17:27 - 04077568 _____ () c:\Program Files (x86)\DeltaFix\DeltaFix.dll
2014-09-28 22:41 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2014-09-28 22:41 - 2013-09-13 10:02 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 13:54 - 2011-07-07 13:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2014-09-28 22:41 - 2013-05-20 11:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
2014-09-28 22:41 - 2010-01-11 15:44 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
2014-09-15 15:20 - 2014-09-15 15:20 - 00645120 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\niki\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-22 19:25 - 2014-12-22 19:25 - 00043008 _____ () c:\users\niki\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0crjqw.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\niki\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\niki\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\niki\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-09-28 21:01 - 2014-09-28 21:01 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2014-12-20 17:41 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-12-20 17:41 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-20 17:41 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-12-22 15:12 - 2014-12-22 15:12 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-28 21:01 - 2014-09-28 21:01 - 00746160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2014-09-28 21:01 - 2014-09-28 21:01 - 00136368 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll
2014-12-20 17:41 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-12-20 17:41 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-09-17 21:51 - 2013-05-14 02:15 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-10-16 10:07 - 2014-10-16 10:07 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\2dace9622c68c6ce58d55a6950eeaa95\IsdiInterop.ni.dll
2013-09-17 21:54 - 2012-05-30 19:55 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3204
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3256
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3357

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3543611772-1706178384-50430059-500 - Administrator - Disabled)
Gast (S-1-5-21-3543611772-1706178384-50430059-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3543611772-1706178384-50430059-1002 - Limited - Enabled)
niki (S-1-5-21-3543611772-1706178384-50430059-1000 - Administrator - Enabled) => C:\Users\niki

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/22/2014 07:25:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 07:25:32 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Fehler in Manifest- oder Richtliniendatei "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" in Zeile  Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (12/22/2014 07:25:26 PM) (Source: DellFeatureEnhancementPack) (EventID: 0) (User: )
Description: Unable to initialize the DellSmartSettingsSys.dll. Error number = 0xa0000008

Error: (12/22/2014 07:15:27 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Fehler in Manifest- oder Richtliniendatei "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" in Zeile  Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (12/22/2014 07:14:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 07:00:16 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Fehler in Manifest- oder Richtliniendatei "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" in Zeile  Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (12/22/2014 06:59:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 06:53:31 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (12/22/2014 06:34:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SDLogReport.exe, Version 2.4.40.107 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1fdc

Startzeit: 01d01e0d101b7e98

Endzeit: 2

Anwendungspfad: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLogReport.exe

Berichts-ID: 6797d643-8a00-11e4-9288-b00594f4dbc1

Error: (12/22/2014 05:57:15 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.


System errors:
=============
Error: (12/22/2014 07:26:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "privacyrubyBckp.exe" wurde nicht richtig gestartet.

Error: (12/22/2014 07:24:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VO Service component" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (12/22/2014 07:24:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (12/22/2014 07:24:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (12/22/2014 07:23:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "WvPCR" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0

Error: (12/22/2014 07:23:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "SI TSS v1.2.1.41 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0

Error: (12/22/2014 07:16:14 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "privacyrubyBckp.exe" wurde nicht richtig gestartet.

Error: (12/22/2014 07:14:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VO Service component" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (12/22/2014 07:14:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (12/22/2014 07:14:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.


Microsoft Office Sessions:
=========================
Error: (12/22/2014 07:25:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 07:25:32 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Citrix\ICA Client\MFC80.DLLC:\Program Files (x86)\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5

Error: (12/22/2014 07:25:26 PM) (Source: DellFeatureEnhancementPack) (EventID: 0) (User: )
Description: Unable to initialize the DellSmartSettingsSys.dll. Error number = 0xa0000008

Error: (12/22/2014 07:15:27 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Citrix\ICA Client\MFC80.DLLC:\Program Files (x86)\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5

Error: (12/22/2014 07:14:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 07:00:16 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Citrix\ICA Client\MFC80.DLLC:\Program Files (x86)\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5

Error: (12/22/2014 06:59:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 06:53:31 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files (x86)\Citrix\ICA Client\statuin.dllC:\Program Files (x86)\Citrix\ICA Client\statuin.dll0

Error: (12/22/2014 06:34:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SDLogReport.exe2.4.40.1071fdc01d01e0d101b7e982C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLogReport.exe6797d643-8a00-11e4-9288-b00594f4dbc1

Error: (12/22/2014 05:57:15 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\niki\Downloads\EmsisoftEmergencyKit.exeC:\Users\niki\Downloads\EmsisoftEmergencyKit.exe0


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3340M CPU @ 2.70GHz
Percentage of memory in use: 56%
Total physical RAM: 3969.02 MB
Available physical RAM: 1718.95 MB
Total Pagefile: 7936.22 MB
Available Pagefile: 5308.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:453.47 GB) (Free:259.11 GB) NTFS
Drive e: (USB) (Fixed) (Total:0.93 GB) (Free:0.83 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: D0EBF018)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 956 MB) (Disk ID: AB400694)
Partition 1: (Active) - (Size=956 MB) - (Type=0B)

==================== End Of Log ============================
--- --- ---


Ich danke euch für eure Hilfe,
MfG
niko laus

schrauber 22.12.2014 22:23
hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    PortStand

    Shopper-Pro

    YoutubeAdBlooCkee

    YTDownloader


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 






Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

niko laus 23.12.2014 01:01
Vielen Dank für deine rasche Antwort!

Code:
ComboFix 14-12-14.01 - niki 23.12.2014  0:35.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.43.1031.18.3969.1561 [GMT 1:00]
ausgeführt von:: c:\users\niki\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Adobe Download Assistant\4b9b4c05-2333-48cf-9565-f0e987194920.dll
c:\program files (x86)\Adobe Download Assistant\72609d6a-3d94-409f-b198-cdf70d214978.dll
c:\program files (x86)\Adobe Download Assistant\bcfe1426-2038-4631-81a6-6e318fe3ee7e.dll
c:\program files (x86)\Adobe Download Assistant\e91ebb45-cfb2-49e2-b57a-d08f383054c5.dll
c:\program files (x86)\bcfe1426-2038-4631-81a6-6e318fe3ee7e\65913bf0-36c8-4412-9a2d-0b49932d7712.dll
c:\program files (x86)\bcfe1426-2038-4631-81a6-6e318fe3ee7e\ee96f1ca-2d12-4851-a2bf-9ec06bc89e6a.dll
c:\program files (x86)\e91ebb45-cfb2-49e2-b57a-d08f383054c5\b34cdf20-0d52-4642-a3ad-4942c26b3743.dll
c:\program files (x86)\e91ebb45-cfb2-49e2-b57a-d08f383054c5\cc8d6785-cde7-4808-b3c6-0814600135d5.dll
c:\program files (x86)\Ge-Force\0cb00a01-6ce6-4d0f-8df3-fd9e325189f8.dll
c:\program files (x86)\Ge-Force\c8daf314-8eb3-4bf1-898d-d06fa177a4bb.dll
c:\programdata\2125225651885494038
c:\programdata\2125225651885494038\cd5b15e575e1c3d082e5a52118e7fdde.ini
c:\programdata\3872871776
c:\programdata\3872871776\BIT750F.tmp
c:\programdata\Roaming
c:\programdata\ShopperPro
c:\windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_globalUpdate
-------\Service_npf
-------\Legacy_SPDRIVER_1.38.0.1449
-------\Service_SPDRIVER_1.38.0.1449
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-11-22 bis 2014-12-22  ))))))))))))))))))))))))))))))
.
.
2014-12-22 22:42 . 2014-12-22 22:42        --------        d-----w-        c:\program files (x86)\VS Revo Group
2014-12-22 21:34 . 2014-12-22 21:34        --------        d-----w-        c:\program files\Microsoft.NET
2014-12-22 18:26 . 2014-12-22 18:32        --------        d-----w-        C:\FRST
2014-12-22 16:42 . 2014-12-15 03:13        11870360        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{08874A08-019F-47C1-93EC-E5EB7667555A}\mpengine.dll
2014-12-22 14:29 . 2014-12-22 23:43        --------        d-----w-        c:\program files (x86)\e91ebb45-cfb2-49e2-b57a-d08f383054c5
2014-12-22 14:29 . 2014-12-22 23:43        --------        d-----w-        c:\program files (x86)\Ge-Force
2014-12-22 14:29 . 2014-12-22 23:43        --------        d-----w-        c:\program files (x86)\bcfe1426-2038-4631-81a6-6e318fe3ee7e
2014-12-22 14:29 . 2014-12-22 17:27        --------        d-----w-        c:\program files (x86)\Sense
2014-12-22 14:29 . 2014-12-22 14:29        --------        d-----w-        c:\users\niki\AppData\Local\globalUpdate
2014-12-22 14:29 . 2014-12-22 14:29        --------        d-----w-        c:\program files (x86)\globalUpdate
2014-12-22 14:28 . 2014-12-22 14:28        --------        d-----w-        c:\users\niki\AppData\Local\CrashRpt
2014-12-22 14:22 . 2014-12-22 14:22        --------        d-----w-        c:\windows\SysWow64\addonwordRecovery
2014-12-22 14:22 . 2014-12-22 14:39        --------        d-----w-        c:\users\niki\AppData\Local\privacyrubyBckp
2014-12-22 14:13 . 2014-12-22 14:13        --------        d-----w-        c:\users\niki\AppData\Roaming\AVAST Software
2014-12-22 14:12 . 2014-12-22 14:12        267632        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2014-12-22 14:12 . 2014-12-22 14:12        116728        ----a-w-        c:\windows\system32\drivers\aswStm.sys
2014-12-22 14:12 . 2014-12-22 14:12        1050432        ----a-w-        c:\windows\system32\drivers\aswsnx.sys
2014-12-22 14:12 . 2014-12-22 14:12        83280        ----a-w-        c:\windows\system32\drivers\aswmonflt.sys
2014-12-22 14:12 . 2014-12-22 14:12        65776        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2014-12-22 14:12 . 2014-12-22 14:12        436624        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2014-12-22 14:12 . 2014-12-22 14:12        29208        ----a-w-        c:\windows\system32\drivers\aswHwid.sys
2014-12-22 14:12 . 2014-12-22 14:12        93568        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2014-12-22 14:12 . 2014-12-22 14:12        364512        ----a-w-        c:\windows\system32\aswBoot.exe
2014-12-22 14:12 . 2014-12-22 14:12        43152        ----a-w-        c:\windows\avastSS.scr
2014-12-22 14:11 . 2014-12-22 14:11        --------        d-----w-        c:\program files\AVAST Software
2014-12-22 12:50 . 2014-12-22 12:50        --------        d-----w-        c:\program files\Common Files\DESIGNER
2014-12-22 12:48 . 2014-12-22 12:48        --------        d-----w-        c:\program files (x86)\Microsoft SQL Server
2014-12-22 12:47 . 2014-12-22 12:47        --------        d-----w-        c:\programdata\regid.1991-06.com.microsoft
2014-12-22 12:46 . 2014-12-22 12:48        --------        d-----w-        c:\program files\Microsoft SQL Server
2014-12-22 12:46 . 2014-12-22 12:46        --------        d-----w-        c:\windows\PCHEALTH
2014-12-22 12:43 . 2014-12-22 12:43        --------        d-----w-        c:\program files\Microsoft Analysis Services
2014-12-22 12:43 . 2014-12-22 12:43        --------        d-----w-        c:\program files (x86)\Microsoft Analysis Services
2014-12-22 12:42 . 2014-12-22 12:46        --------        d-----w-        c:\program files\Microsoft Office
2014-12-22 12:42 . 2014-12-22 12:42        --------        d-----r-        C:\MSOCache
2014-12-22 12:24 . 2014-12-22 12:24        --------        d-----w-        c:\users\niki\AppData\Local\WinZip
2014-12-22 12:23 . 2014-12-22 12:23        --------        d-----w-        c:\programdata\WinZip
2014-12-22 12:23 . 2014-12-22 12:23        --------        d-----w-        c:\program files\WinZip
2014-12-22 12:04 . 2014-12-22 12:04        --------        d-s---w-        c:\windows\SysWow64\Microsoft
2014-12-22 11:38 . 2014-12-22 11:38        --------        d-----w-        c:\windows\SysWow64\vbox
2014-12-22 11:38 . 2014-12-22 11:38        --------        d-----w-        c:\windows\system32\vbox
2014-12-22 11:36 . 2014-12-22 11:36        --------        d-----w-        c:\program files\7-Zip
2014-12-22 11:30 . 2014-12-22 14:11        --------        d-----w-        c:\programdata\AVAST Software
2014-12-22 10:55 . 2014-12-22 10:55        820072        ----a-w-        c:\program files\Common Files\System\SysMenu64.dll
2014-12-22 10:55 . 2014-12-22 10:55        649064        ----a-w-        c:\program files\Common Files\System\SysMenu.dll
2014-12-22 10:45 . 2014-12-22 10:45        --------        d-----w-        C:\Bak
2014-12-20 16:41 . 2014-12-22 23:33        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2014-12-20 16:41 . 2014-12-22 23:50        --------        d-----w-        c:\program files (x86)\Spybot - Search & Destroy 2
2014-12-19 16:28 . 2014-12-20 16:42        --------        d-----w-        c:\users\niki\AppData\Roaming\SkypEmoticons
2014-12-19 16:25 . 2014-12-19 16:25        --------        d-----w-        c:\program files (x86)\BuyNsaave
2014-12-19 16:25 . 2014-12-19 16:25        --------        d-----w-        c:\programdata\lkffhhbainjiheccppdedpnljkkfcaii
2014-12-18 12:41 . 2014-12-13 05:09        144384        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-12-18 12:41 . 2014-12-13 03:33        115712        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2014-12-14 21:06 . 2014-12-14 21:13        --------        d-----w-        c:\users\niki\AppData\Roaming\uTorrent
2014-12-10 21:56 . 2014-12-10 21:56        --------        d-----w-        c:\windows\system32\appraiser
2014-12-10 21:49 . 2014-10-18 01:33        3209728        ----a-w-        c:\windows\SysWow64\mf.dll
2014-12-10 21:49 . 2014-10-18 02:05        4121600        ----a-w-        c:\windows\system32\mf.dll
2014-12-10 21:04 . 2014-10-30 02:03        165888        ----a-w-        c:\windows\system32\charmap.exe
2014-12-09 18:56 . 2014-12-09 18:56        3981488        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-12-03 22:17 . 2014-12-03 22:17        --------        d-----w-        c:\programdata\APN
2014-12-03 22:15 . 2014-12-03 22:15        --------        d-----w-        c:\program files (x86)\Common Files\Java
2014-12-03 09:23 . 2014-12-03 09:23        --------        d-----w-        c:\users\niki\AppData\Roaming\PDAppFlex
2014-12-03 06:31 . 2014-12-03 06:31        227048        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-12-01 22:33 . 2014-12-20 16:55        --------        d-----w-        c:\programdata\regid.1986-12.com.adobe
2014-12-01 22:27 . 2014-12-20 16:57        --------        d-----w-        c:\program files\Adobe
2014-12-01 22:22 . 2014-12-03 09:57        --------        d-----w-        c:\program files\Common Files\Adobe
2014-12-01 22:17 . 2014-12-01 22:17        --------        d-----r-        c:\users\niki\Creative Cloud Files
2014-12-01 22:14 . 2014-12-01 22:23        --------        d-----w-        c:\programdata\Package Cache
2014-11-27 18:43 . 2014-12-01 23:11        --------        d-----w-        c:\users\niki\AppData\Roaming\fotoCharlyBestellsoftware
2014-11-27 18:43 . 2014-11-27 18:45        --------        d-----w-        c:\program files (x86)\fotoCharlyBestellsoftware
2014-11-26 09:04 . 2014-11-26 09:04        3009208        ----a-w-        c:\program files\Common Files\Microsoft Shared\OFFICE15\1031\MSOINTL.DLL
2014-11-25 16:21 . 2014-11-25 16:21        --------        d-----w-        c:\users\niki\AppData\Local\FileViewPro
2014-11-25 16:21 . 2014-11-25 16:21        --------        d-----w-        c:\users\niki\AppData\Roaming\IsolatedStorage
2014-11-25 16:21 . 2014-11-25 16:21        --------        d-----w-        c:\programdata\IsolatedStorage
2014-11-25 16:17 . 2014-11-25 16:20        --------        d-----w-        c:\users\niki\AppData\Roaming\Solvusoft
2014-11-25 16:17 . 2012-10-15 16:02        19888        ----a-w-        c:\windows\system32\roboot64.exe
2014-11-25 16:17 . 2014-11-25 16:17        --------        d-----w-        C:\Spacekace
2014-11-25 14:23 . 2014-11-25 14:23        81234104        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2014-11-25 14:23 . 2014-11-25 14:23        26373816        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2014-11-25 14:20 . 2014-11-25 14:20        81234104        ----a-w-        c:\program files\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2014-11-25 14:20 . 2014-11-25 14:20        654512        ----a-w-        c:\program files\Common Files\Microsoft Shared\OFFICE15\MSOSQM.EXE
2014-11-25 14:20 . 2014-11-25 14:20        36827832        ----a-w-        c:\program files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-10 21:51 . 2013-09-30 13:31        112710672        ----a-w-        c:\windows\system32\MRT.exe
2014-12-09 18:56 . 2013-09-17 20:42        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-09 18:56 . 2013-09-17 20:42        701104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-03 22:14 . 2014-11-03 12:12        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-24 13:04 . 2010-11-21 03:27        275080        ------w-        c:\windows\system32\MpSigStub.exe
2014-11-20 04:42 . 2014-11-20 04:42        37008        ----a-w-        c:\windows\system32\FM20DEU.DLL
2014-11-19 03:31 . 2014-11-19 03:31        1217192        ----a-w-        c:\windows\SysWow64\FM20.DLL
2014-11-18 19:47 . 2014-11-18 19:47        1691816        ----a-w-        c:\windows\system32\FM20.DLL
2014-11-11 03:08 . 2014-11-19 16:56        241152        ----a-w-        c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 16:56        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-19 16:56        186880        ----a-w-        c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 16:56        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-10-25 01:57 . 2014-11-13 11:46        77824        ----a-w-        c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-13 11:46        67584        ----a-w-        c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-13 11:46        861696        ----a-w-        c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-13 11:46        571904        ----a-w-        c:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16 . 2014-11-13 11:47        155064        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-13 11:47        683520        ----a-w-        c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-13 11:46        3241984        ----a-w-        c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-13 11:47        1460736        ----a-w-        c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-13 11:47        146432        ----a-w-        c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-13 11:47        681984        ----a-w-        c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-13 11:47        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-13 11:46        2363904        ----a-w-        c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-13 11:47        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-13 11:47        146432        ----a-w-        c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-13 11:47        681984        ----a-w-        c:\windows\SysWow64\adtschema.dll
2014-10-10 00:57 . 2014-11-13 11:46        3198976        ----a-w-        c:\windows\system32\win32k.sys
2014-10-03 02:12 . 2014-11-13 11:46        500224        ----a-w-        c:\windows\system32\AUDIOKSE.dll
2014-10-03 02:11 . 2014-11-13 11:46        284672        ----a-w-        c:\windows\system32\EncDump.dll
2014-10-03 02:11 . 2014-11-13 11:46        680960        ----a-w-        c:\windows\system32\audiosrv.dll
2014-10-03 02:11 . 2014-11-13 11:46        440832        ----a-w-        c:\windows\system32\AudioEng.dll
2014-10-03 02:11 . 2014-11-13 11:46        296448        ----a-w-        c:\windows\system32\AudioSes.dll
2014-10-03 01:44 . 2014-11-13 11:46        442880        ----a-w-        c:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44 . 2014-11-13 11:46        374784        ----a-w-        c:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44 . 2014-11-13 11:46        195584        ----a-w-        c:\windows\SysWow64\AudioSes.dll
2014-09-28 21:43 . 2014-09-28 21:43        30424        ----a-w-        c:\windows\system32\drivers\ggsomc.sys
2014-09-28 21:43 . 2014-09-28 21:43        16088        ----a-w-        c:\windows\system32\drivers\ggflt.sys
2014-09-25 02:08 . 2014-10-01 21:32        371712        ----a-w-        c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 21:32        519680        ----a-w-        c:\windows\SysWow64\qdvd.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110611901159}]
2014-12-22 14:29        700384        ----a-w-        c:\program files (x86)\Sense\Sense-bho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110611911129}]
2014-12-22 14:29        700384        ----a-w-        c:\program files (x86)\Ge-Force\Ge-Force-bho.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 16:19        1729744        ----a-w-        c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 16:19        1729744        ----a-w-        c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 16:19        1729744        ----a-w-        c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        131480        ----a-w-        c:\users\niki\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        131480        ----a-w-        c:\users\niki\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        131480        ----a-w-        c:\users\niki\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2014-10-15 468192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-05-31 132920]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-02-22 292088]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-06-07 56128]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-12-16 462974]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2014-02-06 189480]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-05-23 371896]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-10-15 2694320]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-12-22 5223016]
.
c:\users\niki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\niki\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-9 39207112]
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-15 507448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-2-22 1380128]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-15 507448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 sbmntr;sbmntr;c:\progra~2\YTDOWN~1\sbmntr.sys;c:\progra~2\YTDOWN~1\sbmntr.sys [x]
R2 servervo;VO Service component;c:\users\niki\AppData\Roaming\VOPackage\VOsrv.exe;c:\users\niki\AppData\Roaming\VOPackage\VOsrv.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WvPCR;WvPCR;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ggflt;SOMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 ggsomc;SOMC USB Flash Driver;c:\windows\system32\DRIVERS\ggsomc.sys;c:\windows\SYSNATIVE\DRIVERS\ggsomc.sys [x]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe;c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 InvProtectDrv;InvProtectDrv;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [x]
R3 InvProtectSvc;Invincea Enterprise Service;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDRw7x64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SboxDrv;SboxDrv;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [x]
R3 SboxSvc;SboxSvc;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S2 addonwordRecovery;addonwordRecovery;c:\windows\SysWOW64\addonwordRecovery\addonwordRecovery.exe;c:\windows\SysWOW64\addonwordRecovery\addonwordRecovery.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [x]
S2 EmbassyService;EmbassyService;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 PbaDrvSvc_x64;Dell PBA x64 Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [x]
S2 privacyrubyBckp.exe;privacyrubyBckp.exe;c:\users\niki\AppData\Local\privacyrubyBckp\privacyrubyBckp.exe;c:\users\niki\AppData\Local\privacyrubyBckp\privacyrubyBckp.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 dcdbas;System Management Driver;c:\windows\system32\DRIVERS\dcdbas64.sys;c:\windows\SYSNATIVE\DRIVERS\dcdbas64.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys;c:\windows\SYSNATIVE\DRIVERS\ST_ACCEL.sys [x]
S3 usb3Hub;USB-IF USB 3.0 Hub;c:\windows\system32\DRIVERS\usb3Hub.sys;c:\windows\SYSNATIVE\DRIVERS\usb3Hub.sys [x]
S3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\system32\DRIVERS\XHCIPort.sys;c:\windows\SYSNATIVE\DRIVERS\XHCIPort.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-12 10:30        1087816        ----a-w-        c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-17 18:56]
.
2014-12-22 c:\windows\Tasks\bc348f0e-6339-41bb-b1fa-50b586255ea4-2.job
- c:\program files (x86)\Sense\bc348f0e-6339-41bb-b1fa-50b586255ea4-2.exe [2014-12-22 14:29]
.
2014-12-22 c:\windows\Tasks\bc348f0e-6339-41bb-b1fa-50b586255ea4-6.job
- c:\program files (x86)\Sense\bc348f0e-6339-41bb-b1fa-50b586255ea4-6.exe [2014-12-22 14:29]
.
2014-12-22 c:\windows\Tasks\cb5767e0-25a7-441c-9384-f5e5d9c0a9f3-2.job
- c:\program files (x86)\Ge-Force\cb5767e0-25a7-441c-9384-f5e5d9c0a9f3-2.exe [2014-12-22 14:29]
.
2014-12-22 c:\windows\Tasks\cb5767e0-25a7-441c-9384-f5e5d9c0a9f3-6.job
- c:\program files (x86)\Ge-Force\cb5767e0-25a7-441c-9384-f5e5d9c0a9f3-6.exe [2014-12-22 14:29]
.
2014-12-22 c:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
- c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-22 14:29]
.
2014-12-22 c:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
- c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-22 14:29]
.
2014-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-01 21:18]
.
2014-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cec849d0b200ed.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-01 21:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-1111-1111-1111-110611901159}]
2014-12-22 14:29        883680        ----a-w-        c:\program files (x86)\Sense\Sense-bho64.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-1111-1111-1111-110611911129}]
2014-12-22 14:29        883680        ----a-w-        c:\program files (x86)\Ge-Force\Ge-Force-bho64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-09-26 13:41        1021088        ----a-w-        c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-09-26 13:41        1021088        ----a-w-        c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-09-26 13:41        1021088        ----a-w-        c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 16:17        2334928        ----a-w-        c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 16:17        2334928        ----a-w-        c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 16:17        2334928        ----a-w-        c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-12-22 14:12        860984        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        164760        ----a-w-        c:\users\niki\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        164760        ----a-w-        c:\users\niki\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        164760        ----a-w-        c:\users\niki\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        164760        ----a-w-        c:\users\niki\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2013-03-05 19:32        136024        ----a-w-        c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2013-03-05 19:32        136024        ----a-w-        c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2013-02-21 698712]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-02-05 1702912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-25 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-25 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-25 439064]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-08-23 4805936]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2013-03-05 371024]
"DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2012-08-15 7077432]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-10-14 557768]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.mystartsearch.com/?type=hp&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX
mDefault_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX&q={searchTerms}
mDefault_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX
mStart Page = hxxp://www.mystartsearch.com/?type=hp&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX&q={searchTerms}
uInternet Settings,ProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office15\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\niki\AppData\Roaming\Mozilla\Firefox\Profiles\oy1et1va.default-1412713448957\
FF - prefs.js: browser.search.selectedEngine - mystartsearch
FF - prefs.js: browser.startup.homepage - www.orf.at
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - c:\programdata\ShopperPro\ShopperPro.dll
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-iCloudServices - c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
Wow6432Node-HKCU-Run-ApplePhotoStreams - c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\niki\AppData\Local\Akamai\netsession_win.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\o2flash.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-12-23  00:59:05 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-12-22 23:59
.
Vor Suchlauf: 18 Verzeichnis(se), 249.893.244.928 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 249.397.944.320 Bytes frei
.
- - End Of File - - 3B2F00AC67450C2046DD71282684224D
MfG

schrauber 23.12.2014 20:50
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

niko laus 25.12.2014 22:12
Hey!

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 24.12.2014
Suchlauf-Zeit: 00:52:40
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.12.23.09
Rootkit Datenbank: v2014.12.23.02
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: niki

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 353839
Verstrichene Zeit: 11 Min, 51 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 65
PUP.Optional.Sense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110611901159}, In Quarantäne, [ce77ca9cbfbde056763782e75ca5bc44],
PUP.Optional.Sense.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644904459}, In Quarantäne, [ce77ca9cbfbde056763782e75ca5bc44],
PUP.Optional.Sense.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655905559}, In Quarantäne, [ce77ca9cbfbde056763782e75ca5bc44],
PUP.Optional.Sense.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666906659}, In Quarantäne, [ce77ca9cbfbde056763782e75ca5bc44],
PUP.Optional.Sense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655905559}, In Quarantäne, [ce77ca9cbfbde056763782e75ca5bc44],
PUP.Optional.Sense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666906659}, In Quarantäne, [ce77ca9cbfbde056763782e75ca5bc44],
PUP.Optional.Sense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644904459}, In Quarantäne, [ce77ca9cbfbde056763782e75ca5bc44],
PUP.Optional.Sense.A, HKLM\SOFTWARE\CLASSES\8ccd3a1057764b7ca4c3b0c2740d87960069059.BHO.1, In Quarantäne, [ce77ca9cbfbde056763782e75ca5bc44],
PUP.Optional.Sense.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611901159}, In Quarantäne, [ce77ca9cbfbde056763782e75ca5bc44],
PUP.Optional.Sense.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611901159}, In Quarantäne, [ce77ca9cbfbde056763782e75ca5bc44],
PUP.Optional.Sense.A, HKLM\SOFTWARE\CLASSES\8ccd3a1057764b7ca4c3b0c2740d87960069059.BHO, In Quarantäne, [ce77ca9cbfbde056763782e75ca5bc44],
PUP.Optional.Sense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\8ccd3a1057764b7ca4c3b0c2740d87960069059.BHO, In Quarantäne, [ce77ca9cbfbde056763782e75ca5bc44],
PUP.Optional.Sense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\8ccd3a1057764b7ca4c3b0c2740d87960069059.BHO.1, In Quarantäne, [ce77ca9cbfbde056763782e75ca5bc44],
PUP.Optional.Sense.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611901159}, In Quarantäne, [ce77ca9cbfbde056763782e75ca5bc44],
PUP.Optional.Sense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220622902259}, In Quarantäne, [ce77ca9cbfbde056763782e75ca5bc44],
PUP.Optional.Sense.A, HKLM\SOFTWARE\CLASSES\8ccd3a1057764b7ca4c3b0c2740d87960069059.Sandbox.1, In Quarantäne, [ce77ca9cbfbde056763782e75ca5bc44],
PUP.Optional.Sense.A, HKLM\SOFTWARE\CLASSES\8ccd3a1057764b7ca4c3b0c2740d87960069059.Sandbox, In Quarantäne, [ce77ca9cbfbde056763782e75ca5bc44],
PUP.Optional.Sense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\8ccd3a1057764b7ca4c3b0c2740d87960069059.Sandbox, In Quarantäne, [ce77ca9cbfbde056763782e75ca5bc44],
PUP.Optional.Sense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\8ccd3a1057764b7ca4c3b0c2740d87960069059.Sandbox.1, In Quarantäne, [ce77ca9cbfbde056763782e75ca5bc44],
PUP.Optional.Sense.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220622902259}, In Quarantäne, [ce77ca9cbfbde056763782e75ca5bc44],
PUP.Optional.GeForce.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110611911129}, In Quarantäne, [55f0acba0d6f8aac796ae0d2b74a44bc],
PUP.Optional.GeForce.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644914429}, In Quarantäne, [55f0acba0d6f8aac796ae0d2b74a44bc],
PUP.Optional.GeForce.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655915529}, In Quarantäne, [55f0acba0d6f8aac796ae0d2b74a44bc],
PUP.Optional.GeForce.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666916629}, In Quarantäne, [55f0acba0d6f8aac796ae0d2b74a44bc],
PUP.Optional.GeForce.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655915529}, In Quarantäne, [55f0acba0d6f8aac796ae0d2b74a44bc],
PUP.Optional.GeForce.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666916629}, In Quarantäne, [55f0acba0d6f8aac796ae0d2b74a44bc],
PUP.Optional.GeForce.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644914429}, In Quarantäne, [55f0acba0d6f8aac796ae0d2b74a44bc],
PUP.Optional.GeForce.A, HKLM\SOFTWARE\CLASSES\fd489e8cf7fd4ea1abbfd6139cb6d3390069129.BHO.1, In Quarantäne, [55f0acba0d6f8aac796ae0d2b74a44bc],
PUP.Optional.GeForce.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611911129}, In Quarantäne, [55f0acba0d6f8aac796ae0d2b74a44bc],
PUP.Optional.GeForce.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611911129}, In Quarantäne, [55f0acba0d6f8aac796ae0d2b74a44bc],
PUP.Optional.GeForce.A, HKLM\SOFTWARE\CLASSES\fd489e8cf7fd4ea1abbfd6139cb6d3390069129.BHO, In Quarantäne, [55f0acba0d6f8aac796ae0d2b74a44bc],
PUP.Optional.GeForce.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\fd489e8cf7fd4ea1abbfd6139cb6d3390069129.BHO, In Quarantäne, [55f0acba0d6f8aac796ae0d2b74a44bc],
PUP.Optional.GeForce.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\fd489e8cf7fd4ea1abbfd6139cb6d3390069129.BHO.1, In Quarantäne, [55f0acba0d6f8aac796ae0d2b74a44bc],
PUP.Optional.GeForce.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611911129}, In Quarantäne, [55f0acba0d6f8aac796ae0d2b74a44bc],
PUP.Optional.GeForce.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220622912229}, In Quarantäne, [55f0acba0d6f8aac796ae0d2b74a44bc],
PUP.Optional.GeForce.A, HKLM\SOFTWARE\CLASSES\fd489e8cf7fd4ea1abbfd6139cb6d3390069129.Sandbox.1, In Quarantäne, [55f0acba0d6f8aac796ae0d2b74a44bc],
PUP.Optional.GeForce.A, HKLM\SOFTWARE\CLASSES\fd489e8cf7fd4ea1abbfd6139cb6d3390069129.Sandbox, In Quarantäne, [55f0acba0d6f8aac796ae0d2b74a44bc],
PUP.Optional.GeForce.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\fd489e8cf7fd4ea1abbfd6139cb6d3390069129.Sandbox, In Quarantäne, [55f0acba0d6f8aac796ae0d2b74a44bc],
PUP.Optional.GeForce.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\fd489e8cf7fd4ea1abbfd6139cb6d3390069129.Sandbox.1, In Quarantäne, [55f0acba0d6f8aac796ae0d2b74a44bc],
PUP.Optional.GeForce.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220622912229}, In Quarantäne, [55f0acba0d6f8aac796ae0d2b74a44bc],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\20891, In Quarantäne, [76cf6afc6517989e389a325d62a14db3],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21836, In Quarantäne, [52f3ca9cb9c3ef4726acbed1b64d3ac6],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [ba8b491def8d6bcbf1b349741be9c43c],
PUP.Optional.GeForce.A, HKLM\SOFTWARE\WOW6432NODE\Ge-Force, In Quarantäne, [55f0e77f75073204ec0c25add430b34d],
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\mystartsearchSoftware, In Quarantäne, [7dc8a5c1e19b8ea84b7cf26c956eae52],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, In Quarantäne, [a1a481e57efe0630a46595e0ea198e72],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\20891, In Quarantäne, [1b2ab5b173095adc933fddb230d30af6],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\21836, In Quarantäne, [4cf98dd9027adf570fc3672835ce04fc],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [de671f47ed8f0234e4c0e8d56f95b050],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, In Quarantäne, [cd78bda95725fe3830c85084a4600ff1],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, In Quarantäne, [61e4d98d2c50ca6c46b32ca8f70dde22],
PUP.Optional.Sense.A, HKLM\SOFTWARE\WOW6432NODE\SENSE\IE, In Quarantäne, [f64f4f17e795dd591694a5f354af8080],
PUP.Optional.ObjectBrowser.A, HKLM\SOFTWARE\WOW6432NODE\SENSE\INSTALLER, In Quarantäne, [ee57b5b1b1cbd4624f6e711f37cc3cc4],
PUP.Optional.VOPackage.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SERVERVO, In Quarantäne, [b88d99cda2da71c5ab85a3b9f211c838],
PUP.Optional.GeForce.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Ge-Force, In Quarantäne, [df66c3a39ddf6accad4d973b9b698d73],
PUP.Optional.GeForce.A, HKU\S-1-5-21-3543611772-1706178384-50430059-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Ge-Force, In Quarantäne, [c67f75f17efe37ff6199f8da2cd8d42c],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3543611772-1706178384-50430059-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\20891, In Quarantäne, [d075e185532943f3e4ff82e6ba49a35d],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3543611772-1706178384-50430059-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21836, In Quarantäne, [83c2e48284f8ea4c5d86d098ce35a060],
PUP.Optional.iWebar.A, HKU\S-1-5-21-3543611772-1706178384-50430059-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\iWebar, In Quarantäne, [380d66003646af877f5c51473cc7629e],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3543611772-1706178384-50430059-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Object Browser, In Quarantäne, [b78ef373205c2d092ef67e49e02430d0],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, In Quarantäne, [1530d096c4b81c1a517443fa4bb89e62],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, In Quarantäne, [1530d096c4b81c1a517443fa4bb89e62],
PUP.Optional.ShopperPro, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}, In Quarantäne, [f550e77f38448fa76599c3bd3bca29d7],
PUP.Optional.ShopperPro, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}, In Quarantäne, [f550e77f38448fa76599c3bd3bca29d7],
PUP.Optional.ShopperPro, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}, In Quarantäne, [f550e77f38448fa76599c3bd3bca29d7],

Registrierungswerte: 3
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, In Quarantäne, [a1a481e57efe0630a46595e0ea198e72]
PUP.Optional.ObjectBrowser.A, HKLM\SOFTWARE\WOW6432NODE\SENSE\INSTALLER|BundledIe, 1, In Quarantäne, [ee57b5b1b1cbd4624f6e711f37cc3cc4]
PUP.Optional.VOPackage.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SERVERVO|ImagePath, C:\Users\niki\AppData\Roaming\VOPackage\VOsrv.exe, In Quarantäne, [b88d99cda2da71c5ab85a3b9f211c838]

Registrierungsdaten: 8
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.mystartsearch.com/?type=hp&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX),Ersetzt,[e263dd894b3146f045d60577669f4ab6]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[9ea74c1a225ad75f7ae87a004db8d729]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.mystartsearch.com/web/?type=ds&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/web/?type=ds&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX&q={searchTerms}),Ersetzt,[32135c0aaad264d24b3b1e5015f0758b]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.mystartsearch.com/?type=hp&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX),Ersetzt,[9ca984e25d1f69cdb1d491dd5fa66b95]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.mystartsearch.com/?type=hp&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX),Ersetzt,[7bca2c3a91eb47ef35e69be137ceca36]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.mystartsearch.com/web/?type=ds&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/web/?type=ds&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX&q={searchTerms}),Ersetzt,[2c19e38380fc0e28226529450ff603fd]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[3213baacc0bc96a0d58da6d412f314ec]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-3543611772-1706178384-50430059-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.mystartsearch.com/?type=hp&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX),Ersetzt,[90b53e2895e742f4ae6be09c07fef907]

Ordner: 9
PUP.Optional.VOPackage, C:\Users\niki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage, In Quarantäne, [f253d19554288fa7006c551fd330be42],
PUP.Optional.Sense.A, C:\Program Files (x86)\Sense, In Quarantäne, [1d28e581502c1a1cd2d6a8f0758e7090],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update, In Quarantäne, [1530d096c4b81c1a517443fa4bb89e62],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0, In Quarantäne, [1530d096c4b81c1a517443fa4bb89e62],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download, In Quarantäne, [1530d096c4b81c1a517443fa4bb89e62],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Install, In Quarantäne, [1530d096c4b81c1a517443fa4bb89e62],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline, In Quarantäne, [1530d096c4b81c1a517443fa4bb89e62],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline\{C1E42259-CE68-4EC0-8515-7C1EB0D71EB3}, In Quarantäne, [1530d096c4b81c1a517443fa4bb89e62],
PUP.Optional.GeForce.A, C:\Program Files (x86)\Ge-Force, In Quarantäne, [2b1a115589f3cd69b0babe8016edd62a],

Dateien: 41
PUP.Optional.Nova.A, C:\Program Files (x86)\Sense\a9a731a1-b1aa-43cd-b91b-9d6434828819.dll, In Quarantäne, [1e27dc8a552751e5716bac4fd22fa957],
PUP.Optional.Sense.A, C:\Program Files (x86)\Sense\Sense-bho.dll, In Quarantäne, [ce77ca9cbfbde056763782e75ca5bc44],
PUP.Optional.GeForce.A, C:\Program Files (x86)\Ge-Force\Ge-Force-bho.dll, In Quarantäne, [55f0acba0d6f8aac796ae0d2b74a44bc],
PUP.Optional.SearchProtect.A, C:\Users\niki\AppData\Local\Temp\utt8875.tmp.exe, In Quarantäne, [65e0194d6616d85e56f1128ef20fd828],
PUP.Optional.MyStartSearch.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\mystartsearch.xml, In Quarantäne, [dc69aeb8a3d9072f1fa6e27cce3542be],
PUP.Optional.ShopperPro, C:\Windows\System32\Tasks\ShopperPro, In Quarantäne, [4ef7c79f641871c53b84f57b907322de],
PUP.Optional.ShopperPro, C:\Windows\System32\Tasks\ShopperProJSUpd, In Quarantäne, [9fa61551502c092d526eea86bd467b85],
PUP.Optional.ShopperPro, C:\Windows\System32\Tasks\SPDriver, In Quarantäne, [a89dabbb4c3039fdf5ccc9a7e3207090],
PUP.Optional.VOPackage, C:\Users\niki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage\Configure.lnk, In Quarantäne, [f253d19554288fa7006c551fd330be42],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\bc348f0e-6339-41bb-b1fa-50b586255ea4-2, In Quarantäne, [68dde58143397eb8b252bfb6d82b1ee2],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\bc348f0e-6339-41bb-b1fa-50b586255ea4-6, In Quarantäne, [281dfb6b97e53ef87a8a6c092fd422de],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\cb5767e0-25a7-441c-9384-f5e5d9c0a9f3-2, In Quarantäne, [65e0f86e4a32f1458d77f58026dd9e62],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\cb5767e0-25a7-441c-9384-f5e5d9c0a9f3-6, In Quarantäne, [93b251153d3f191d32d2da9be41f17e9],
PUP.Optional.Sense.A, C:\Program Files (x86)\Sense\background.html, In Quarantäne, [1d28e581502c1a1cd2d6a8f0758e7090],
PUP.Optional.Sense.A, C:\Program Files (x86)\Sense\39ae332b-1d81-4f1d-aba0-49ed80c055ee.dll, In Quarantäne, [1d28e581502c1a1cd2d6a8f0758e7090],
PUP.Optional.Sense.A, C:\Program Files (x86)\Sense\bc348f0e-6339-41bb-b1fa-50b586255ea4.xpi, In Quarantäne, [1d28e581502c1a1cd2d6a8f0758e7090],
PUP.Optional.Sense.A, C:\Program Files (x86)\Sense\bgNova.html, In Quarantäne, [1d28e581502c1a1cd2d6a8f0758e7090],
PUP.Optional.Sense.A, C:\Program Files (x86)\Sense\Sense-buttonutil.dll, In Quarantäne, [1d28e581502c1a1cd2d6a8f0758e7090],
PUP.Optional.Sense.A, C:\Program Files (x86)\Sense\Sense-buttonutil64.dll, In Quarantäne, [1d28e581502c1a1cd2d6a8f0758e7090],
PUP.Optional.Sense.A, C:\Program Files (x86)\Sense\Sense.ico, In Quarantäne, [1d28e581502c1a1cd2d6a8f0758e7090],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\bc348f0e-6339-41bb-b1fa-50b586255ea4-2.job, In Quarantäne, [024368fef5876ec8494bdff308fc9f61],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\bc348f0e-6339-41bb-b1fa-50b586255ea4-6.job, In Quarantäne, [2520a7bf671556e0e6ae953d21e30df3],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\cb5767e0-25a7-441c-9384-f5e5d9c0a9f3-2.job, In Quarantäne, [72d3382e700c1422454fba18a55fa957],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\cb5767e0-25a7-441c-9384-f5e5d9c0a9f3-6.job, In Quarantäne, [360ff86e27557db9bfd526ac788c5ea2],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, In Quarantäne, [ed5874f2abd1c175ffab15bd64a09f61],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, In Quarantäne, [1c29392d85f74aeceebd70625da7ca36],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, In Quarantäne, [58ed4d199be1b87e83297161699bd52b],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, In Quarantäne, [8bbae086720abd791c9131a148bc8c74],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, In Quarantäne, [1530d096c4b81c1a517443fa4bb89e62],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll, In Quarantäne, [1530d096c4b81c1a517443fa4bb89e62],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, In Quarantäne, [1530d096c4b81c1a517443fa4bb89e62],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll, In Quarantäne, [1530d096c4b81c1a517443fa4bb89e62],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll, In Quarantäne, [1530d096c4b81c1a517443fa4bb89e62],
PUP.Optional.GeForce.A, C:\Program Files (x86)\Ge-Force\cb5767e0-25a7-441c-9384-f5e5d9c0a9f3.xpi, In Quarantäne, [2b1a115589f3cd69b0babe8016edd62a],
PUP.Optional.GeForce.A, C:\Program Files (x86)\Ge-Force\background.html, In Quarantäne, [2b1a115589f3cd69b0babe8016edd62a],
PUP.Optional.GeForce.A, C:\Program Files (x86)\Ge-Force\bgNova.html, In Quarantäne, [2b1a115589f3cd69b0babe8016edd62a],
PUP.Optional.GeForce.A, C:\Program Files (x86)\Ge-Force\Ge-Force-buttonutil.dll, In Quarantäne, [2b1a115589f3cd69b0babe8016edd62a],
PUP.Optional.GeForce.A, C:\Program Files (x86)\Ge-Force\Ge-Force-buttonutil64.dll, In Quarantäne, [2b1a115589f3cd69b0babe8016edd62a],
PUP.Optional.GeForce.A, C:\Program Files (x86)\Ge-Force\Ge-Force.ico, In Quarantäne, [2b1a115589f3cd69b0babe8016edd62a],
PUP.Optional.Trovi.A, C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (  "homepage": "hxxp://www.trovi.com/?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=M6D5A8316-A292-439D-AE69-FC6F76933AE9&SearchSource=55&CUI=&UM=6&UP=SP6F7C34BB-0232-4423-82D0-DFBE3AAB5B94&SSPV=",), Ersetzt,[a79e184e087492a4e4478c2726df8a76]
PUP.Optional.CrossRider.A, C:\Users\niki\AppData\Roaming\Mozilla\Firefox\Profiles\oy1et1va.default-1412713448957\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "14a7275dc459337b4164fb1bc6635cbd");), Ersetzt,[d372e18581fbf541314312a106ff39c7]

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)


Code:
# AdwCleaner v4.106 - Bericht erstellt am 25/12/2014 um 11:29:38
# Aktualisiert 21/12/2014 von Xplode
# Database : 2014-12-21.4 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : xxx
# Gestartet von : C:\Users\niki\Downloads\Adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : globalUpdatem
[#] Dienst Gelöscht : sbmntr

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Users\niki\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\niki\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\niki\AppData\Roaming\SkypEmoticons
Ordner Gelöscht : C:\Users\niki\AppData\Roaming\Solvusoft
Ordner Gelöscht : C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\niki\AppData\Roaming\Mozilla\Firefox\Profiles\oy1et1va.default-1412713448957\searchplugins\ask-search.xml

***** [ Tasks ] *****

Task Gelöscht : ShopperPro
Task Gelöscht : ShopperProJSUpd
Task Gelöscht : SMupdate1
Task Gelöscht : SPDriver
Task Gelöscht : YTDownloader

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Sense
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\Sense
Schlüssel Gelöscht : HKLM\SOFTWARE\Upt
Schlüssel Gelöscht : HKLM\SOFTWARE\WinUpd
Schlüssel Gelöscht : HKLM\SOFTWARE\RST
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{842C4394-47F7-60DE-480B-C09116B63559}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\ShopperPro
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Upt
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\WinUpd
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\RST
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\YTDownloader

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 de)

[oy1et1va.default-1412713448957\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "mystartsearch");
[oy1et1va.default-1412713448957\prefs.js] - Zeile gelöscht : user_pref("extensions.crossrider.bic", "14a7275dc459337b4164fb1bc6635cbd");
[oy1et1va.default-1412713448957\prefs.js] - Zeile gelöscht : user_pref("extensions.rRHf9AFTWQPEhA4R.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[oy1et1va.default-1412713448957\prefs.js] - Zeile gelöscht : user_pref("extensions.yPvUIAujhR8bjbib.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]

-\\ Google Chrome v39.0.2171.95

[C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX&q={searchTerms}
[C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX&q={searchTerms}
[C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX&q={searchTerms}
[C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX&q={searchTerms}
[C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : gkojfkhlekighikafcpjkiklfbnlmeio
[C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Startup_URLs] : hxxp://www.mystartsearch.com/?type=hp&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX
[C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Startup_URLs] : hxxp://www.mystartsearch.com/?type=hp&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX

*************************

AdwCleaner[R0].txt - [4247 octets] - [07/10/2014 21:37:32]
AdwCleaner[R1].txt - [10409 octets] - [25/12/2014 11:28:12]
AdwCleaner[S0].txt - [4108 octets] - [07/10/2014 21:38:15]
AdwCleaner[S1].txt - [10209 octets] - [25/12/2014 11:29:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [10270 octets] ##########

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Professional x64
Ran by niki on 25.12.2014 at 11:39:45,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\niki\AppData\Roaming\mozilla\firefox\profiles\oy1et1va.default-1412713448957\prefs.js

user_pref("extensions.rRHf9AFTWQPEhA4R.url", "hxxp://getsyncer5.info/sync2/?q=hfZ9ofV9CShEAen0rHC6tMqLDe49CNU0nlnMCMlNhd9FqdwGrjUFqTs7rTCMBzqUojw9rjsFpjw7rTYFrih7hfs0pihPBMn0q
Emptied folder: C:\Users\niki\AppData\Roaming\mozilla\firefox\profiles\oy1et1va.default-1412713448957\minidumps [31 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.12.2014 at 11:46:13,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-12-2014
Ran by niki (administrator) on NIKI-PC on 25-12-2014 11:58:11
Running from C:\Users\niki\Downloads
Loaded Profile: niki (Available profiles: niki)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
() C:\Users\niki\AppData\Local\privacyrubyBckp\privacyrubyBckp.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Dropbox, Inc.) C:\Users\niki\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Windows\SysWOW64\addonwordRecovery\addonwordRecovery.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-05] (IDT, Inc.)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4805936 2012-08-23] (Intel(R) Corporation)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [371024 2013-03-05] (Wave Systems Corp.)
HKLM\...\Run: [DFEPApplication] => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-15] (Dell Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [132920 2013-05-31] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [371896 2012-05-23] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-12-22] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [468192 2014-10-15] (Sony)
AppInit_DLLs-x32: c:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => c:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257208 2012-05-23] (Citrix Systems, Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\niki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\niki\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\niki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3543611772-1706178384-50430059-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:56075;https=127.0.0.1:56075
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-AT&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fwww.google.com&OSP=
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3543611772-1706178384-50430059-1000 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPEB9455D2-AB5B-47BB-BF9B-73864E11D0B5&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3543611772-1706178384-50430059-1000 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-3543611772-1706178384-50430059-1000 -> {54C23A79-90E0-473C-B392-F0789B7170A7} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\niki\AppData\Roaming\Mozilla\Firefox\Profiles\oy1et1va.default-1412713448957
FF Homepage: www.orf.at
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*'))%20%7B%20return%20'PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\niki\AppData\Roaming\Mozilla\Firefox\Profiles\oy1et1va.default-1412713448957\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-22]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Users\niki\AppData\Roaming\Mozilla\Firefox\Profiles\oy1et1va.default-1412713448957\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [Not Found]
FF Extension: No Name - wrc@avast.com [Not Found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-01]
CHR Extension: (Google Drive) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-15]
CHR Extension: (YouTube) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-01]
CHR Extension: (Adblock Plus) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-08]
CHR Extension: (Google-Suche) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-01]
CHR Extension: (Hola Better Internet Engine) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbfmioobedknooiakdehepogalbgkng [2014-10-08]
CHR Extension: (ZenMate) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-10-08]
CHR Extension: (Avast Online Security) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-22]
CHR Extension: (Google Wallet) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]
CHR Extension: (Google Mail) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-01]
CHR Extension: (BuyNsaave) - C:\ProgramData\lkffhhbainjiheccppdedpnljkkfcaii\ [2013-10-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 addonwordRecovery; C:\Windows\SysWOW64\addonwordRecovery\addonwordRecovery.exe [69120 2014-11-04] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-22] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-22] (Avast Software)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [163840 2011-12-01] (Broadcom Corporation) [File not signed]
R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-15] (Dell Inc.)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [231792 2013-03-11] ()
R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [163840 2007-12-17] (SEIKO EPSON CORPORATION) [File not signed]
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [126464 2007-01-11] (SEIKO EPSON CORPORATION) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-05-23] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-31] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [21504 2013-01-21] (Dell, Inc.) [File not signed]
R2 privacyrubyBckp.exe; C:\Users\niki\AppData\Local\privacyrubyBckp\privacyrubyBckp.exe [165376 2014-11-04] () [File not signed]
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-05-23] ()
S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] () [File not signed]
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1773056 2013-02-26] (Wave Systems Corp.) [File not signed]
S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254824 2013-03-08] (Wave Systems Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-22] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-22] ()
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2013-09-17] (Broadcom Corporation.)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-09-28] (Sony Mobile Communications)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-05-23] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-05-23] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-10] (Windows (R) Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [270728 2014-12-22] (Avast Software)
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-10] (Windows (R) Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-25 11:58 - 2014-12-25 11:58 - 00033586 _____ () C:\Users\niki\Downloads\FRST.txt
2014-12-25 11:57 - 2014-12-25 11:58 - 02122240 _____ (Farbar) C:\Users\niki\Downloads\FRST64.exe
2014-12-25 11:46 - 2014-12-25 11:46 - 00001141 _____ () C:\Users\niki\Desktop\JRT.txt
2014-12-25 11:39 - 2014-12-25 11:39 - 00000000 ____D () C:\Windows\ERUNT
2014-12-25 11:38 - 2014-12-25 11:38 - 00010383 _____ () C:\Users\niki\Desktop\AdwCleaner[S1].txt
2014-12-25 11:35 - 2014-12-25 11:35 - 00000197 _____ () C:\Windows\system32\2014-12-25-10-35-34.031-AvastVBoxSVC.exe-6792.log
2014-12-25 11:26 - 2014-12-25 11:26 - 00022185 _____ () C:\Users\niki\Desktop\mbam.txt
2014-12-25 11:20 - 2014-12-25 11:21 - 01707646 _____ (Thisisu) C:\Users\niki\Downloads\JRT.exe
2014-12-25 11:19 - 2014-12-25 11:19 - 00000793 _____ () C:\Users\niki\Desktop\Adware Cleaner.lnk
2014-12-25 11:18 - 2014-12-25 11:19 - 02173952 _____ () C:\Users\niki\Downloads\AdwCleaner_4.106.exe
2014-12-25 11:12 - 2014-12-25 11:12 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-25 11:11 - 2014-12-25 11:11 - 00000197 _____ () C:\Windows\system32\2014-12-25-10-11-25.044-AvastVBoxSVC.exe-6628.log
2014-12-24 01:12 - 2014-12-24 01:12 - 00000197 _____ () C:\Windows\system32\2014-12-24-00-12-00.009-AvastVBoxSVC.exe-4804.log
2014-12-24 00:52 - 2014-12-25 11:33 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-24 00:50 - 2014-12-24 00:50 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\niki\Downloads\mbam-setup-2.0.4.1028(1).exe
2014-12-24 00:50 - 2014-12-24 00:50 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-24 00:50 - 2014-12-24 00:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-24 00:50 - 2014-12-24 00:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-24 00:50 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-24 00:50 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-24 00:50 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-24 00:45 - 2014-12-24 00:46 - 00000197 _____ () C:\Windows\system32\2014-12-23-23-45-58.009-AvastVBoxSVC.exe-2284.log
2014-12-23 13:54 - 2014-12-23 13:54 - 00000197 _____ () C:\Windows\system32\2014-12-23-12-54-35.069-AvastVBoxSVC.exe-5060.log
2014-12-23 10:25 - 2014-12-23 10:26 - 00000197 _____ () C:\Windows\system32\2014-12-23-09-25-48.008-AvastVBoxSVC.exe-2544.log
2014-12-23 01:50 - 2014-12-23 01:50 - 00000197 _____ () C:\Windows\system32\2014-12-23-00-50-19.037-AvastVBoxSVC.exe-4204.log
2014-12-23 01:49 - 2014-12-23 01:49 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2014-12-23 01:29 - 2014-12-23 01:34 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2014-12-23 01:07 - 2014-12-23 01:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-23 01:05 - 2014-12-23 01:06 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\niki\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-23 01:03 - 2014-12-23 01:03 - 02173952 _____ () C:\Users\niki\Downloads\Adwcleaner.exe
2014-12-23 00:59 - 2014-12-23 00:59 - 00045264 _____ () C:\Users\niki\Desktop\combofix.txt
2014-12-23 00:59 - 2014-12-23 00:59 - 00045264 _____ () C:\ComboFix.txt
2014-12-23 00:54 - 2014-12-23 00:55 - 00000197 _____ () C:\Windows\system32\2014-12-22-23-54-55.009-AvastVBoxSVC.exe-3808.log
2014-12-23 00:34 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-23 00:34 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-23 00:34 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-23 00:34 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-23 00:34 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-23 00:34 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-23 00:34 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-23 00:34 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-23 00:26 - 2014-12-23 00:59 - 00000000 ____D () C:\Qoobox
2014-12-23 00:25 - 2014-12-23 00:56 - 00000000 ____D () C:\Windows\erdnt
2014-12-23 00:24 - 2014-12-23 00:24 - 05601641 ____R (Swearware) C:\Users\niki\Desktop\ComboFix.exe
2014-12-23 00:20 - 2014-12-23 00:20 - 00000197 _____ () C:\Windows\system32\2014-12-22-23-20-56.000-AvastVBoxSVC.exe-5036.log
2014-12-22 23:42 - 2014-12-22 23:42 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\niki\Downloads\revosetup95.exe
2014-12-22 23:42 - 2014-12-22 23:42 - 00001266 _____ () C:\Users\niki\Desktop\Revo Uninstaller.lnk
2014-12-22 23:42 - 2014-12-22 23:42 - 00000197 _____ () C:\Windows\system32\2014-12-22-22-42-15.013-AvastVBoxSVC.exe-6580.log
2014-12-22 23:42 - 2014-12-22 23:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-22 21:45 - 2014-12-22 21:45 - 00002994 _____ () C:\Windows\System32\Tasks\{091C3AE4-4A64-4D2A-B31B-001F94FDC6A5}
2014-12-22 21:43 - 2014-12-22 21:43 - 00002994 _____ () C:\Windows\System32\Tasks\{388D4750-7C5F-4043-82A8-FE25657BA4E2}
2014-12-22 21:42 - 2014-12-22 21:42 - 00002994 _____ () C:\Windows\System32\Tasks\{06D9274E-2A91-479A-B77F-073D0CA62E8C}
2014-12-22 20:56 - 2014-12-22 20:56 - 05601641 _____ (Swearware) C:\Users\niki\Downloads\ComboFix.exe
2014-12-22 20:26 - 2014-12-22 20:26 - 00104857 _____ () C:\Users\niki\Desktop\gmer.txt
2014-12-22 20:16 - 2014-12-22 20:16 - 00380416 _____ () C:\Users\niki\Downloads\Gmer-19357.exe
2014-12-22 20:14 - 2014-12-22 20:14 - 00000470 _____ () C:\Users\niki\Downloads\defogger_disable.log
2014-12-22 20:14 - 2014-12-22 20:14 - 00000000 _____ () C:\Users\niki\defogger_reenable
2014-12-22 20:13 - 2014-12-22 20:13 - 00050477 _____ () C:\Users\niki\Downloads\Defogger.exe
2014-12-22 20:04 - 2014-12-22 20:04 - 00000197 _____ () C:\Windows\system32\2014-12-22-19-04-13.093-AvastVBoxSVC.exe-6652.log
2014-12-22 19:28 - 2014-12-22 19:28 - 00000197 _____ () C:\Windows\system32\2014-12-22-18-28-22.005-AvastVBoxSVC.exe-5540.log
2014-12-22 19:26 - 2014-12-25 11:58 - 00000000 ____D () C:\FRST
2014-12-22 19:16 - 2014-12-22 19:16 - 00000197 _____ () C:\Windows\system32\2014-12-22-18-16-36.048-AvastVBoxSVC.exe-6504.log
2014-12-22 16:18 - 2014-12-22 16:19 - 00000247 _____ () C:\Windows\system32\2014-12-22-15-18-59.012-aswFe.exe-7420.log
2014-12-22 16:07 - 2014-12-22 16:18 - 00000247 _____ () C:\Windows\system32\2014-12-22-15-07-28.049-aswFe.exe-6208.log
2014-12-22 16:07 - 2014-12-22 16:07 - 00000197 _____ () C:\Windows\system32\2014-12-22-15-07-22.084-AvastVBoxSVC.exe-4212.log
2014-12-22 15:46 - 2014-12-22 15:46 - 00000247 _____ () C:\Windows\system32\2014-12-22-14-46-02.063-aswFe.exe-1256.log
2014-12-22 15:45 - 2014-12-22 15:45 - 00000197 _____ () C:\Windows\system32\2014-12-22-14-45-47.088-AvastVBoxSVC.exe-2912.log
2014-12-22 15:29 - 2014-12-23 00:43 - 00000000 ____D () C:\Program Files (x86)\e91ebb45-cfb2-49e2-b57a-d08f383054c5
2014-12-22 15:29 - 2014-12-23 00:43 - 00000000 ____D () C:\Program Files (x86)\bcfe1426-2038-4631-81a6-6e318fe3ee7e
2014-12-22 15:29 - 2014-12-22 15:29 - 00000247 _____ () C:\Windows\system32\2014-12-22-14-29-04.016-aswFe.exe-8556.log
2014-12-22 15:28 - 2014-12-22 15:29 - 00003568 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2014-12-22 15:28 - 2014-12-22 15:28 - 00000197 _____ () C:\Windows\system32\2014-12-22-14-28-45.064-AvastVBoxSVC.exe-5512.log
2014-12-22 15:22 - 2014-12-22 15:39 - 00000000 ____D () C:\Users\niki\AppData\Local\privacyrubyBckp
2014-12-22 15:22 - 2014-12-22 15:22 - 00000000 ____D () C:\Windows\SysWOW64\addonwordRecovery
2014-12-22 15:13 - 2014-12-22 15:13 - 00000000 ____D () C:\Users\niki\AppData\Roaming\AVAST Software
2014-12-22 15:12 - 2014-12-25 11:33 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-22 15:12 - 2014-12-22 15:12 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-22 15:12 - 2014-12-22 15:12 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-22 15:12 - 2014-12-22 15:12 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00001966 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-22 15:12 - 2014-12-22 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-22 15:11 - 2014-12-22 15:11 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-22 13:53 - 2014-12-22 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-22 13:50 - 2014-12-22 13:50 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-12-22 13:48 - 2014-12-22 13:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-12-22 13:46 - 2014-12-22 13:48 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-12-22 13:46 - 2014-12-22 13:46 - 00000000 ____D () C:\Windows\PCHEALTH
2014-12-22 13:43 - 2014-12-22 13:43 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-12-22 13:43 - 2014-12-22 13:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-12-22 13:42 - 2014-12-22 13:46 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-12-22 13:42 - 2014-12-22 13:42 - 00000000 ___RD () C:\MSOCache
2014-12-22 13:24 - 2014-12-22 13:24 - 00000000 ____D () C:\Users\niki\AppData\Local\WinZip
2014-12-22 13:23 - 2014-12-22 13:23 - 00002197 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-12-22 13:23 - 2014-12-22 13:23 - 00002191 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-12-22 13:23 - 2014-12-22 13:23 - 00000000 ____D () C:\ProgramData\WinZip
2014-12-22 13:23 - 2014-12-22 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-12-22 13:23 - 2014-12-22 13:23 - 00000000 ____D () C:\Program Files\WinZip
2014-12-22 13:02 - 2014-12-22 13:02 - 00000247 _____ () C:\Windows\system32\2014-12-22-12-02-23.023-aswFe.exe-4360.log
2014-12-22 12:52 - 2014-12-22 13:01 - 00000247 _____ () C:\Windows\system32\2014-12-22-11-52-54.069-aswFe.exe-4060.log
2014-12-22 12:52 - 2014-12-22 12:52 - 00000197 _____ () C:\Windows\system32\2014-12-22-11-52-44.044-AvastVBoxSVC.exe-4420.log
2014-12-22 12:38 - 2014-12-22 12:38 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-12-22 12:38 - 2014-12-22 12:38 - 00000000 ____D () C:\Windows\system32\vbox
2014-12-22 12:36 - 2014-12-22 12:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-12-22 12:36 - 2014-12-22 12:36 - 00000000 ____D () C:\Program Files\7-Zip
2014-12-22 12:30 - 2014-12-22 15:11 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-22 11:45 - 2014-12-22 11:45 - 00000000 ____D () C:\Bak
2014-12-20 17:52 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141220-175253.backup
2014-12-20 17:41 - 2014-12-23 00:50 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-20 17:41 - 2014-12-23 00:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-20 17:41 - 2014-12-20 17:41 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-12-19 17:25 - 2014-12-19 17:25 - 00000000 ____D () C:\ProgramData\lkffhhbainjiheccppdedpnljkkfcaii
2014-12-19 17:25 - 2014-12-19 17:25 - 00000000 ____D () C:\Program Files (x86)\BuyNsaave
2014-12-18 13:41 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 13:41 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 08:14 - 2014-12-17 08:14 - 00000000 ____D () C:\Users\niki\Documents\Bluetooth-Exchange-Ordner
2014-12-16 21:45 - 2014-12-23 14:20 - 00000000 ____D () C:\Users\niki\Documents\Outlook-Dateien
2014-12-14 22:06 - 2014-12-23 01:31 - 00000000 ____D () C:\Users\niki\AppData
2014-12-10 22:56 - 2014-12-10 22:56 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 22:49 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 22:49 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 22:05 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 22:05 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 22:05 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 22:05 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 22:05 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 22:05 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 22:05 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 22:05 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 22:05 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 22:05 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 22:05 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 22:05 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 22:05 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 22:05 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 22:05 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 22:05 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 22:05 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 22:05 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 22:05 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 22:05 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 22:05 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 22:05 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 22:05 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 22:05 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 22:05 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 22:05 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 22:05 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 22:05 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 22:05 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 22:05 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 22:05 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 22:05 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 22:05 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 22:05 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 22:05 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 22:05 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 22:05 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 22:05 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 22:05 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 22:05 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 22:05 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 22:05 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 22:05 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 22:05 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 22:05 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 22:05 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 22:05 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 22:05 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 22:05 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 22:05 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 22:05 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 22:05 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 22:05 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 22:05 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 22:05 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 22:05 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 22:05 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 22:05 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 22:05 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 22:05 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 22:05 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 22:05 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 22:05 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 22:05 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 22:05 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 22:04 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 22:04 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 22:04 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 22:04 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 22:04 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 22:04 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 22:04 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 22:04 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 22:04 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 22:04 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 22:04 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 22:04 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 22:04 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 22:04 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 19:56 - 2014-12-09 19:56 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-09 19:27 - 2014-12-22 22:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-04 11:24 - 2014-12-04 13:32 - 00001064 _____ () C:\Users\niki\Desktop\Adobe Bridge CC (64bit).lnk
2014-12-03 18:27 - 2014-12-16 21:39 - 00000000 ____D () C:\Users\niki\Documents\Adobe
2014-12-03 10:58 - 2014-12-03 10:58 - 00001032 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CC (64bit).lnk
2014-12-03 10:23 - 2014-12-03 10:23 - 00003498 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-niki-PC-niki
2014-12-03 10:23 - 2014-12-03 10:23 - 00000000 ____D () C:\Users\niki\AppData\Roaming\PDAppFlex
2014-12-01 23:33 - 2014-12-20 17:55 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-12-01 23:27 - 2014-12-20 17:57 - 00000000 ____D () C:\Program Files\Adobe
2014-12-01 23:22 - 2014-12-03 10:57 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-01 23:17 - 2014-12-01 23:17 - 00000000 ___RD () C:\Users\niki\Creative Cloud Files
2014-12-01 23:14 - 2014-12-01 23:23 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-01 23:14 - 2014-12-01 23:14 - 00001311 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-12-01 23:14 - 2014-12-01 23:14 - 00001299 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-11-27 19:43 - 2014-12-02 00:11 - 00000000 ____D () C:\Users\niki\AppData\Roaming\fotoCharlyBestellsoftware
2014-11-27 19:43 - 2014-11-27 19:45 - 00000000 ____D () C:\Program Files (x86)\fotoCharlyBestellsoftware
2014-11-27 19:43 - 2014-11-27 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fotoCharly Bestellsoftware
2014-11-25 17:21 - 2014-11-25 17:21 - 00000000 ____D () C:\Users\niki\AppData\Roaming\IsolatedStorage
2014-11-25 17:21 - 2014-11-25 17:21 - 00000000 ____D () C:\Users\niki\AppData\Local\FileViewPro
2014-11-25 17:21 - 2014-11-25 17:21 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-11-25 17:17 - 2014-11-25 17:17 - 00000000 ____D () C:\Spacekace

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-25 11:56 - 2013-09-17 21:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-25 11:52 - 2014-11-03 19:18 - 00005014 _____ () C:\Windows\System32\Tasks\WSCEAA
2014-12-25 11:41 - 2013-10-23 21:49 - 00000000 ____D () C:\Users\niki\AppData\Local\Adobe
2014-12-25 11:40 - 2009-07-14 05:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-25 11:40 - 2009-07-14 05:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-25 11:37 - 2013-09-17 21:42 - 01141842 _____ () C:\Windows\WindowsUpdate.log
2014-12-25 11:33 - 2014-01-28 23:19 - 00000000 ___RD () C:\Users\niki\Dropbox
2014-12-25 11:32 - 2014-01-28 23:17 - 00000000 ____D () C:\Users\niki\AppData\Roaming\Dropbox
2014-12-25 11:31 - 2013-10-01 22:18 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-25 11:31 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-25 11:31 - 2009-07-14 05:51 - 00107962 _____ () C:\Windows\setupact.log
2014-12-25 11:30 - 2010-11-21 04:47 - 00680266 _____ () C:\Windows\PFRO.log
2014-12-25 11:29 - 2014-10-07 21:37 - 00000000 ____D () C:\AdwCleaner
2014-12-24 01:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Branding
2014-12-23 00:59 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-23 00:58 - 2010-11-21 07:50 - 00702890 _____ () C:\Windows\system32\perfh007.dat
2014-12-23 00:58 - 2010-11-21 07:50 - 00150498 _____ () C:\Windows\system32\perfc007.dat
2014-12-23 00:58 - 2009-07-14 06:13 - 01628108 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-23 00:53 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-23 00:43 - 2014-04-27 11:35 - 00000000 ____D () C:\Program Files (x86)\Adobe Download Assistant
2014-12-22 23:38 - 2013-09-30 13:55 - 00111936 _____ () C:\Users\niki\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-22 23:37 - 2009-07-14 05:45 - 00437640 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-22 22:38 - 2013-09-30 15:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-22 22:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-22 22:37 - 2009-07-14 03:34 - 00000612 _____ () C:\Windows\win.ini
2014-12-22 22:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-22 20:14 - 2013-09-30 13:54 - 00000000 ____D () C:\Users\niki
2014-12-22 15:28 - 2013-10-31 17:06 - 00000000 ____D () C:\Users\niki\AppData\Local\CrashDumps
2014-12-22 15:21 - 2013-11-05 21:21 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-12-22 13:51 - 2010-11-21 08:00 - 00000000 ____D () C:\Windows\ShellNew
2014-12-22 13:32 - 2013-09-17 22:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-12-22 13:32 - 2013-09-17 22:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-12-22 12:52 - 2013-09-30 13:54 - 00000000 ____D () C:\Users\niki\AppData\Local\VirtualStore
2014-12-22 11:57 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-20 17:57 - 2013-10-23 21:50 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-16 21:46 - 2013-12-03 13:10 - 00000000 ____D () C:\Users\niki\Documents\Privat
2014-12-16 21:39 - 2013-10-02 17:03 - 00000000 ____D () C:\Users\niki\Documents\Diverses
2014-12-16 21:37 - 2013-10-13 15:35 - 00000000 ____D () C:\Users\niki\Documents\Medizin
2014-12-16 10:52 - 2013-10-01 22:23 - 00000000 ____D () C:\Users\niki\AppData\Roaming\Skype
2014-12-16 10:51 - 2014-09-22 22:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-16 10:51 - 2013-10-01 22:22 - 00000000 ____D () C:\ProgramData\Skype
2014-12-15 21:03 - 2014-01-28 23:18 - 00000000 ____D () C:\Users\niki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-14 22:57 - 2013-10-13 19:33 - 00000000 ____D () C:\Users\niki\AppData\Roaming\vlc
2014-12-11 11:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-10 22:56 - 2014-05-06 17:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 22:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 22:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 22:54 - 2013-09-30 14:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 22:51 - 2013-09-30 14:31 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 21:55 - 2013-10-01 21:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-10 09:14 - 2013-10-23 21:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 19:56 - 2013-09-17 21:42 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 19:56 - 2013-09-17 21:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 19:56 - 2013-09-17 21:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-03 23:14 - 2014-11-03 13:12 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-03 23:14 - 2014-11-03 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-03 23:13 - 2014-11-03 13:12 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-03 23:13 - 2014-01-21 12:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-03 18:27 - 2013-09-30 13:55 - 00000000 ____D () C:\Users\niki\AppData\Roaming\Adobe
2014-12-02 13:01 - 2014-11-15 13:23 - 00002028 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-12-02 13:01 - 2014-09-28 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-12-02 13:01 - 2013-09-17 14:38 - 00289014 _____ () C:\Windows\DPINST.LOG
2014-12-02 13:00 - 2013-09-17 21:50 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-01 23:27 - 2013-10-23 21:50 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-25 16:24 - 2013-10-23 16:42 - 00000000 ____D () C:\Users\niki\Documents\Juli SKJP

Some content of TEMP:
====================
C:\Users\niki\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr_vlb7.dll
C:\Users\niki\AppData\Local\Temp\Quarantine.exe
C:\Users\niki\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-15 14:54

==================== End Of Log ============================
--- --- ---

niko laus 25.12.2014 22:13
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-12-2014
Ran by niki at 2014-12-25 11:58:54
Running from C:\Users\niki\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Anki (HKLM-x32\...\Anki) (Version:  - )
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec WinBio FingerPrint Software 64-bit (Version: 3.4.2.1016 - AuthenTec, Inc.) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2206 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{0C518F4B-8D5A-47A6-A1E2-B3F371486118}) (Version: 15.2.1.3 - Broadcom Corporation)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4954 - CDBurnerXP)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.1.201.3 - Citrix Systems, Inc.)
Custom (Version: 01.00.00.002 - Wave Systems Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.3.00003.072 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.2.1 - Dell)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 2.3.15502 - Invincea, Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
DellAccess (Version: 01.03.00.078 - Wave Systems Corp.) Hidden
Direkt Foto System 3.x (HKLM-x32\...\fotoCharly3_is1) (Version:  - )
Dropbox (HKU\S-1-5-21-3543611772-1706178384-50430059-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EMBASSY Client Core (Version: 01.03.00.123 - Wave Systems Corp.) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX510W Series Printer Uninstall (HKLM\...\EPSON SX510W Series) (Version:  - SEIKO EPSON Corporation)
ERAS Connector (Version: 02.09.05.0335 - Wave Systems Corp) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.2.13.304 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.29.304 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.29.304 - DVDVideoSoft Ltd.)
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
GemPcCCID (Version: 2.0.1 - Gemalto) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
IBM SPSS Statistics 22 (HKLM-x32\...\{104875A1-D083-4A34-BC4F-3F635B7F8EF7}) (Version: 22.0.0.0 - IBM Corp)
iDump (Freeware) Build:31 (HKLM-x32\...\{E8A602BF-C276-4DB2-A9FF-B4C30EA1CB7C}_is1) (Version:  - Escsoft)
iDump (HKLM-x32\...\{BC1624B0-E919-48FB-BABD-9DEF45270080}) (Version: 2.0.70.0 - EscSoft)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{ECE5B218-A086-4E18-A362-D11181681457}) (Version: 15.03.1000.1637 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mendeley Desktop 1.10.1 (HKLM-x32\...\Mendeley Desktop) (Version: 1.10.1 - Mendeley Ltd.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
O2Micro OZ776 SCR Driver (Version: 2.1.4.223GS - O2Micro) Hidden
O2Micro OZ776 SCR Driver (x32 Version: 2.1.4.223GS - O2Micro) Hidden
Online Plug-in (x32 Version: 13.1.201.3 - Citrix Systems, Inc.) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PBA Driver-x64 (Version: 1.0.1.8 - Dell Inc.) Hidden
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Preboot Manager (Version: 03.05.00.043 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.03.00.032 - Wave Systems Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Self-Service Plug-in (x32 Version: 3.2.0.24226 - Citrix Systems, Inc.) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SI TSS (Version: 2.1.41 - Security Innovation) Hidden
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.13.201409122125 - Sony Mobile Communications AB)
Sony PC Companion 2.10.236 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.236 - Sony)
SPBA (WBF) 5.9 (Version: 5.9.7.7232 - Authentec Inc.) Hidden
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0036 - ST Microelectronics)
toolkit32for64bit (x32 Version: 7.70.13.0001 - Wave Systems Corp) Hidden
Trusted Drive Manager (Version: 5.0.2.24 - Wave Systems Corp.) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Wave Crypto Runtime 2.0.9.0 x64 (Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Crypto Runtime 2.0.9.0 x86 (x32 Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Infrastructure Installer (Version: 07.70.13.0001 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.15.00.024 - Wave Systems Corp) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2410 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3543611772-1706178384-50430059-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\niki\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3543611772-1706178384-50430059-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\niki\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3543611772-1706178384-50430059-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\niki\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3543611772-1706178384-50430059-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\niki\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3543611772-1706178384-50430059-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\niki\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3543611772-1706178384-50430059-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\niki\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3543611772-1706178384-50430059-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\niki\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3543611772-1706178384-50430059-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\niki\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3543611772-1706178384-50430059-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\niki\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

15-12-2014 21:28:03 Windows Update
18-12-2014 14:44:08 Windows Update
19-12-2014 17:10:30 WinZip 19.0 wird installiert
20-12-2014 17:42:54 WinZip 19.0 wird entfernt
21-12-2014 22:21:28 Windows Update
22-12-2014 11:45:29 Installed Microsoft Fix it 50755
22-12-2014 11:53:24 Configured Microsoft Office Professional Plus 2010
22-12-2014 12:03:37 Configured Microsoft Office Professional Plus 2010
22-12-2014 12:30:59 avast! antivirus system restore point
22-12-2014 12:35:15 Installed 7-Zip 9.20 (x64 edition)
22-12-2014 13:03:07 avast! antivirus system restore point
22-12-2014 13:23:00 WinZip 19.0 wird installiert
22-12-2014 13:26:26 Removed Microsoft Office Professional Plus 2010
22-12-2014 13:42:02 Installed Microsoft Office Professional Plus 2013
22-12-2014 13:42:18 PROPLUSR
22-12-2014 15:11:05 avast! antivirus system restore point
22-12-2014 21:55:19 Windows Update
22-12-2014 23:45:23 Revo Uninstaller's restore point - PortStand
22-12-2014 23:48:46 Revo Uninstaller's restore point - Shopper-Pro
22-12-2014 23:50:49 Revo Uninstaller's restore point - YoutubeAdBlooCkee
22-12-2014 23:51:56 Revo Uninstaller's restore point - YTDownloader
22-12-2014 23:52:50 Revo Uninstaller's restore point - YTDownloader
23-12-2014 00:05:25 Revo Uninstaller's restore point - YTDownloader
23-12-2014 00:10:27 Revo Uninstaller's restore point - YTDownloader
23-12-2014 00:14:11 Revo Uninstaller's restore point - YTDownloader
23-12-2014 00:19:38 Revo Uninstaller's restore point - YTDownloader
23-12-2014 01:30:12 Revo Uninstaller's restore point - Search Protect

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-12-23 00:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04166FDF-816A-4EE8-B5E2-6B8BD6945249} - System32\Tasks\WSCEAA => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\WSCEAA.exe [2012-11-28] (Wave Systems Corp.)
Task: {0EDFE922-B81D-43BC-A759-689E17ED6A0D} - System32\Tasks\{06D9274E-2A91-479A-B77F-073D0CA62E8C} => C:\Users\niki\Downloads\RevoUninstallerPortable_1.95_Rev_2.paf.exe
Task: {3462AA27-6810-4930-8BC4-F792B4165633} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4CBD0801-22C5-43A3-B945-DF588E759076} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
Task: {56174748-E9AC-4CB2-8BAC-076EC59AC3DA} - System32\Tasks\{388D4750-7C5F-4043-82A8-FE25657BA4E2} => C:\Users\niki\Downloads\RevoUninstallerPortable_1.95_Rev_2.paf.exe
Task: {628F1F76-104F-436E-B3A5-FE85CF53A43B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {645DF484-9A02-408E-927F-6EC0FA8B4451} - \AutoKMS No Task File <==== ATTENTION
Task: {74656568-B1E6-4A2F-B585-3DD9426229B9} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {749F6378-A7F9-441C-B9F9-13D6D4ADE32D} - System32\Tasks\{091C3AE4-4A64-4D2A-B31B-001F94FDC6A5} => C:\Users\niki\Downloads\RevoUninstallerPortable_1.95_Rev_2.paf.exe
Task: {888C0386-3C26-4C09-9C94-F7CE9F4CFAA8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {961B9A16-853F-4AFD-B849-9E506A1C65A5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-01] (Google Inc.)
Task: {AD6BEC6A-D9C4-406D-B9BE-96B3F04B3E6B} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {AF25970E-BBED-4152-98EB-B7DF646749DC} - System32\Tasks\{25A4A4B2-BB7F-426B-926C-C1EE53FA2B16} => pcalua.exe -a C:\Users\niki\Downloads\epson324758eu(1).exe -d C:\Users\niki\Downloads
Task: {B65A4068-2F34-4643-86AC-B00A7BA6C55B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {B6FED4E6-B2C7-4E61-968E-D265A7BA2813} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-22] (AVAST Software)
Task: {CFF96343-5698-47F4-AE02-BA322122C22B} - System32\Tasks\GoogleUpdateTaskMachineUA1cec849d0b200ed => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-01] (Google Inc.)
Task: {D1A305AB-3E53-470E-B9D1-0F3613DF9A5E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {D25A777F-AF0E-4FE4-8588-F8AD180C3290} - System32\Tasks\AdobeAAMUpdater-1.0-niki-PC-niki => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
Task: {EBEDC150-92EE-4356-A37E-D3612AA7C8FA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {FCE188AC-2FD7-4F94-9052-57E85E3C3279} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cec849d0b200ed.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-03-11 16:05 - 2013-03-11 16:05 - 00231792 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
2013-03-11 16:04 - 2013-03-11 16:04 - 00039280 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\DeviceStatus.dll
2012-05-11 15:47 - 2012-05-11 15:47 - 00003072 _____ () C:\Program Files (x86)\Security Innovation\SI TSS\bin\TspPopup_DEU.dll
2014-12-22 15:22 - 2014-11-04 12:21 - 00165376 _____ () C:\Users\niki\AppData\Local\privacyrubyBckp\privacyrubyBckp.exe
2013-09-17 23:18 - 2012-03-27 04:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-09-28 22:41 - 2014-06-23 08:07 - 00113376 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2014-09-26 14:40 - 2014-09-26 14:40 - 06237856 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-12-22 15:11 - 2014-12-22 15:11 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-22 15:11 - 2014-12-22 15:11 - 05846160 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-12-22 15:22 - 2014-11-04 12:22 - 00069120 _____ () C:\Windows\SysWOW64\addonwordRecovery\addonwordRecovery.exe
2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2014-12-25 11:11 - 2014-12-25 11:11 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122500\algo.dll
2014-12-22 15:12 - 2014-12-22 15:12 - 04491192 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-28 22:41 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2014-09-28 22:41 - 2013-09-13 10:02 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 13:54 - 2011-07-07 13:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2014-09-28 22:41 - 2013-05-20 11:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
2014-09-28 22:41 - 2010-01-11 15:44 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
2014-09-15 15:20 - 2014-09-15 15:20 - 00645120 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\niki\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-25 11:32 - 2014-12-25 11:32 - 00043008 _____ () c:\users\niki\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr_vlb7.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\niki\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\niki\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\niki\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-09-28 21:01 - 2014-09-28 21:01 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2014-12-22 15:12 - 2014-12-22 15:12 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-28 21:01 - 2014-09-28 21:01 - 00746160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2014-09-28 21:01 - 2014-09-28 21:01 - 00136368 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll
2013-09-17 21:51 - 2013-05-14 02:15 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-10-16 10:07 - 2014-10-16 10:07 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\2dace9622c68c6ce58d55a6950eeaa95\IsdiInterop.ni.dll
2013-09-17 21:54 - 2012-05-30 19:55 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-12-09 19:27 - 2014-12-09 19:27 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3204
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3256
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3357

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3543611772-1706178384-50430059-500 - Administrator - Disabled)
Gast (S-1-5-21-3543611772-1706178384-50430059-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3543611772-1706178384-50430059-1002 - Limited - Enabled)
niki (S-1-5-21-3543611772-1706178384-50430059-1000 - Administrator - Enabled) => C:\Users\niki

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-12-23 00:43:09.265
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-12-23 00:43:09.226
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3340M CPU @ 2.70GHz
Percentage of memory in use: 64%
Total physical RAM: 3969.02 MB
Available physical RAM: 1408.1 MB
Total Pagefile: 7936.22 MB
Available Pagefile: 4629.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:453.47 GB) (Free:228.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: D0EBF018)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Vielen Dank,
MfG

schrauber 26.12.2014 16:56

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

niko laus 29.12.2014 13:44
Hallo,

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=535c7edd100b20408acb8fedeff4cc96
# engine=21731
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-28 04:22:15
# local_time=2014-12-28 05:22:15 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 528588 529890 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 5169 171413585 0 0
# scanned=34859
# found=18
# cleaned=0
# scan_time=1307
sh=5A94AFD3C29354FEB17EC9E5B440F0218D4686DE ft=1 fh=23d605aaa800c791 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=B34CBA94567B514DB652D82470D5372833DFA804 ft=1 fh=968a0128991df666 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
sh=86060339AD31C4C6C5F4601301306FD665188A02 ft=1 fh=72001bf47b12a67c vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=3F92985CBDD831D23F0859C31FF1EE86718B964B ft=1 fh=0a7b10577d62ed60 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=771DC528A8E00040FF06513F01AB1B247FF2EB73 ft=1 fh=66a1ea565f6deec9 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"
sh=A3ED4B73C09B6DF05D713B64FAA783689F01B556 ft=1 fh=61508ea734cfa28b vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=D6DE4B027BB4D848CCBABD11388741CA7854ADD5 ft=1 fh=bbc78ef86a01b303 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=9FF908F2163E6E1CFDB0C34110517E1F8E89824D ft=1 fh=6964d2dc7e2f7da9 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir"
sh=BC1B05BBDB2BC3A743024BDC383FEC73E739FC75 ft=1 fh=8c967fa647c8d677 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=B470497F7EA96F4B7447C32EBB0052D56A8F8DAF ft=1 fh=3c7e4e17a056443d vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=843DF0FD9F9C356D5336452FCC2B3374A2BD06DC ft=1 fh=137ef7008edb618f vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\niki\AppData\Roaming\OpenCandy\23E3A837E16742B7AB0FE427E0E99EA1\SSStub_SearchProtect_p1v0.exe.vir"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\niki\AppData\Roaming\OpenCandy\3F471B0531344EF9B740E47441D2AAB3\sp-downloader.exe.vir"
sh=9CE5F659BDD89907624541CB98681224CA75D886 ft=1 fh=9b9a5086efdbb0a1 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=0376480BF88636C98868414D1B2043659B77FB56 ft=1 fh=2b17089848f03add vn="Variante von Win64/BrowseFox.U evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{408fcd28-f599-4b29-ada2-d72e26c39377}Gw64.sys.vir"
sh=BCA5F4F6A25498DE2A7ADE50C4BA61C87744B035 ft=1 fh=130865f269f7e25f vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Common Files\System\SysMenu.dll"
sh=DD9A6B62748A8A942E7D4D6D9BFD5D2120AA6554 ft=1 fh=84ec21cef8c75edf vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Common Files\System\SysMenu64.dll"
sh=BCA5F4F6A25498DE2A7ADE50C4BA61C87744B035 ft=1 fh=130865f269f7e25f vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Gemeinsame Dateien\System\SysMenu.dll"
sh=DD9A6B62748A8A942E7D4D6D9BFD5D2120AA6554 ft=1 fh=84ec21cef8c75edf vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Gemeinsame Dateien\System\SysMenu64.dll"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=535c7edd100b20408acb8fedeff4cc96
# engine=21734
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-29 12:22:12
# local_time=2014-12-29 01:22:12 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 600585 601887 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 75534 171485582 0 0
# scanned=235588
# found=44
# cleaned=0
# scan_time=12643
sh=5A94AFD3C29354FEB17EC9E5B440F0218D4686DE ft=1 fh=23d605aaa800c791 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=B34CBA94567B514DB652D82470D5372833DFA804 ft=1 fh=968a0128991df666 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
sh=86060339AD31C4C6C5F4601301306FD665188A02 ft=1 fh=72001bf47b12a67c vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=3F92985CBDD831D23F0859C31FF1EE86718B964B ft=1 fh=0a7b10577d62ed60 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=771DC528A8E00040FF06513F01AB1B247FF2EB73 ft=1 fh=66a1ea565f6deec9 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"
sh=A3ED4B73C09B6DF05D713B64FAA783689F01B556 ft=1 fh=61508ea734cfa28b vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=D6DE4B027BB4D848CCBABD11388741CA7854ADD5 ft=1 fh=bbc78ef86a01b303 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=9FF908F2163E6E1CFDB0C34110517E1F8E89824D ft=1 fh=6964d2dc7e2f7da9 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir"
sh=BC1B05BBDB2BC3A743024BDC383FEC73E739FC75 ft=1 fh=8c967fa647c8d677 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=B470497F7EA96F4B7447C32EBB0052D56A8F8DAF ft=1 fh=3c7e4e17a056443d vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=843DF0FD9F9C356D5336452FCC2B3374A2BD06DC ft=1 fh=137ef7008edb618f vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\niki\AppData\Roaming\OpenCandy\23E3A837E16742B7AB0FE427E0E99EA1\SSStub_SearchProtect_p1v0.exe.vir"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\niki\AppData\Roaming\OpenCandy\3F471B0531344EF9B740E47441D2AAB3\sp-downloader.exe.vir"
sh=9CE5F659BDD89907624541CB98681224CA75D886 ft=1 fh=9b9a5086efdbb0a1 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=0376480BF88636C98868414D1B2043659B77FB56 ft=1 fh=2b17089848f03add vn="Variante von Win64/BrowseFox.U evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{408fcd28-f599-4b29-ada2-d72e26c39377}Gw64.sys.vir"
sh=BCA5F4F6A25498DE2A7ADE50C4BA61C87744B035 ft=1 fh=130865f269f7e25f vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Common Files\System\SysMenu.dll"
sh=DD9A6B62748A8A942E7D4D6D9BFD5D2120AA6554 ft=1 fh=84ec21cef8c75edf vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Common Files\System\SysMenu64.dll"
sh=BCA5F4F6A25498DE2A7ADE50C4BA61C87744B035 ft=1 fh=130865f269f7e25f vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Gemeinsame Dateien\System\SysMenu.dll"
sh=DD9A6B62748A8A942E7D4D6D9BFD5D2120AA6554 ft=1 fh=84ec21cef8c75edf vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Gemeinsame Dateien\System\SysMenu64.dll"
sh=DF302EC75272BBDDFBF55BC31B5B6F4EF74D15D3 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\ProgramData\lkffhhbainjiheccppdedpnljkkfcaii\content.js"
sh=91D8486DB5A1306A32ACE784C71F91D8460233BF ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\ProgramData\lkffhhbainjiheccppdedpnljkkfcaii\Wi.js"
sh=68C692B60F2BBEC7E4BA2C027CEAB253EF7311F2 ft=1 fh=c39e09c7c0fec6f4 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Adobe Download Assistant\4b9b4c05-2333-48cf-9565-f0e987194920.dll.vir"
sh=665537CF4487451B1528F0F6332AAFB12DA5F5F2 ft=1 fh=e6d7182a3fe06c9b vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Adobe Download Assistant\bcfe1426-2038-4631-81a6-6e318fe3ee7e.dll.vir"
sh=9B149B113A9B90C4FAB74C96C038DD95988DCD63 ft=1 fh=a9929d54e825bb44 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Adobe Download Assistant\e91ebb45-cfb2-49e2-b57a-d08f383054c5.dll.vir"
sh=665537CF4487451B1528F0F6332AAFB12DA5F5F2 ft=1 fh=e6d7182a3fe06c9b vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\bcfe1426-2038-4631-81a6-6e318fe3ee7e\65913bf0-36c8-4412-9a2d-0b49932d7712.dll.vir"
sh=95CB0377EB7C61D52EB2DA483F82195B6534525E ft=1 fh=68d62365b6810d23 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\bcfe1426-2038-4631-81a6-6e318fe3ee7e\ee96f1ca-2d12-4851-a2bf-9ec06bc89e6a.dll.vir"
sh=9B149B113A9B90C4FAB74C96C038DD95988DCD63 ft=1 fh=a9929d54e825bb44 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\e91ebb45-cfb2-49e2-b57a-d08f383054c5\b34cdf20-0d52-4642-a3ad-4942c26b3743.dll.vir"
sh=68C692B60F2BBEC7E4BA2C027CEAB253EF7311F2 ft=1 fh=c39e09c7c0fec6f4 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\e91ebb45-cfb2-49e2-b57a-d08f383054c5\cc8d6785-cde7-4808-b3c6-0814600135d5.dll.vir"
sh=665537CF4487451B1528F0F6332AAFB12DA5F5F2 ft=1 fh=e6d7182a3fe06c9b vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Ge-Force\0cb00a01-6ce6-4d0f-8df3-fd9e325189f8.dll.vir"
sh=95CB0377EB7C61D52EB2DA483F82195B6534525E ft=1 fh=68d62365b6810d23 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Ge-Force\c8daf314-8eb3-4bf1-898d-d06fa177a4bb.dll.vir"
sh=DF302EC75272BBDDFBF55BC31B5B6F4EF74D15D3 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Users\All Users\lkffhhbainjiheccppdedpnljkkfcaii\content.js"
sh=91D8486DB5A1306A32ACE784C71F91D8460233BF ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\All Users\lkffhhbainjiheccppdedpnljkkfcaii\Wi.js"
sh=29531FF34ED520FDEF40B88D1C27B77D4064C1B7 ft=1 fh=6f280fcdcbb1a73e vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\niki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NZPWFTS\OrbiterInstaller[1].exe"
sh=7028F239FAC673EE7DC7772ACC75D759EA73837D ft=1 fh=e769f095fe49f653 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\niki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NZPWFTS\spstub[1].exe"
sh=7028F239FAC673EE7DC7772ACC75D759EA73837D ft=1 fh=e769f095fe49f653 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\niki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NZPWFTS\spstub[3].exe"
sh=7ABA4DC9BC22D9605675C22CEC12A0DB7EAF0937 ft=1 fh=e11cb87d8b8a9b76 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\niki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4CBN52ZF\SPSetup[1].exe"
sh=A512C27BA0AF525BBBC3A1E0B00F7E0DB4632893 ft=1 fh=5290c6e977648b90 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\niki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4CBN52ZF\SPSetup[2].exe"
sh=7028F239FAC673EE7DC7772ACC75D759EA73837D ft=1 fh=e769f095fe49f653 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\niki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4CBN52ZF\spstub[1].exe"
sh=A512C27BA0AF525BBBC3A1E0B00F7E0DB4632893 ft=1 fh=5290c6e977648b90 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\niki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQUFG48B\SPSetup[1].exe"
sh=F7C1574EEDAE4984C76C1064E41DB06BEF76BC73 ft=1 fh=3ba3400024931db8 vn="Win32/Adware.Pirrit.L Anwendung" ac=I fn="C:\Users\niki\AppData\Local\privacyrubyBckp\privacyrubyBckp.exe"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\niki\AppData\Roaming\ASXA"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\niki\AppData\Roaming\QMNTFN"
sh=48C93BBDD6043054F4559780619F582DACE81949 ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\4ebd89.msi"
sh=E616B62C718922FE2A094359CEE78F9C7D7CAB46 ft=1 fh=1046d3a07943a70f vn="Win32/Adware.Pirrit.K Anwendung" ac=I fn="C:\Windows\System32\addonwordRecovery\addonwordRecovery.exe"
sh=E616B62C718922FE2A094359CEE78F9C7D7CAB46 ft=1 fh=1046d3a07943a70f vn="Win32/Adware.Pirrit.K Anwendung" ac=I fn="C:\Windows\SysWOW64\addonwordRecovery\addonwordRecovery.exe"

Code:
Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus 
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 71 
 Java 8 Update 25 
  Adobe Flash Player 15.0.0.246 Flash Player out of Date! 
 Adobe Reader XI 
 Mozilla Firefox (34.0.5)
 Google Chrome (39.0.2171.71)
 Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast avastui.exe 
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe
 AVAST Software Avast ng ngservice.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by niki (administrator) on NIKI-PC on 29-12-2014 13:39:33
Running from C:\Users\niki\Downloads
Loaded Profile: niki (Available profiles: niki)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
() C:\Users\niki\AppData\Local\privacyrubyBckp\privacyrubyBckp.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\niki\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Windows\SysWOW64\addonwordRecovery\addonwordRecovery.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-05] (IDT, Inc.)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4805936 2012-08-23] (Intel(R) Corporation)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [371024 2013-03-05] (Wave Systems Corp.)
HKLM\...\Run: [DFEPApplication] => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-15] (Dell Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [132920 2013-05-31] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [371896 2012-05-23] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-12-22] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [468192 2014-10-15] (Sony)
AppInit_DLLs-x32: c:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => c:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257208 2012-05-23] (Citrix Systems, Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\niki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\niki\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\niki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3543611772-1706178384-50430059-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:56075;https=127.0.0.1:56075
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-AT&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fwww.google.com&OSP=
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3543611772-1706178384-50430059-1000 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPEB9455D2-AB5B-47BB-BF9B-73864E11D0B5&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3543611772-1706178384-50430059-1000 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-3543611772-1706178384-50430059-1000 -> {54C23A79-90E0-473C-B392-F0789B7170A7} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\niki\AppData\Roaming\Mozilla\Firefox\Profiles\oy1et1va.default-1412713448957
FF Homepage: www.orf.at
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*'))%20%7B%20return%20'PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\niki\AppData\Roaming\Mozilla\Firefox\Profiles\oy1et1va.default-1412713448957\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-22]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Users\niki\AppData\Roaming\Mozilla\Firefox\Profiles\oy1et1va.default-1412713448957\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [Not Found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-01]
CHR Extension: (Google Drive) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-15]
CHR Extension: (YouTube) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-01]
CHR Extension: (Adblock Plus) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-08]
CHR Extension: (Google-Suche) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-01]
CHR Extension: (Hola Better Internet Engine) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbfmioobedknooiakdehepogalbgkng [2014-10-08]
CHR Extension: (ZenMate) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-10-08]
CHR Extension: (Avast Online Security) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-22]
CHR Extension: (Google Wallet) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]
CHR Extension: (Google Mail) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-01]
CHR Extension: (BuyNsaave) - C:\ProgramData\lkffhhbainjiheccppdedpnljkkfcaii\ [2013-10-01]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 addonwordRecovery; C:\Windows\SysWOW64\addonwordRecovery\addonwordRecovery.exe [69120 2014-11-04] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-22] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-22] (Avast Software)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [163840 2011-12-01] (Broadcom Corporation) [File not signed]
R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-15] (Dell Inc.)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [231792 2013-03-11] ()
R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [163840 2007-12-17] (SEIKO EPSON CORPORATION) [File not signed]
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [126464 2007-01-11] (SEIKO EPSON CORPORATION) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-05-23] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-31] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [21504 2013-01-21] (Dell, Inc.) [File not signed]
R2 privacyrubyBckp.exe; C:\Users\niki\AppData\Local\privacyrubyBckp\privacyrubyBckp.exe [165376 2014-11-04] () [File not signed]
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-05-23] ()
S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] () [File not signed]
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1773056 2013-02-26] (Wave Systems Corp.) [File not signed]
S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254824 2013-03-08] (Wave Systems Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-22] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-22] ()
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2013-09-17] (Broadcom Corporation.)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-09-28] (Sony Mobile Communications)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-05-23] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-05-23] ()
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-10] (Windows (R) Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [270728 2014-12-22] (Avast Software)
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-10] (Windows (R) Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 13:39 - 2014-12-29 13:39 - 00000000 ____D () C:\Users\niki\Downloads\FRST-OlderVersion
2014-12-29 13:37 - 2014-12-29 13:37 - 00001133 _____ () C:\Users\niki\Desktop\checkup.txt
2014-12-29 13:26 - 2014-12-29 13:26 - 00852505 _____ () C:\Users\niki\Downloads\SecurityCheck.exe
2014-12-29 10:26 - 2014-12-29 13:35 - 00005014 _____ () C:\Windows\System32\Tasks\WSCEAA
2014-12-29 09:42 - 2014-12-29 09:42 - 00000197 _____ () C:\Windows\system32\2014-12-29-08-42-07.084-AvastVBoxSVC.exe-5148.log
2014-12-29 02:07 - 2014-12-29 02:07 - 00000197 _____ () C:\Windows\system32\2014-12-29-01-07-08.043-AvastVBoxSVC.exe-2280.log
2014-12-28 16:57 - 2014-12-28 16:57 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-28 16:56 - 2014-12-28 16:56 - 02347384 _____ (ESET) C:\Users\niki\Downloads\esetsmartinstaller_deu.exe
2014-12-28 16:49 - 2014-12-28 16:49 - 00000197 _____ () C:\Windows\system32\2014-12-28-15-49-20.079-AvastVBoxSVC.exe-4444.log
2014-12-25 21:54 - 2014-12-25 21:54 - 00000197 _____ () C:\Windows\system32\2014-12-25-20-54-33.079-AvastVBoxSVC.exe-7132.log
2014-12-25 11:58 - 2014-12-29 13:39 - 00033719 _____ () C:\Users\niki\Downloads\FRST.txt
2014-12-25 11:58 - 2014-12-25 11:59 - 00028728 _____ () C:\Users\niki\Downloads\Addition.txt
2014-12-25 11:57 - 2014-12-29 13:39 - 02123264 _____ (Farbar) C:\Users\niki\Downloads\FRST64.exe
2014-12-25 11:46 - 2014-12-25 11:46 - 00001141 _____ () C:\Users\niki\Desktop\JRT.txt
2014-12-25 11:39 - 2014-12-25 11:39 - 00000000 ____D () C:\Windows\ERUNT
2014-12-25 11:38 - 2014-12-25 11:38 - 00010383 _____ () C:\Users\niki\Desktop\AdwCleaner[S1].txt
2014-12-25 11:35 - 2014-12-25 11:35 - 00000197 _____ () C:\Windows\system32\2014-12-25-10-35-34.031-AvastVBoxSVC.exe-6792.log
2014-12-25 11:26 - 2014-12-25 11:26 - 00022185 _____ () C:\Users\niki\Desktop\mbam.txt
2014-12-25 11:20 - 2014-12-25 11:21 - 01707646 _____ (Thisisu) C:\Users\niki\Downloads\JRT.exe
2014-12-25 11:19 - 2014-12-25 11:19 - 00000793 _____ () C:\Users\niki\Desktop\Adware Cleaner.lnk
2014-12-25 11:18 - 2014-12-25 11:19 - 02173952 _____ () C:\Users\niki\Downloads\AdwCleaner_4.106.exe
2014-12-25 11:12 - 2014-12-25 11:12 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-25 11:11 - 2014-12-25 11:11 - 00000197 _____ () C:\Windows\system32\2014-12-25-10-11-25.044-AvastVBoxSVC.exe-6628.log
2014-12-24 01:12 - 2014-12-24 01:12 - 00000197 _____ () C:\Windows\system32\2014-12-24-00-12-00.009-AvastVBoxSVC.exe-4804.log
2014-12-24 00:52 - 2014-12-29 10:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-24 00:50 - 2014-12-24 00:50 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\niki\Downloads\mbam-setup-2.0.4.1028(1).exe
2014-12-24 00:50 - 2014-12-24 00:50 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-24 00:50 - 2014-12-24 00:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-24 00:50 - 2014-12-24 00:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-24 00:50 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-24 00:50 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-24 00:50 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-24 00:45 - 2014-12-24 00:46 - 00000197 _____ () C:\Windows\system32\2014-12-23-23-45-58.009-AvastVBoxSVC.exe-2284.log
2014-12-23 13:54 - 2014-12-23 13:54 - 00000197 _____ () C:\Windows\system32\2014-12-23-12-54-35.069-AvastVBoxSVC.exe-5060.log
2014-12-23 10:25 - 2014-12-23 10:26 - 00000197 _____ () C:\Windows\system32\2014-12-23-09-25-48.008-AvastVBoxSVC.exe-2544.log
2014-12-23 01:50 - 2014-12-23 01:50 - 00000197 _____ () C:\Windows\system32\2014-12-23-00-50-19.037-AvastVBoxSVC.exe-4204.log
2014-12-23 01:49 - 2014-12-23 01:49 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2014-12-23 01:29 - 2014-12-23 01:34 - 00000000 ____D () C:\Users\niki\Downloads\Microsoft Toolkit 2.5.2 Official Torrent
2014-12-23 01:07 - 2014-12-23 01:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-23 01:05 - 2014-12-23 01:06 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\niki\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-23 01:03 - 2014-12-23 01:03 - 02173952 _____ () C:\Users\niki\Downloads\Adwcleaner.exe
2014-12-23 00:59 - 2014-12-23 00:59 - 00045264 _____ () C:\Users\niki\Desktop\combofix.txt
2014-12-23 00:59 - 2014-12-23 00:59 - 00045264 _____ () C:\ComboFix.txt
2014-12-23 00:54 - 2014-12-23 00:55 - 00000197 _____ () C:\Windows\system32\2014-12-22-23-54-55.009-AvastVBoxSVC.exe-3808.log
2014-12-23 00:34 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-23 00:34 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-23 00:34 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-23 00:34 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-23 00:34 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-23 00:34 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-23 00:34 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-23 00:34 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-23 00:26 - 2014-12-23 00:59 - 00000000 ____D () C:\Qoobox
2014-12-23 00:25 - 2014-12-23 00:56 - 00000000 ____D () C:\Windows\erdnt
2014-12-23 00:24 - 2014-12-23 00:24 - 05601641 ____R (Swearware) C:\Users\niki\Desktop\ComboFix.exe
2014-12-23 00:20 - 2014-12-23 00:20 - 00000197 _____ () C:\Windows\system32\2014-12-22-23-20-56.000-AvastVBoxSVC.exe-5036.log
2014-12-22 23:42 - 2014-12-22 23:42 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\niki\Downloads\revosetup95.exe
2014-12-22 23:42 - 2014-12-22 23:42 - 00001266 _____ () C:\Users\niki\Desktop\Revo Uninstaller.lnk
2014-12-22 23:42 - 2014-12-22 23:42 - 00000197 _____ () C:\Windows\system32\2014-12-22-22-42-15.013-AvastVBoxSVC.exe-6580.log
2014-12-22 23:42 - 2014-12-22 23:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-22 21:45 - 2014-12-22 21:45 - 00002994 _____ () C:\Windows\System32\Tasks\{091C3AE4-4A64-4D2A-B31B-001F94FDC6A5}
2014-12-22 21:43 - 2014-12-22 21:43 - 00002994 _____ () C:\Windows\System32\Tasks\{388D4750-7C5F-4043-82A8-FE25657BA4E2}
2014-12-22 21:42 - 2014-12-22 21:42 - 00002994 _____ () C:\Windows\System32\Tasks\{06D9274E-2A91-479A-B77F-073D0CA62E8C}
2014-12-22 20:56 - 2014-12-22 20:56 - 05601641 _____ (Swearware) C:\Users\niki\Downloads\ComboFix.exe
2014-12-22 20:26 - 2014-12-22 20:26 - 00104857 _____ () C:\Users\niki\Desktop\gmer.txt
2014-12-22 20:16 - 2014-12-22 20:16 - 00380416 _____ () C:\Users\niki\Downloads\Gmer-19357.exe
2014-12-22 20:14 - 2014-12-22 20:14 - 00000470 _____ () C:\Users\niki\Downloads\defogger_disable.log
2014-12-22 20:14 - 2014-12-22 20:14 - 00000000 _____ () C:\Users\niki\defogger_reenable
2014-12-22 20:13 - 2014-12-22 20:13 - 00050477 _____ () C:\Users\niki\Downloads\Defogger.exe
2014-12-22 20:04 - 2014-12-22 20:04 - 00000197 _____ () C:\Windows\system32\2014-12-22-19-04-13.093-AvastVBoxSVC.exe-6652.log
2014-12-22 19:28 - 2014-12-22 19:28 - 00000197 _____ () C:\Windows\system32\2014-12-22-18-28-22.005-AvastVBoxSVC.exe-5540.log
2014-12-22 19:26 - 2014-12-29 13:39 - 00000000 ____D () C:\FRST
2014-12-22 19:16 - 2014-12-22 19:16 - 00000197 _____ () C:\Windows\system32\2014-12-22-18-16-36.048-AvastVBoxSVC.exe-6504.log
2014-12-22 16:18 - 2014-12-22 16:19 - 00000247 _____ () C:\Windows\system32\2014-12-22-15-18-59.012-aswFe.exe-7420.log
2014-12-22 16:07 - 2014-12-22 16:18 - 00000247 _____ () C:\Windows\system32\2014-12-22-15-07-28.049-aswFe.exe-6208.log
2014-12-22 16:07 - 2014-12-22 16:07 - 00000197 _____ () C:\Windows\system32\2014-12-22-15-07-22.084-AvastVBoxSVC.exe-4212.log
2014-12-22 15:46 - 2014-12-22 15:46 - 00000247 _____ () C:\Windows\system32\2014-12-22-14-46-02.063-aswFe.exe-1256.log
2014-12-22 15:45 - 2014-12-22 15:45 - 00000197 _____ () C:\Windows\system32\2014-12-22-14-45-47.088-AvastVBoxSVC.exe-2912.log
2014-12-22 15:29 - 2014-12-23 00:43 - 00000000 ____D () C:\Program Files (x86)\e91ebb45-cfb2-49e2-b57a-d08f383054c5
2014-12-22 15:29 - 2014-12-23 00:43 - 00000000 ____D () C:\Program Files (x86)\bcfe1426-2038-4631-81a6-6e318fe3ee7e
2014-12-22 15:29 - 2014-12-22 15:29 - 00000247 _____ () C:\Windows\system32\2014-12-22-14-29-04.016-aswFe.exe-8556.log
2014-12-22 15:28 - 2014-12-22 15:29 - 00003568 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2014-12-22 15:28 - 2014-12-22 15:28 - 00000197 _____ () C:\Windows\system32\2014-12-22-14-28-45.064-AvastVBoxSVC.exe-5512.log
2014-12-22 15:22 - 2014-12-22 15:39 - 00000000 ____D () C:\Users\niki\AppData\Local\privacyrubyBckp
2014-12-22 15:22 - 2014-12-22 15:22 - 00000000 ____D () C:\Windows\SysWOW64\addonwordRecovery
2014-12-22 15:13 - 2014-12-22 15:13 - 00000000 ____D () C:\Users\niki\AppData\Roaming\AVAST Software
2014-12-22 15:12 - 2014-12-29 13:29 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-22 15:12 - 2014-12-22 15:12 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-22 15:12 - 2014-12-22 15:12 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-22 15:12 - 2014-12-22 15:12 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00001966 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-22 15:12 - 2014-12-22 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-22 15:11 - 2014-12-22 15:11 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-22 13:53 - 2014-12-22 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-22 13:50 - 2014-12-22 13:50 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-12-22 13:48 - 2014-12-22 13:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-12-22 13:46 - 2014-12-22 13:48 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-12-22 13:46 - 2014-12-22 13:46 - 00000000 ____D () C:\Windows\PCHEALTH
2014-12-22 13:43 - 2014-12-22 13:43 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-12-22 13:43 - 2014-12-22 13:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-12-22 13:42 - 2014-12-22 13:46 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-12-22 13:42 - 2014-12-22 13:42 - 00000000 ___RD () C:\MSOCache
2014-12-22 13:24 - 2014-12-22 13:24 - 00000000 ____D () C:\Users\niki\AppData\Local\WinZip
2014-12-22 13:23 - 2014-12-22 13:23 - 00002197 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-12-22 13:23 - 2014-12-22 13:23 - 00002191 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-12-22 13:23 - 2014-12-22 13:23 - 00000000 ____D () C:\ProgramData\WinZip
2014-12-22 13:23 - 2014-12-22 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-12-22 13:23 - 2014-12-22 13:23 - 00000000 ____D () C:\Program Files\WinZip
2014-12-22 13:02 - 2014-12-22 13:02 - 00000247 _____ () C:\Windows\system32\2014-12-22-12-02-23.023-aswFe.exe-4360.log
2014-12-22 12:52 - 2014-12-22 13:01 - 00000247 _____ () C:\Windows\system32\2014-12-22-11-52-54.069-aswFe.exe-4060.log
2014-12-22 12:52 - 2014-12-22 12:52 - 00000197 _____ () C:\Windows\system32\2014-12-22-11-52-44.044-AvastVBoxSVC.exe-4420.log
2014-12-22 12:38 - 2014-12-22 12:38 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-12-22 12:38 - 2014-12-22 12:38 - 00000000 ____D () C:\Windows\system32\vbox
2014-12-22 12:36 - 2014-12-22 12:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-12-22 12:36 - 2014-12-22 12:36 - 00000000 ____D () C:\Program Files\7-Zip
2014-12-22 12:30 - 2014-12-22 15:11 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-22 11:45 - 2014-12-22 11:45 - 00000000 ____D () C:\Bak
2014-12-20 17:52 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141220-175253.backup
2014-12-20 17:41 - 2014-12-23 00:50 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-20 17:41 - 2014-12-23 00:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-20 17:41 - 2014-12-20 17:41 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-12-19 17:25 - 2014-12-29 09:58 - 00000000 ____D () C:\Program Files (x86)\BuyNsaave
2014-12-19 17:25 - 2014-12-19 17:25 - 00000000 ____D () C:\ProgramData\lkffhhbainjiheccppdedpnljkkfcaii
2014-12-18 13:41 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 13:41 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 08:14 - 2014-12-17 08:14 - 00000000 ____D () C:\Users\niki\Documents\Bluetooth-Exchange-Ordner
2014-12-16 21:45 - 2014-12-29 12:42 - 00000000 ____D () C:\Users\niki\Documents\Outlook-Dateien
2014-12-14 22:06 - 2014-12-23 01:31 - 00000000 ____D () C:\Users\niki\AppData\Roaming\uTorrent
2014-12-10 22:56 - 2014-12-10 22:56 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 22:49 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 22:49 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 22:05 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 22:05 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 22:05 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 22:05 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 22:05 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 22:05 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 22:05 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 22:05 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 22:05 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 22:05 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 22:05 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 22:05 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 22:05 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 22:05 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 22:05 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 22:05 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 22:05 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 22:05 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 22:05 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 22:05 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 22:05 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 22:05 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 22:05 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 22:05 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 22:05 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 22:05 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 22:05 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 22:05 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 22:05 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 22:05 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 22:05 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 22:05 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 22:05 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 22:05 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 22:05 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 22:05 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 22:05 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 22:05 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 22:05 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 22:05 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 22:05 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 22:05 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 22:05 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 22:05 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 22:05 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 22:05 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 22:05 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 22:05 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 22:05 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 22:05 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 22:05 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 22:05 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 22:05 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 22:05 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 22:05 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 22:05 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 22:05 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 22:05 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 22:05 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 22:05 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 22:05 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 22:05 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 22:05 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 22:05 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 22:05 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 22:04 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 22:04 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 22:04 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 22:04 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 22:04 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 22:04 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 22:04 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 22:04 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 22:04 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 22:04 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 22:04 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 22:04 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 22:04 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 22:04 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 19:56 - 2014-12-09 19:56 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-09 19:27 - 2014-12-22 22:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-04 11:24 - 2014-12-04 13:32 - 00001064 _____ () C:\Users\niki\Desktop\Adobe Bridge CC (64bit).lnk
2014-12-03 18:27 - 2014-12-16 21:39 - 00000000 ____D () C:\Users\niki\Documents\Adobe
2014-12-03 10:58 - 2014-12-03 10:58 - 00001032 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CC (64bit).lnk
2014-12-03 10:23 - 2014-12-03 10:23 - 00003498 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-niki-PC-niki
2014-12-03 10:23 - 2014-12-03 10:23 - 00000000 ____D () C:\Users\niki\AppData\Roaming\PDAppFlex
2014-12-01 23:33 - 2014-12-20 17:55 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-12-01 23:27 - 2014-12-20 17:57 - 00000000 ____D () C:\Program Files\Adobe
2014-12-01 23:22 - 2014-12-03 10:57 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-01 23:17 - 2014-12-01 23:17 - 00000000 ___RD () C:\Users\niki\Creative Cloud Files
2014-12-01 23:14 - 2014-12-01 23:23 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-01 23:14 - 2014-12-01 23:14 - 00001311 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-12-01 23:14 - 2014-12-01 23:14 - 00001299 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 12:56 - 2013-09-17 21:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-29 12:52 - 2013-10-01 22:18 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-29 12:52 - 2013-09-17 21:42 - 01210205 _____ () C:\Windows\WindowsUpdate.log
2014-12-29 10:34 - 2009-07-14 05:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-29 10:34 - 2009-07-14 05:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-29 09:41 - 2014-01-28 23:19 - 00000000 ___RD () C:\Users\niki\Dropbox
2014-12-29 09:41 - 2014-01-28 23:17 - 00000000 ____D () C:\Users\niki\AppData\Roaming\Dropbox
2014-12-29 09:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-29 09:38 - 2009-07-14 05:51 - 00108186 _____ () C:\Windows\setupact.log
2014-12-29 02:15 - 2013-10-23 21:49 - 00000000 ____D () C:\Users\niki\AppData\Local\Adobe
2014-12-25 11:30 - 2010-11-21 04:47 - 00680266 _____ () C:\Windows\PFRO.log
2014-12-25 11:29 - 2014-10-07 21:37 - 00000000 ____D () C:\AdwCleaner
2014-12-24 01:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Branding
2014-12-23 00:59 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-23 00:58 - 2010-11-21 07:50 - 00702890 _____ () C:\Windows\system32\perfh007.dat
2014-12-23 00:58 - 2010-11-21 07:50 - 00150498 _____ () C:\Windows\system32\perfc007.dat
2014-12-23 00:58 - 2009-07-14 06:13 - 01628108 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-23 00:53 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-23 00:43 - 2014-04-27 11:35 - 00000000 ____D () C:\Program Files (x86)\Adobe Download Assistant
2014-12-22 23:38 - 2013-09-30 13:55 - 00111936 _____ () C:\Users\niki\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-22 23:37 - 2009-07-14 05:45 - 00437640 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-22 22:38 - 2013-09-30 15:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-22 22:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-22 22:37 - 2009-07-14 03:34 - 00000612 _____ () C:\Windows\win.ini
2014-12-22 22:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-22 20:14 - 2013-09-30 13:54 - 00000000 ____D () C:\Users\niki
2014-12-22 15:28 - 2013-10-31 17:06 - 00000000 ____D () C:\Users\niki\AppData\Local\CrashDumps
2014-12-22 15:21 - 2013-11-05 21:21 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-12-22 13:51 - 2010-11-21 08:00 - 00000000 ____D () C:\Windows\ShellNew
2014-12-22 13:32 - 2013-09-17 22:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-12-22 13:32 - 2013-09-17 22:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-12-22 12:52 - 2013-09-30 13:54 - 00000000 ____D () C:\Users\niki\AppData\Local\VirtualStore
2014-12-22 11:57 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-20 17:57 - 2013-10-23 21:50 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-16 21:46 - 2013-12-03 13:10 - 00000000 ____D () C:\Users\niki\Documents\Privat
2014-12-16 21:39 - 2013-10-02 17:03 - 00000000 ____D () C:\Users\niki\Documents\Diverses
2014-12-16 21:37 - 2013-10-13 15:35 - 00000000 ____D () C:\Users\niki\Documents\Medizin
2014-12-16 10:52 - 2013-10-01 22:23 - 00000000 ____D () C:\Users\niki\AppData\Roaming\Skype
2014-12-16 10:51 - 2014-09-22 22:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-16 10:51 - 2013-10-01 22:22 - 00000000 ____D () C:\ProgramData\Skype
2014-12-15 21:03 - 2014-01-28 23:18 - 00000000 ____D () C:\Users\niki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-14 22:57 - 2013-10-13 19:33 - 00000000 ____D () C:\Users\niki\AppData\Roaming\vlc
2014-12-11 11:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-10 22:56 - 2014-05-06 17:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 22:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 22:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 22:54 - 2013-09-30 14:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 22:51 - 2013-09-30 14:31 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 21:55 - 2013-10-01 21:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-10 09:14 - 2013-10-23 21:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 19:56 - 2013-09-17 21:42 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 19:56 - 2013-09-17 21:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 19:56 - 2013-09-17 21:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-03 23:14 - 2014-11-03 13:12 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-03 23:14 - 2014-11-03 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-03 23:13 - 2014-11-03 13:12 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-03 23:13 - 2014-01-21 12:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-03 18:27 - 2013-09-30 13:55 - 00000000 ____D () C:\Users\niki\AppData\Roaming\Adobe
2014-12-02 13:01 - 2014-11-15 13:23 - 00002028 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-12-02 13:01 - 2014-09-28 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-12-02 13:01 - 2013-09-17 14:38 - 00289014 _____ () C:\Windows\DPINST.LOG
2014-12-02 13:00 - 2013-09-17 21:50 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-02 00:11 - 2014-11-27 19:43 - 00000000 ____D () C:\Users\niki\AppData\Roaming\fotoCharlyBestellsoftware
2014-12-01 23:27 - 2013-10-23 21:50 - 00000000 ____D () C:\ProgramData\Adobe

Some content of TEMP:
====================
C:\Users\niki\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprkqsip.dll
C:\Users\niki\AppData\Local\Temp\Quarantine.exe
C:\Users\niki\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-15 14:54

==================== End Of Log ============================
--- --- ---

--- --- ---


Pc macht eigentlich keine Probleme mehr. ;-)
Vielen Dank!
MfG

schrauber 29.12.2014 21:35
Flash updaten.

Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de




Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Program Files\Common Files\System
C:\ProgramData\lkffhhbainjiheccppdedpnljkkfcaii
C:\Users\niki\AppData\Local\privacyrubyBckp
C:\Users\niki\AppData\Roaming\ASXA
C:\Users\niki\AppData\Roaming\QMNTFN
C:\Windows\Installer\4ebd89.msi
C:\Windows\System32\addonwordRecovery
C:\Windows\SysWOW64\addonwordRecovery
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:56075;https=127.0.0.1:56075
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*'))%20%7B%20return%20'PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 0
CHR Extension: (BuyNsaave) - C:\ProgramData\lkffhhbainjiheccppdedpnljkkfcaii\ [2013-10-01]
R2 addonwordRecovery; C:\Windows\SysWOW64\addonwordRecovery\addonwordRecovery.exe [69120 2014-11-04] () [File not signed]

Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Frisches FRST log bitte.

niko laus 30.12.2014 15:42
Hallo,

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by niki at 2014-12-30 15:28:21 Run:1
Running from C:\Users\niki\Downloads
Loaded Profile: niki (Available profiles: niki)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files\Common Files\System
C:\ProgramData\lkffhhbainjiheccppdedpnljkkfcaii
C:\Users\niki\AppData\Local\privacyrubyBckp
C:\Users\niki\AppData\Roaming\ASXA
C:\Users\niki\AppData\Roaming\QMNTFN
C:\Windows\Installer\4ebd89.msi
C:\Windows\System32\addonwordRecovery
C:\Windows\SysWOW64\addonwordRecovery
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:56075;https=127.0.0.1:56075
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*'))%20%7B%20return%20'PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 0
CHR Extension: (BuyNsaave) - C:\ProgramData\lkffhhbainjiheccppdedpnljkkfcaii\ [2013-10-01]
R2 addonwordRecovery; C:\Windows\SysWOW64\addonwordRecovery\addonwordRecovery.exe [69120 2014-11-04] () [File not signed]

Emptytemp:
       
*****************

C:\Program Files\Common Files\System => Moved successfully.
C:\ProgramData\lkffhhbainjiheccppdedpnljkkfcaii => Moved successfully.

"C:\Users\niki\AppData\Local\privacyrubyBckp" directory move:

C:\Users\niki\AppData\Local\privacyrubyBckp\msvcp100.dll => Moved successfully.
C:\Users\niki\AppData\Local\privacyrubyBckp\msvcr100.dll => Moved successfully.
C:\Users\niki\AppData\Local\privacyrubyBckp\privacyrubyBckp.exe => Moved successfully.
C:\Users\niki\AppData\Local\privacyrubyBckp\qjson0.dll => Moved successfully.
C:\Users\niki\AppData\Local\privacyrubyBckp\QtCore4.dll => Moved successfully.
C:\Users\niki\AppData\Local\privacyrubyBckp\QtNetwork4.dll => Moved successfully.
C:\Users\niki\AppData\Local\privacyrubyBckp\desktop\classdirectxClient.exe-(PID-2916)-1531134\classdirectxClient.exe-(PID-2916).dmp => Moved successfully.
C:\Users\niki\AppData\Local\privacyrubyBckp\desktop\classdirectxClient.exe-(PID-2916)-1531134\taskkill.exe-(PID-6364).dmp => Moved successfully.
Could not move "C:\Users\niki\AppData\Local\privacyrubyBckp" directory. => Scheduled to move on reboot.

C:\Users\niki\AppData\Roaming\ASXA => Moved successfully.
C:\Users\niki\AppData\Roaming\QMNTFN => Moved successfully.
C:\Windows\Installer\4ebd89.msi => Moved successfully.
"C:\Windows\System32\addonwordRecovery" => File/Directory not found.
C:\Windows\SysWOW64\addonwordRecovery => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-3543611772-1706178384-50430059-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
C:\ProgramData\lkffhhbainjiheccppdedpnljkkfcaii\ directory not found.
addonwordRecovery => Unable to stop service
addonwordRecovery => Service deleted successfully.
EmptyTemp: => Removed 700.4 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-12-30 15:32:41)<=

C:\Users\niki\AppData\Local\privacyrubyBckp => Is moved successfully.

==== End of Fixlog 15:32:41 ====


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by niki (administrator) on NIKI-PC on 30-12-2014 15:37:19
Running from C:\Users\niki\Downloads
Loaded Profile: niki (Available profiles: niki)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\niki\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-05] (IDT, Inc.)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4805936 2012-08-23] (Intel(R) Corporation)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [371024 2013-03-05] (Wave Systems Corp.)
HKLM\...\Run: [DFEPApplication] => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-15] (Dell Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [132920 2013-05-31] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [371896 2012-05-23] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-12-22] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [468192 2014-10-15] (Sony)
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\...\Run: [GoogleChromeAutoLaunch_C8351AB8DC5F81FCC2E6ECC2DCBF253C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
AppInit_DLLs-x32: c:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => c:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257208 2012-05-23] (Citrix Systems, Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\niki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\niki\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\niki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:56075;https=127.0.0.1:56075
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-AT&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fwww.google.com&OSP=
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3543611772-1706178384-50430059-1000 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPEB9455D2-AB5B-47BB-BF9B-73864E11D0B5&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3543611772-1706178384-50430059-1000 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-3543611772-1706178384-50430059-1000 -> {54C23A79-90E0-473C-B392-F0789B7170A7} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\niki\AppData\Roaming\Mozilla\Firefox\Profiles\oy1et1va.default-1412713448957
FF Homepage: www.orf.at
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\niki\AppData\Roaming\Mozilla\Firefox\Profiles\oy1et1va.default-1412713448957\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-22]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Users\niki\AppData\Roaming\Mozilla\Firefox\Profiles\oy1et1va.default-1412713448957\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=M6D5A8316-A292-439D-AE69-FC6F76933AE9&SearchSource=55&CUI=&UM=6&UP=SP6F7C34BB-0232-4423-82D0-DFBE3AAB5B94&SSPV=
CHR StartupUrls: Default -> "hxxp://www.google.at/", "hxxp://www.mystartsearch.com/?type=hp&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX", "hxxp://www/"
CHR Profile: C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-30]
CHR Extension: (Google Drive) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-30]
CHR Extension: (YouTube) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-30]
CHR Extension: (Avast SafePrice) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-12-30]
CHR Extension: (Avast Online Security) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-30]
CHR Extension: (Google Wallet) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-30]
CHR Extension: (Google Mail) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-30]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-22] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-22] (Avast Software)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [163840 2011-12-01] (Broadcom Corporation) [File not signed]
R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-15] (Dell Inc.)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [231792 2013-03-11] ()
R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [163840 2007-12-17] (SEIKO EPSON CORPORATION) [File not signed]
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [126464 2007-01-11] (SEIKO EPSON CORPORATION) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-05-23] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-31] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [21504 2013-01-21] (Dell, Inc.) [File not signed]
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-05-23] ()
S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] () [File not signed]
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1773056 2013-02-26] (Wave Systems Corp.) [File not signed]
S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254824 2013-03-08] (Wave Systems Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)
S2 privacyrubyBckp.exe; C:\Users\niki\AppData\Local\privacyrubyBckp\privacyrubyBckp.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-22] ()
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2013-09-17] (Broadcom Corporation.)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-09-28] (Sony Mobile Communications)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-05-23] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-05-23] ()
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-10] (Windows (R) Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [270728 2014-12-22] (Avast Software)
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-10] (Windows (R) Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 15:34 - 2014-12-30 15:34 - 00000197 _____ () C:\Windows\system32\2014-12-30-14-34-55.006-AvastVBoxSVC.exe-4620.log
2014-12-30 15:27 - 2014-12-30 15:37 - 00000000 ____D () C:\FRST
2014-12-30 15:26 - 2014-12-30 15:27 - 00003934 _____ () C:\Users\niki\Desktop\Fixlist.txt
2014-12-30 15:18 - 2014-12-30 15:18 - 00002249 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-30 15:18 - 2014-12-30 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-30 15:17 - 2014-12-30 15:17 - 00880784 _____ (Google Inc.) C:\Users\niki\Downloads\ChromeSetup.exe
2014-12-30 15:15 - 2014-12-30 15:15 - 00000000 __SHD () C:\Users\niki\AppData\Local\EmieUserList
2014-12-30 15:15 - 2014-12-30 15:15 - 00000000 __SHD () C:\Users\niki\AppData\Local\EmieSiteList
2014-12-30 15:15 - 2014-12-30 15:15 - 00000000 __SHD () C:\Users\niki\AppData\Local\EmieBrowserModeList
2014-12-30 15:12 - 2014-12-30 15:12 - 00002168 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-12-30 15:12 - 2014-12-30 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-12-30 15:12 - 2014-12-30 15:12 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-12-30 15:12 - 2014-12-30 15:12 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-12-30 15:02 - 2014-12-30 15:02 - 00000197 _____ () C:\Windows\system32\2014-12-30-14-02-44.090-AvastVBoxSVC.exe-3368.log
2014-12-30 12:34 - 2014-12-30 12:34 - 00000197 _____ () C:\Windows\system32\2014-12-30-11-34-47.045-AvastVBoxSVC.exe-6432.log
2014-12-29 13:39 - 2014-12-29 13:39 - 00000000 ____D () C:\Users\niki\Downloads\FRST-OlderVersion
2014-12-29 13:37 - 2014-12-29 13:37 - 00001133 _____ () C:\Users\niki\Desktop\checkup.txt
2014-12-29 13:26 - 2014-12-29 13:26 - 00852505 _____ () C:\Users\niki\Downloads\SecurityCheck.exe
2014-12-29 10:26 - 2014-12-30 15:35 - 00005014 _____ () C:\Windows\System32\Tasks\WSCEAA
2014-12-29 09:42 - 2014-12-29 09:42 - 00000197 _____ () C:\Windows\system32\2014-12-29-08-42-07.084-AvastVBoxSVC.exe-5148.log
2014-12-29 02:07 - 2014-12-29 02:07 - 00000197 _____ () C:\Windows\system32\2014-12-29-01-07-08.043-AvastVBoxSVC.exe-2280.log
2014-12-28 16:57 - 2014-12-28 16:57 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-28 16:56 - 2014-12-28 16:56 - 02347384 _____ (ESET) C:\Users\niki\Downloads\esetsmartinstaller_deu.exe
2014-12-28 16:49 - 2014-12-28 16:49 - 00000197 _____ () C:\Windows\system32\2014-12-28-15-49-20.079-AvastVBoxSVC.exe-4444.log
2014-12-25 21:54 - 2014-12-25 21:55 - 00000197 _____ () C:\Windows\system32\2014-12-25-20-54-33.079-AvastVBoxSVC.exe-7132.log
2014-12-25 11:58 - 2014-12-30 15:37 - 00030679 _____ () C:\Users\niki\Downloads\FRST.txt
2014-12-25 11:58 - 2014-12-25 11:59 - 00028728 _____ () C:\Users\niki\Downloads\Addition.txt
2014-12-25 11:57 - 2014-12-29 13:39 - 02123264 _____ (Farbar) C:\Users\niki\Downloads\FRST64.exe
2014-12-25 11:46 - 2014-12-25 11:46 - 00001141 _____ () C:\Users\niki\Desktop\JRT.txt
2014-12-25 11:39 - 2014-12-25 11:39 - 00000000 ____D () C:\Windows\ERUNT
2014-12-25 11:38 - 2014-12-25 11:38 - 00010383 _____ () C:\Users\niki\Desktop\AdwCleaner[S1].txt
2014-12-25 11:35 - 2014-12-25 11:35 - 00000197 _____ () C:\Windows\system32\2014-12-25-10-35-34.031-AvastVBoxSVC.exe-6792.log
2014-12-25 11:26 - 2014-12-25 11:26 - 00022185 _____ () C:\Users\niki\Desktop\mbam.txt
2014-12-25 11:20 - 2014-12-25 11:21 - 01707646 _____ (Thisisu) C:\Users\niki\Downloads\JRT.exe
2014-12-25 11:19 - 2014-12-25 11:19 - 00000793 _____ () C:\Users\niki\Desktop\Adware Cleaner.lnk
2014-12-25 11:18 - 2014-12-25 11:19 - 02173952 _____ () C:\Users\niki\Downloads\AdwCleaner_4.106.exe
2014-12-25 11:12 - 2014-12-25 11:12 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-25 11:11 - 2014-12-25 11:11 - 00000197 _____ () C:\Windows\system32\2014-12-25-10-11-25.044-AvastVBoxSVC.exe-6628.log
2014-12-24 01:12 - 2014-12-24 01:12 - 00000197 _____ () C:\Windows\system32\2014-12-24-00-12-00.009-AvastVBoxSVC.exe-4804.log
2014-12-24 00:52 - 2014-12-30 15:33 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-24 00:50 - 2014-12-24 00:50 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\niki\Downloads\mbam-setup-2.0.4.1028(1).exe
2014-12-24 00:50 - 2014-12-24 00:50 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-24 00:50 - 2014-12-24 00:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-24 00:50 - 2014-12-24 00:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-24 00:50 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-24 00:50 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-24 00:50 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-24 00:45 - 2014-12-24 00:46 - 00000197 _____ () C:\Windows\system32\2014-12-23-23-45-58.009-AvastVBoxSVC.exe-2284.log
2014-12-23 13:54 - 2014-12-23 13:54 - 00000197 _____ () C:\Windows\system32\2014-12-23-12-54-35.069-AvastVBoxSVC.exe-5060.log
2014-12-23 10:25 - 2014-12-23 10:26 - 00000197 _____ () C:\Windows\system32\2014-12-23-09-25-48.008-AvastVBoxSVC.exe-2544.log
2014-12-23 01:50 - 2014-12-23 01:50 - 00000197 _____ () C:\Windows\system32\2014-12-23-00-50-19.037-AvastVBoxSVC.exe-4204.log
2014-12-23 01:49 - 2014-12-23 01:49 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2014-12-23 01:29 - 2014-12-23 01:34 - 00000000 ____D () C:\Users\niki\Downloads\
2014-12-23 01:07 - 2014-12-23 01:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-23 01:05 - 2014-12-23 01:06 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\niki\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-23 01:03 - 2014-12-23 01:03 - 02173952 _____ () C:\Users\niki\Downloads\Adwcleaner.exe
2014-12-23 00:59 - 2014-12-23 00:59 - 00045264 _____ () C:\Users\niki\Desktop\combofix.txt
2014-12-23 00:59 - 2014-12-23 00:59 - 00045264 _____ () C:\ComboFix.txt
2014-12-23 00:54 - 2014-12-23 00:55 - 00000197 _____ () C:\Windows\system32\2014-12-22-23-54-55.009-AvastVBoxSVC.exe-3808.log
2014-12-23 00:34 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-23 00:34 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-23 00:34 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-23 00:34 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-23 00:34 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-23 00:34 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-23 00:34 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-23 00:34 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-23 00:26 - 2014-12-23 00:59 - 00000000 ____D () C:\Qoobox
2014-12-23 00:25 - 2014-12-23 00:56 - 00000000 ____D () C:\Windows\erdnt
2014-12-23 00:24 - 2014-12-23 00:24 - 05601641 ____R (Swearware) C:\Users\niki\Desktop\ComboFix.exe
2014-12-23 00:20 - 2014-12-23 00:20 - 00000197 _____ () C:\Windows\system32\2014-12-22-23-20-56.000-AvastVBoxSVC.exe-5036.log
2014-12-22 23:42 - 2014-12-22 23:42 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\niki\Downloads\revosetup95.exe
2014-12-22 23:42 - 2014-12-22 23:42 - 00001266 _____ () C:\Users\niki\Desktop\Revo Uninstaller.lnk
2014-12-22 23:42 - 2014-12-22 23:42 - 00000197 _____ () C:\Windows\system32\2014-12-22-22-42-15.013-AvastVBoxSVC.exe-6580.log
2014-12-22 23:42 - 2014-12-22 23:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-22 21:45 - 2014-12-22 21:45 - 00002994 _____ () C:\Windows\System32\Tasks\{091C3AE4-4A64-4D2A-B31B-001F94FDC6A5}
2014-12-22 21:43 - 2014-12-22 21:43 - 00002994 _____ () C:\Windows\System32\Tasks\{388D4750-7C5F-4043-82A8-FE25657BA4E2}
2014-12-22 21:42 - 2014-12-22 21:42 - 00002994 _____ () C:\Windows\System32\Tasks\{06D9274E-2A91-479A-B77F-073D0CA62E8C}
2014-12-22 20:56 - 2014-12-22 20:56 - 05601641 _____ (Swearware) C:\Users\niki\Downloads\ComboFix.exe
2014-12-22 20:26 - 2014-12-22 20:26 - 00104857 _____ () C:\Users\niki\Desktop\gmer.txt
2014-12-22 20:16 - 2014-12-22 20:16 - 00380416 _____ () C:\Users\niki\Downloads\Gmer-19357.exe
2014-12-22 20:14 - 2014-12-22 20:14 - 00000470 _____ () C:\Users\niki\Downloads\defogger_disable.log
2014-12-22 20:14 - 2014-12-22 20:14 - 00000000 _____ () C:\Users\niki\defogger_reenable
2014-12-22 20:13 - 2014-12-22 20:13 - 00050477 _____ () C:\Users\niki\Downloads\Defogger.exe
2014-12-22 20:04 - 2014-12-22 20:04 - 00000197 _____ () C:\Windows\system32\2014-12-22-19-04-13.093-AvastVBoxSVC.exe-6652.log
2014-12-22 19:28 - 2014-12-22 19:28 - 00000197 _____ () C:\Windows\system32\2014-12-22-18-28-22.005-AvastVBoxSVC.exe-5540.log
2014-12-22 19:26 - 2014-12-30 15:25 - 00000000 ____D () C:\Users\niki\Desktop\FRST
2014-12-22 19:16 - 2014-12-22 19:16 - 00000197 _____ () C:\Windows\system32\2014-12-22-18-16-36.048-AvastVBoxSVC.exe-6504.log
2014-12-22 16:18 - 2014-12-22 16:19 - 00000247 _____ () C:\Windows\system32\2014-12-22-15-18-59.012-aswFe.exe-7420.log
2014-12-22 16:07 - 2014-12-22 16:18 - 00000247 _____ () C:\Windows\system32\2014-12-22-15-07-28.049-aswFe.exe-6208.log
2014-12-22 16:07 - 2014-12-22 16:07 - 00000197 _____ () C:\Windows\system32\2014-12-22-15-07-22.084-AvastVBoxSVC.exe-4212.log
2014-12-22 15:46 - 2014-12-22 15:46 - 00000247 _____ () C:\Windows\system32\2014-12-22-14-46-02.063-aswFe.exe-1256.log
2014-12-22 15:45 - 2014-12-22 15:45 - 00000197 _____ () C:\Windows\system32\2014-12-22-14-45-47.088-AvastVBoxSVC.exe-2912.log
2014-12-22 15:29 - 2014-12-23 00:43 - 00000000 ____D () C:\Program Files (x86)\e91ebb45-cfb2-49e2-b57a-d08f383054c5
2014-12-22 15:29 - 2014-12-23 00:43 - 00000000 ____D () C:\Program Files (x86)\bcfe1426-2038-4631-81a6-6e318fe3ee7e
2014-12-22 15:29 - 2014-12-22 15:29 - 00000247 _____ () C:\Windows\system32\2014-12-22-14-29-04.016-aswFe.exe-8556.log
2014-12-22 15:28 - 2014-12-22 15:29 - 00003568 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2014-12-22 15:28 - 2014-12-22 15:28 - 00000197 _____ () C:\Windows\system32\2014-12-22-14-28-45.064-AvastVBoxSVC.exe-5512.log
2014-12-22 15:13 - 2014-12-22 15:13 - 00000000 ____D () C:\Users\niki\AppData\Roaming\AVAST Software
2014-12-22 15:12 - 2014-12-30 15:34 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-22 15:12 - 2014-12-22 15:12 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-22 15:12 - 2014-12-22 15:12 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-22 15:12 - 2014-12-22 15:12 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00001966 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-22 15:12 - 2014-12-22 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-22 15:11 - 2014-12-22 15:11 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-22 13:53 - 2014-12-22 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-22 13:50 - 2014-12-22 13:50 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-12-22 13:48 - 2014-12-22 13:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-12-22 13:46 - 2014-12-22 13:48 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-12-22 13:46 - 2014-12-22 13:46 - 00000000 ____D () C:\Windows\PCHEALTH
2014-12-22 13:43 - 2014-12-22 13:43 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-12-22 13:43 - 2014-12-22 13:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-12-22 13:42 - 2014-12-22 13:46 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-12-22 13:42 - 2014-12-22 13:42 - 00000000 ___RD () C:\MSOCache
2014-12-22 13:24 - 2014-12-22 13:24 - 00000000 ____D () C:\Users\niki\AppData\Local\WinZip
2014-12-22 13:23 - 2014-12-22 13:23 - 00002197 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-12-22 13:23 - 2014-12-22 13:23 - 00002191 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-12-22 13:23 - 2014-12-22 13:23 - 00000000 ____D () C:\ProgramData\WinZip
2014-12-22 13:23 - 2014-12-22 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-12-22 13:23 - 2014-12-22 13:23 - 00000000 ____D () C:\Program Files\WinZip
2014-12-22 13:02 - 2014-12-22 13:02 - 00000247 _____ () C:\Windows\system32\2014-12-22-12-02-23.023-aswFe.exe-4360.log
2014-12-22 12:52 - 2014-12-22 13:01 - 00000247 _____ () C:\Windows\system32\2014-12-22-11-52-54.069-aswFe.exe-4060.log
2014-12-22 12:52 - 2014-12-22 12:52 - 00000197 _____ () C:\Windows\system32\2014-12-22-11-52-44.044-AvastVBoxSVC.exe-4420.log
2014-12-22 12:38 - 2014-12-22 12:38 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-12-22 12:38 - 2014-12-22 12:38 - 00000000 ____D () C:\Windows\system32\vbox
2014-12-22 12:36 - 2014-12-22 12:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-12-22 12:36 - 2014-12-22 12:36 - 00000000 ____D () C:\Program Files\7-Zip
2014-12-22 12:30 - 2014-12-22 15:11 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-22 11:45 - 2014-12-22 11:45 - 00000000 ____D () C:\Bak
2014-12-20 17:52 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141220-175253.backup
2014-12-20 17:41 - 2014-12-23 00:50 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-20 17:41 - 2014-12-23 00:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-20 17:41 - 2014-12-20 17:41 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-12-19 17:25 - 2014-12-29 09:58 - 00000000 ____D () C:\Program Files (x86)\BuyNsaave
2014-12-18 13:41 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 13:41 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 08:14 - 2014-12-17 08:14 - 00000000 ____D () C:\Users\niki\Documents\Bluetooth-Exchange-Ordner
2014-12-16 21:45 - 2014-12-29 13:46 - 00000000 ____D () C:\Users\niki\Documents\Outlook-Dateien
2014-12-14 22:06 - 2014-12-23 01:31 - 00000000 ____D () C:\Users\niki\AppData\Roaming\
2014-12-10 22:56 - 2014-12-10 22:56 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 22:49 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 22:49 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 22:05 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 22:05 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 22:05 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 22:05 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 22:05 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 22:05 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 22:05 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 22:05 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 22:05 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 22:05 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 22:05 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 22:05 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 22:05 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 22:05 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 22:05 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 22:05 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 22:05 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 22:05 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 22:05 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 22:05 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 22:05 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 22:05 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 22:05 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 22:05 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 22:05 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 22:05 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 22:05 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 22:05 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 22:05 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 22:05 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 22:05 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 22:05 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 22:05 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 22:05 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 22:05 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 22:05 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 22:05 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 22:05 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 22:05 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 22:05 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 22:05 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 22:05 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 22:05 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 22:05 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 22:05 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 22:05 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 22:05 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 22:05 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 22:05 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 22:05 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 22:05 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 22:05 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 22:05 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 22:05 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 22:05 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 22:05 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 22:05 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 22:05 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 22:05 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 22:05 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 22:05 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 22:05 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 22:05 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 22:05 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 22:05 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 22:04 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 22:04 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 22:04 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 22:04 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 22:04 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 22:04 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 22:04 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 22:04 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 22:04 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 22:04 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 22:04 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 22:04 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 22:04 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 22:04 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 19:56 - 2014-12-09 19:56 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-09 19:27 - 2014-12-22 22:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-04 11:24 - 2014-12-04 13:32 - 00001064 _____ () C:\Users\niki\Desktop\Adobe Bridge CC (64bit).lnk
2014-12-03 18:27 - 2014-12-16 21:39 - 00000000 ____D () C:\Users\niki\Documents\Adobe
2014-12-03 10:58 - 2014-12-03 10:58 - 00001032 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CC (64bit).lnk
2014-12-03 10:23 - 2014-12-03 10:23 - 00003498 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-niki-PC-niki
2014-12-03 10:23 - 2014-12-03 10:23 - 00000000 ____D () C:\Users\niki\AppData\Roaming\PDAppFlex
2014-12-01 23:33 - 2014-12-20 17:55 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-12-01 23:27 - 2014-12-20 17:57 - 00000000 ____D () C:\Program Files\Adobe
2014-12-01 23:22 - 2014-12-03 10:57 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-01 23:17 - 2014-12-01 23:17 - 00000000 ___RD () C:\Users\niki\Creative Cloud Files
2014-12-01 23:14 - 2014-12-01 23:23 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-01 23:14 - 2014-12-01 23:14 - 00001311 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-12-01 23:14 - 2014-12-01 23:14 - 00001299 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 15:34 - 2014-01-28 23:19 - 00000000 ___RD () C:\Users\niki\Dropbox
2014-12-30 15:34 - 2014-01-28 23:17 - 00000000 ____D () C:\Users\niki\AppData\Roaming\Dropbox
2014-12-30 15:32 - 2013-10-01 22:18 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-30 15:32 - 2013-09-17 21:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-30 15:32 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-30 15:31 - 2010-11-21 04:47 - 00680818 _____ () C:\Windows\PFRO.log
2014-12-30 15:31 - 2009-07-14 05:51 - 00108354 _____ () C:\Windows\setupact.log
2014-12-30 15:30 - 2013-09-17 21:42 - 01254843 _____ () C:\Windows\WindowsUpdate.log
2014-12-30 15:18 - 2013-10-01 22:18 - 00000000 ____D () C:\Users\niki\AppData\Local\Google
2014-12-30 15:18 - 2013-10-01 22:18 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-30 15:13 - 2013-10-23 21:49 - 00000000 ____D () C:\Users\niki\AppData\Local\Adobe
2014-12-30 15:12 - 2013-09-17 22:15 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-30 15:12 - 2013-09-17 21:42 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-30 15:12 - 2013-09-17 21:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-30 15:12 - 2013-09-17 21:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-30 15:07 - 2009-07-14 05:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-30 15:07 - 2009-07-14 05:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-25 11:29 - 2014-10-07 21:37 - 00000000 ____D () C:\AdwCleaner
2014-12-24 01:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Branding
2014-12-23 00:59 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-23 00:58 - 2010-11-21 07:50 - 00702890 _____ () C:\Windows\system32\perfh007.dat
2014-12-23 00:58 - 2010-11-21 07:50 - 00150498 _____ () C:\Windows\system32\perfc007.dat
2014-12-23 00:58 - 2009-07-14 06:13 - 01628108 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-23 00:53 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-23 00:43 - 2014-04-27 11:35 - 00000000 ____D () C:\Program Files (x86)\Adobe Download Assistant
2014-12-22 23:38 - 2013-09-30 13:55 - 00111936 _____ () C:\Users\niki\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-22 23:37 - 2009-07-14 05:45 - 00437640 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-22 22:38 - 2013-09-30 15:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-22 22:37 - 2009-07-14 03:34 - 00000612 _____ () C:\Windows\win.ini
2014-12-22 22:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-22 20:14 - 2013-09-30 13:54 - 00000000 ____D () C:\Users\niki
2014-12-22 15:28 - 2013-10-31 17:06 - 00000000 ____D () C:\Users\niki\AppData\Local\CrashDumps
2014-12-22 15:21 - 2013-11-05 21:21 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-12-22 13:51 - 2010-11-21 08:00 - 00000000 ____D () C:\Windows\ShellNew
2014-12-22 13:32 - 2013-09-17 22:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-12-22 13:32 - 2013-09-17 22:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-12-22 12:52 - 2013-09-30 13:54 - 00000000 ____D () C:\Users\niki\AppData\Local\VirtualStore
2014-12-22 11:57 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-20 17:57 - 2013-10-23 21:50 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-16 21:46 - 2013-12-03 13:10 - 00000000 ____D () C:\Users\niki\Documents\Privat
2014-12-16 21:39 - 2013-10-02 17:03 - 00000000 ____D () C:\Users\niki\Documents\Diverses
2014-12-16 21:37 - 2013-10-13 15:35 - 00000000 ____D () C:\Users\niki\Documents\Medizin
2014-12-16 10:52 - 2013-10-01 22:23 - 00000000 ____D () C:\Users\niki\AppData\Roaming\Skype
2014-12-16 10:51 - 2014-09-22 22:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-16 10:51 - 2013-10-01 22:22 - 00000000 ____D () C:\ProgramData\Skype
2014-12-15 21:03 - 2014-01-28 23:18 - 00000000 ____D () C:\Users\niki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-14 22:57 - 2013-10-13 19:33 - 00000000 ____D () C:\Users\niki\AppData\Roaming\vlc
2014-12-11 11:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-10 22:56 - 2014-05-06 17:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 22:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 22:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 22:54 - 2013-09-30 14:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 22:51 - 2013-09-30 14:31 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 21:55 - 2013-10-01 21:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-10 09:14 - 2013-10-23 21:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-03 23:14 - 2014-11-03 13:12 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-03 23:14 - 2014-11-03 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-03 23:13 - 2014-11-03 13:12 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-03 23:13 - 2014-01-21 12:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-03 18:27 - 2013-09-30 13:55 - 00000000 ____D () C:\Users\niki\AppData\Roaming\Adobe
2014-12-02 13:01 - 2014-11-15 13:23 - 00002028 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-12-02 13:01 - 2014-09-28 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-12-02 13:01 - 2013-09-17 14:38 - 00289014 _____ () C:\Windows\DPINST.LOG
2014-12-02 13:00 - 2013-09-17 21:50 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-02 00:11 - 2014-11-27 19:43 - 00000000 ____D () C:\Users\niki\AppData\Roaming\fotoCharlyBestellsoftware
2014-12-01 23:27 - 2013-10-23 21:50 - 00000000 ____D () C:\ProgramData\Adobe

Some content of TEMP:
====================
C:\Users\niki\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6rzi65.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-15 14:54

==================== End Of Log ============================
--- --- ---


Danke ;-)
MfG

schrauber 31.12.2014 14:50
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:56075;https=127.0.0.1:56075
S2 privacyrubyBckp.exe; C:\Users\niki\AppData\Local\privacyrubyBckp\privacyrubyBckp.exe [X]

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Frisches FRST log bitte.

niko laus 31.12.2014 15:46
hallo,

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by niki at 2014-12-31 15:42:14 Run:3
Running from C:\Users\niki\Downloads
Loaded Profile: niki (Available profiles: niki)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:56075;https=127.0.0.1:56075
S2 privacyrubyBckp.exe; C:\Users\niki\AppData\Local\privacyrubyBckp\privacyrubyBckp.exe [X]
*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
privacyrubyBckp.exe => Service not found.

==== End of Fixlog 15:42:14 ====


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by niki (administrator) on NIKI-PC on 31-12-2014 15:42:25
Running from C:\Users\niki\Downloads
Loaded Profile: niki (Available profiles: niki)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Dropbox, Inc.) C:\Users\niki\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-05] (IDT, Inc.)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4805936 2012-08-23] (Intel(R) Corporation)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [371024 2013-03-05] (Wave Systems Corp.)
HKLM\...\Run: [DFEPApplication] => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-15] (Dell Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [132920 2013-05-31] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [371896 2012-05-23] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-12-22] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [468192 2014-10-15] (Sony)
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\...\Run: [GoogleChromeAutoLaunch_C8351AB8DC5F81FCC2E6ECC2DCBF253C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
AppInit_DLLs-x32: c:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => c:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257208 2012-05-23] (Citrix Systems, Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\niki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\niki\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\niki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3543611772-1706178384-50430059-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-AT&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fwww.google.com&OSP=
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3543611772-1706178384-50430059-1000 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPEB9455D2-AB5B-47BB-BF9B-73864E11D0B5&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3543611772-1706178384-50430059-1000 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-3543611772-1706178384-50430059-1000 -> {54C23A79-90E0-473C-B392-F0789B7170A7} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\niki\AppData\Roaming\Mozilla\Firefox\Profiles\oy1et1va.default-1412713448957
FF Homepage: www.orf.at
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\niki\AppData\Roaming\Mozilla\Firefox\Profiles\oy1et1va.default-1412713448957\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-22]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Users\niki\AppData\Roaming\Mozilla\Firefox\Profiles\oy1et1va.default-1412713448957\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=M6D5A8316-A292-439D-AE69-FC6F76933AE9&SearchSource=55&CUI=&UM=6&UP=SP6F7C34BB-0232-4423-82D0-DFBE3AAB5B94&SSPV=
CHR StartupUrls: Default -> "hxxp://www.google.at/", "hxxp://www.mystartsearch.com/?type=hp&ts=1419006484&from=wpc&uid=HGSTXHTS725050A7E630_TF755BWHKKEVWSKKEVWSX", "hxxp://www/"
CHR Profile: C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-30]
CHR Extension: (Google Drive) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-30]
CHR Extension: (YouTube) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-30]
CHR Extension: (Avast SafePrice) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-12-30]
CHR Extension: (Avast Online Security) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-30]
CHR Extension: (Google Wallet) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-30]
CHR Extension: (Google Mail) - C:\Users\niki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-30]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-22] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-22] (Avast Software)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [163840 2011-12-01] (Broadcom Corporation) [File not signed]
R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-15] (Dell Inc.)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [231792 2013-03-11] ()
R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [163840 2007-12-17] (SEIKO EPSON CORPORATION) [File not signed]
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [126464 2007-01-11] (SEIKO EPSON CORPORATION) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-05-23] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-31] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [21504 2013-01-21] (Dell, Inc.) [File not signed]
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-05-23] ()
S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] () [File not signed]
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1773056 2013-02-26] (Wave Systems Corp.) [File not signed]
S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254824 2013-03-08] (Wave Systems Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-22] ()
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2013-09-17] (Broadcom Corporation.)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-09-28] (Sony Mobile Communications)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-05-23] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-05-23] ()
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-10] (Windows (R) Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [270728 2014-12-22] (Avast Software)
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-10] (Windows (R) Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-31 15:36 - 2014-12-31 15:36 - 00000197 _____ () C:\Windows\system32\2014-12-31-14-36-47.013-AvastVBoxSVC.exe-6048.log
2014-12-31 11:38 - 2014-12-31 11:38 - 00000197 _____ () C:\Windows\system32\2014-12-31-10-38-11.093-AvastVBoxSVC.exe-7024.log
2014-12-30 16:33 - 2014-12-30 16:33 - 00000000 ____D () C:\Program Files\Common Files\SYSTEM
2014-12-30 15:34 - 2014-12-30 15:34 - 00000197 _____ () C:\Windows\system32\2014-12-30-14-34-55.006-AvastVBoxSVC.exe-4620.log
2014-12-30 15:27 - 2014-12-31 15:42 - 00000000 ____D () C:\FRST
2014-12-30 15:26 - 2014-12-30 15:27 - 00003934 _____ () C:\Users\niki\Desktop\Fixlist.txt
2014-12-30 15:18 - 2014-12-30 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-30 15:17 - 2014-12-30 15:17 - 00880784 _____ (Google Inc.) C:\Users\niki\Downloads\ChromeSetup.exe
2014-12-30 15:15 - 2014-12-30 15:15 - 00000000 __SHD () C:\Users\niki\AppData\Local\EmieUserList
2014-12-30 15:15 - 2014-12-30 15:15 - 00000000 __SHD () C:\Users\niki\AppData\Local\EmieSiteList
2014-12-30 15:15 - 2014-12-30 15:15 - 00000000 __SHD () C:\Users\niki\AppData\Local\EmieBrowserModeList
2014-12-30 15:02 - 2014-12-30 15:02 - 00000197 _____ () C:\Windows\system32\2014-12-30-14-02-44.090-AvastVBoxSVC.exe-3368.log
2014-12-30 12:34 - 2014-12-30 12:35 - 00000197 _____ () C:\Windows\system32\2014-12-30-11-34-47.045-AvastVBoxSVC.exe-6432.log
2014-12-29 13:39 - 2014-12-29 13:39 - 00000000 ____D () C:\Users\niki\Downloads\FRST-OlderVersion
2014-12-29 13:37 - 2014-12-29 13:37 - 00001133 _____ () C:\Users\niki\Desktop\checkup.txt
2014-12-29 13:26 - 2014-12-29 13:26 - 00852505 _____ () C:\Users\niki\Downloads\SecurityCheck.exe
2014-12-29 10:26 - 2014-12-31 15:35 - 00005014 _____ () C:\Windows\System32\Tasks\WSCEAA
2014-12-29 09:42 - 2014-12-29 09:42 - 00000197 _____ () C:\Windows\system32\2014-12-29-08-42-07.084-AvastVBoxSVC.exe-5148.log
2014-12-29 02:07 - 2014-12-29 02:07 - 00000197 _____ () C:\Windows\system32\2014-12-29-01-07-08.043-AvastVBoxSVC.exe-2280.log
2014-12-28 16:57 - 2014-12-28 16:57 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-28 16:56 - 2014-12-28 16:56 - 02347384 _____ (ESET) C:\Users\niki\Downloads\esetsmartinstaller_deu.exe
2014-12-28 16:49 - 2014-12-28 16:49 - 00000197 _____ () C:\Windows\system32\2014-12-28-15-49-20.079-AvastVBoxSVC.exe-4444.log
2014-12-25 21:54 - 2014-12-25 21:55 - 00000197 _____ () C:\Windows\system32\2014-12-25-20-54-33.079-AvastVBoxSVC.exe-7132.log
2014-12-25 11:58 - 2014-12-31 15:42 - 00028246 _____ () C:\Users\niki\Downloads\FRST.txt
2014-12-25 11:58 - 2014-12-25 11:59 - 00028728 _____ () C:\Users\niki\Downloads\Addition.txt
2014-12-25 11:57 - 2014-12-29 13:39 - 02123264 _____ (Farbar) C:\Users\niki\Downloads\FRST64.exe
2014-12-25 11:46 - 2014-12-25 11:46 - 00001141 _____ () C:\Users\niki\Desktop\JRT.txt
2014-12-25 11:39 - 2014-12-25 11:39 - 00000000 ____D () C:\Windows\ERUNT
2014-12-25 11:38 - 2014-12-25 11:38 - 00010383 _____ () C:\Users\niki\Desktop\AdwCleaner[S1].txt
2014-12-25 11:35 - 2014-12-25 11:35 - 00000197 _____ () C:\Windows\system32\2014-12-25-10-35-34.031-AvastVBoxSVC.exe-6792.log
2014-12-25 11:26 - 2014-12-25 11:26 - 00022185 _____ () C:\Users\niki\Desktop\mbam.txt
2014-12-25 11:20 - 2014-12-25 11:21 - 01707646 _____ (Thisisu) C:\Users\niki\Downloads\JRT.exe
2014-12-25 11:19 - 2014-12-25 11:19 - 00000793 _____ () C:\Users\niki\Desktop\Adware Cleaner.lnk
2014-12-25 11:18 - 2014-12-25 11:19 - 02173952 _____ () C:\Users\niki\Downloads\AdwCleaner_4.106.exe
2014-12-25 11:12 - 2014-12-25 11:12 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-25 11:11 - 2014-12-25 11:11 - 00000197 _____ () C:\Windows\system32\2014-12-25-10-11-25.044-AvastVBoxSVC.exe-6628.log
2014-12-24 01:12 - 2014-12-24 01:12 - 00000197 _____ () C:\Windows\system32\2014-12-24-00-12-00.009-AvastVBoxSVC.exe-4804.log
2014-12-24 00:52 - 2014-12-31 15:35 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-24 00:50 - 2014-12-24 00:50 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\niki\Downloads\mbam-setup-2.0.4.1028(1).exe
2014-12-24 00:50 - 2014-12-24 00:50 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-24 00:50 - 2014-12-24 00:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-24 00:50 - 2014-12-24 00:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-24 00:50 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-24 00:50 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-24 00:50 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-24 00:45 - 2014-12-24 00:46 - 00000197 _____ () C:\Windows\system32\2014-12-23-23-45-58.009-AvastVBoxSVC.exe-2284.log
2014-12-23 13:54 - 2014-12-23 13:54 - 00000197 _____ () C:\Windows\system32\2014-12-23-12-54-35.069-AvastVBoxSVC.exe-5060.log
2014-12-23 10:25 - 2014-12-23 10:26 - 00000197 _____ () C:\Windows\system32\2014-12-23-09-25-48.008-AvastVBoxSVC.exe-2544.log
2014-12-23 01:50 - 2014-12-23 01:50 - 00000197 _____ () C:\Windows\system32\2014-12-23-00-50-19.037-AvastVBoxSVC.exe-4204.log
2014-12-23 01:49 - 2014-12-23 01:49 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2014-12-23 01:29 - 2014-12-23 01:34 - 00000000 ____D () C:\Users\niki\Downloads
2014-12-23 01:07 - 2014-12-23 01:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-23 01:05 - 2014-12-23 01:06 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\niki\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-23 01:03 - 2014-12-23 01:03 - 02173952 _____ () C:\Users\niki\Downloads\Adwcleaner.exe
2014-12-23 00:59 - 2014-12-23 00:59 - 00045264 _____ () C:\Users\niki\Desktop\combofix.txt
2014-12-23 00:59 - 2014-12-23 00:59 - 00045264 _____ () C:\ComboFix.txt
2014-12-23 00:54 - 2014-12-23 00:55 - 00000197 _____ () C:\Windows\system32\2014-12-22-23-54-55.009-AvastVBoxSVC.exe-3808.log
2014-12-23 00:34 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-23 00:34 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-23 00:34 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-23 00:34 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-23 00:34 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-23 00:34 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-23 00:34 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-23 00:34 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-23 00:26 - 2014-12-23 00:59 - 00000000 ____D () C:\Qoobox
2014-12-23 00:25 - 2014-12-23 00:56 - 00000000 ____D () C:\Windows\erdnt
2014-12-23 00:24 - 2014-12-23 00:24 - 05601641 ____R (Swearware) C:\Users\niki\Desktop\ComboFix.exe
2014-12-23 00:20 - 2014-12-23 00:20 - 00000197 _____ () C:\Windows\system32\2014-12-22-23-20-56.000-AvastVBoxSVC.exe-5036.log
2014-12-22 23:42 - 2014-12-22 23:42 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\niki\Downloads\revosetup95.exe
2014-12-22 23:42 - 2014-12-22 23:42 - 00001266 _____ () C:\Users\niki\Desktop\Revo Uninstaller.lnk
2014-12-22 23:42 - 2014-12-22 23:42 - 00000197 _____ () C:\Windows\system32\2014-12-22-22-42-15.013-AvastVBoxSVC.exe-6580.log
2014-12-22 23:42 - 2014-12-22 23:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-22 21:45 - 2014-12-22 21:45 - 00002994 _____ () C:\Windows\System32\Tasks\{091C3AE4-4A64-4D2A-B31B-001F94FDC6A5}
2014-12-22 21:43 - 2014-12-22 21:43 - 00002994 _____ () C:\Windows\System32\Tasks\{388D4750-7C5F-4043-82A8-FE25657BA4E2}
2014-12-22 21:42 - 2014-12-22 21:42 - 00002994 _____ () C:\Windows\System32\Tasks\{06D9274E-2A91-479A-B77F-073D0CA62E8C}
2014-12-22 20:56 - 2014-12-22 20:56 - 05601641 _____ (Swearware) C:\Users\niki\Downloads\ComboFix.exe
2014-12-22 20:26 - 2014-12-22 20:26 - 00104857 _____ () C:\Users\niki\Desktop\gmer.txt
2014-12-22 20:16 - 2014-12-22 20:16 - 00380416 _____ () C:\Users\niki\Downloads\Gmer-19357.exe
2014-12-22 20:14 - 2014-12-22 20:14 - 00000470 _____ () C:\Users\niki\Downloads\defogger_disable.log
2014-12-22 20:14 - 2014-12-22 20:14 - 00000000 _____ () C:\Users\niki\defogger_reenable
2014-12-22 20:13 - 2014-12-22 20:13 - 00050477 _____ () C:\Users\niki\Downloads\Defogger.exe
2014-12-22 20:04 - 2014-12-22 20:04 - 00000197 _____ () C:\Windows\system32\2014-12-22-19-04-13.093-AvastVBoxSVC.exe-6652.log
2014-12-22 19:28 - 2014-12-22 19:28 - 00000197 _____ () C:\Windows\system32\2014-12-22-18-28-22.005-AvastVBoxSVC.exe-5540.log
2014-12-22 19:26 - 2014-12-30 15:25 - 00000000 ____D () C:\Users\niki\Desktop\FRST
2014-12-22 19:16 - 2014-12-22 19:16 - 00000197 _____ () C:\Windows\system32\2014-12-22-18-16-36.048-AvastVBoxSVC.exe-6504.log
2014-12-22 16:18 - 2014-12-22 16:19 - 00000247 _____ () C:\Windows\system32\2014-12-22-15-18-59.012-aswFe.exe-7420.log
2014-12-22 16:07 - 2014-12-22 16:18 - 00000247 _____ () C:\Windows\system32\2014-12-22-15-07-28.049-aswFe.exe-6208.log
2014-12-22 16:07 - 2014-12-22 16:07 - 00000197 _____ () C:\Windows\system32\2014-12-22-15-07-22.084-AvastVBoxSVC.exe-4212.log
2014-12-22 15:46 - 2014-12-22 15:46 - 00000247 _____ () C:\Windows\system32\2014-12-22-14-46-02.063-aswFe.exe-1256.log
2014-12-22 15:45 - 2014-12-22 15:45 - 00000197 _____ () C:\Windows\system32\2014-12-22-14-45-47.088-AvastVBoxSVC.exe-2912.log
2014-12-22 15:29 - 2014-12-23 00:43 - 00000000 ____D () C:\Program Files (x86)\e91ebb45-cfb2-49e2-b57a-d08f383054c5
2014-12-22 15:29 - 2014-12-23 00:43 - 00000000 ____D () C:\Program Files (x86)\bcfe1426-2038-4631-81a6-6e318fe3ee7e
2014-12-22 15:29 - 2014-12-22 15:29 - 00000247 _____ () C:\Windows\system32\2014-12-22-14-29-04.016-aswFe.exe-8556.log
2014-12-22 15:28 - 2014-12-22 15:29 - 00003568 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2014-12-22 15:28 - 2014-12-22 15:28 - 00000197 _____ () C:\Windows\system32\2014-12-22-14-28-45.064-AvastVBoxSVC.exe-5512.log
2014-12-22 15:13 - 2014-12-22 15:13 - 00000000 ____D () C:\Users\niki\AppData\Roaming\AVAST Software
2014-12-22 15:12 - 2014-12-31 15:40 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-22 15:12 - 2014-12-22 15:12 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-22 15:12 - 2014-12-22 15:12 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-22 15:12 - 2014-12-22 15:12 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-22 15:12 - 2014-12-22 15:12 - 00001966 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-22 15:12 - 2014-12-22 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-22 15:11 - 2014-12-22 15:11 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-22 13:53 - 2014-12-22 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-22 13:50 - 2014-12-22 13:50 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-12-22 13:48 - 2014-12-22 13:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-12-22 13:46 - 2014-12-22 13:48 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-12-22 13:46 - 2014-12-22 13:46 - 00000000 ____D () C:\Windows\PCHEALTH
2014-12-22 13:43 - 2014-12-22 13:43 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-12-22 13:43 - 2014-12-22 13:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-12-22 13:42 - 2014-12-22 13:46 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-12-22 13:42 - 2014-12-22 13:42 - 00000000 __RHD () C:\MSOCache
2014-12-22 13:24 - 2014-12-22 13:24 - 00000000 ____D () C:\Users\niki\AppData\Local\WinZip
2014-12-22 13:23 - 2014-12-22 13:23 - 00002197 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-12-22 13:23 - 2014-12-22 13:23 - 00002191 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-12-22 13:23 - 2014-12-22 13:23 - 00000000 ____D () C:\ProgramData\WinZip
2014-12-22 13:23 - 2014-12-22 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-12-22 13:23 - 2014-12-22 13:23 - 00000000 ____D () C:\Program Files\WinZip
2014-12-22 13:02 - 2014-12-22 13:02 - 00000247 _____ () C:\Windows\system32\2014-12-22-12-02-23.023-aswFe.exe-4360.log
2014-12-22 12:52 - 2014-12-22 13:01 - 00000247 _____ () C:\Windows\system32\2014-12-22-11-52-54.069-aswFe.exe-4060.log
2014-12-22 12:52 - 2014-12-22 12:52 - 00000197 _____ () C:\Windows\system32\2014-12-22-11-52-44.044-AvastVBoxSVC.exe-4420.log
2014-12-22 12:38 - 2014-12-22 12:38 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-12-22 12:38 - 2014-12-22 12:38 - 00000000 ____D () C:\Windows\system32\vbox
2014-12-22 12:36 - 2014-12-22 12:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-12-22 12:36 - 2014-12-22 12:36 - 00000000 ____D () C:\Program Files\7-Zip
2014-12-22 12:30 - 2014-12-22 15:11 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-22 11:45 - 2014-12-22 11:45 - 00000000 ____D () C:\Bak
2014-12-20 17:52 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141220-175253.backup
2014-12-20 17:41 - 2014-12-23 00:50 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-20 17:41 - 2014-12-23 00:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-20 17:41 - 2014-12-20 17:41 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-12-19 17:25 - 2014-12-29 09:58 - 00000000 ____D () C:\Program Files (x86)\BuyNsaave
2014-12-18 13:41 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 13:41 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 08:14 - 2014-12-17 08:14 - 00000000 ____D () C:\Users\niki\Documents\Bluetooth-Exchange-Ordner
2014-12-16 21:45 - 2014-12-31 12:03 - 00000000 ____D () C:\Users\niki\Documents\Outlook-Dateien
2014-12-14 22:06 - 2014-12-23 01:31 - 00000000 ____D () C:\Users\niki\AppData\Roaming
2014-12-10 22:56 - 2014-12-10 22:56 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 22:49 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 22:49 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 22:05 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 22:05 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 22:05 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 22:05 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 22:05 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 22:05 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 22:05 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 22:05 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 22:05 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 22:05 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 22:05 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 22:05 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 22:05 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 22:05 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 22:05 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 22:05 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 22:05 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 22:05 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 22:05 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 22:05 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 22:05 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 22:05 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 22:05 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 22:05 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 22:05 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 22:05 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 22:05 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 22:05 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 22:05 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 22:05 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 22:05 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 22:05 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 22:05 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 22:05 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 22:05 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 22:05 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 22:05 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 22:05 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 22:05 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 22:05 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 22:05 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 22:05 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 22:05 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 22:05 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 22:05 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 22:05 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 22:05 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 22:05 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 22:05 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 22:05 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 22:05 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 22:05 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 22:05 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 22:05 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 22:05 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 22:05 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 22:05 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 22:05 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 22:05 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 22:05 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 22:05 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 22:05 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 22:05 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 22:05 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 22:05 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 22:04 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 22:04 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 22:04 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 22:04 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 22:04 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 22:04 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 22:04 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 22:04 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 22:04 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 22:04 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 22:04 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 22:04 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 22:04 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 22:04 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 19:56 - 2014-12-09 19:56 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-09 19:27 - 2014-12-22 22:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-04 11:24 - 2014-12-04 13:32 - 00001064 _____ () C:\Users\niki\Desktop\Adobe Bridge CC (64bit).lnk
2014-12-03 18:27 - 2014-12-16 21:39 - 00000000 ____D () C:\Users\niki\Documents\Adobe
2014-12-03 10:58 - 2014-12-03 10:58 - 00001032 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CC (64bit).lnk
2014-12-03 10:23 - 2014-12-03 10:23 - 00003498 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-niki-PC-niki
2014-12-03 10:23 - 2014-12-03 10:23 - 00000000 ____D () C:\Users\niki\AppData\Roaming\PDAppFlex
2014-12-01 23:33 - 2014-12-20 17:55 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-12-01 23:27 - 2014-12-20 17:57 - 00000000 ____D () C:\Program Files\Adobe
2014-12-01 23:22 - 2014-12-03 10:57 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-01 23:17 - 2014-12-01 23:17 - 00000000 ___RD () C:\Users\niki\Creative Cloud Files
2014-12-01 23:14 - 2014-12-01 23:23 - 00000000 ____D () C:\ProgramData\Package Cache

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-31 15:41 - 2009-07-14 05:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-31 15:41 - 2009-07-14 05:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-31 15:35 - 2014-01-28 23:19 - 00000000 ___RD () C:\Users\niki\Dropbox
2014-12-31 15:35 - 2014-01-28 23:17 - 00000000 ____D () C:\Users\niki\AppData\Roaming\Dropbox
2014-12-31 15:33 - 2013-10-23 21:49 - 00000000 ____D () C:\Users\niki\AppData\Local\Adobe
2014-12-31 15:33 - 2013-10-01 22:18 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-31 15:33 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-31 15:32 - 2009-07-14 05:51 - 00108466 _____ () C:\Windows\setupact.log
2014-12-31 12:04 - 2013-09-17 21:42 - 01283971 _____ () C:\Windows\WindowsUpdate.log
2014-12-31 11:56 - 2013-09-17 21:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-31 11:40 - 2013-10-23 21:50 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-31 11:40 - 2013-09-30 13:55 - 00000000 ____D () C:\Users\niki\AppData\Roaming\Adobe
2014-12-30 16:33 - 2013-09-30 15:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-30 16:33 - 2009-07-14 03:34 - 00000612 _____ () C:\Windows\win.ini
2014-12-30 15:55 - 2010-11-21 07:50 - 00702890 _____ () C:\Windows\system32\perfh007.dat
2014-12-30 15:55 - 2010-11-21 07:50 - 00150498 _____ () C:\Windows\system32\perfc007.dat
2014-12-30 15:55 - 2009-07-14 06:13 - 01628108 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-30 15:31 - 2010-11-21 04:47 - 00680818 _____ () C:\Windows\PFRO.log
2014-12-30 15:18 - 2013-10-01 22:18 - 00000000 ____D () C:\Users\niki\AppData\Local\Google
2014-12-30 15:18 - 2013-10-01 22:18 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-30 15:12 - 2013-09-17 22:15 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-30 15:12 - 2013-09-17 21:42 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-30 15:12 - 2013-09-17 21:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-30 15:12 - 2013-09-17 21:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-25 11:29 - 2014-10-07 21:37 - 00000000 ____D () C:\AdwCleaner
2014-12-24 01:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Branding
2014-12-23 00:59 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-23 00:53 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-23 00:43 - 2014-04-27 11:35 - 00000000 ____D () C:\Program Files (x86)\Adobe Download Assistant
2014-12-22 23:38 - 2013-09-30 13:55 - 00111936 _____ () C:\Users\niki\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-22 23:37 - 2009-07-14 05:45 - 00437640 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-22 22:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-22 20:14 - 2013-09-30 13:54 - 00000000 ____D () C:\Users\niki
2014-12-22 15:28 - 2013-10-31 17:06 - 00000000 ____D () C:\Users\niki\AppData\Local\CrashDumps
2014-12-22 15:21 - 2013-11-05 21:21 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-12-22 13:51 - 2010-11-21 08:00 - 00000000 ____D () C:\Windows\ShellNew
2014-12-22 13:32 - 2013-09-17 22:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-12-22 13:32 - 2013-09-17 22:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-12-22 12:52 - 2013-09-30 13:54 - 00000000 ____D () C:\Users\niki\AppData\Local\VirtualStore
2014-12-22 11:57 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-16 21:46 - 2013-12-03 13:10 - 00000000 ____D () C:\Users\niki\Documents\Privat
2014-12-16 21:39 - 2013-10-02 17:03 - 00000000 ____D () C:\Users\niki\Documents\Diverses
2014-12-16 21:37 - 2013-10-13 15:35 - 00000000 ____D () C:\Users\niki\Documents\Medizin
2014-12-16 10:52 - 2013-10-01 22:23 - 00000000 ____D () C:\Users\niki\AppData\Roaming\Skype
2014-12-16 10:51 - 2014-09-22 22:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-16 10:51 - 2013-10-01 22:22 - 00000000 ____D () C:\ProgramData\Skype
2014-12-15 21:03 - 2014-01-28 23:18 - 00000000 ____D () C:\Users\niki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-14 22:57 - 2013-10-13 19:33 - 00000000 ____D () C:\Users\niki\AppData\Roaming\vlc
2014-12-11 11:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-10 22:56 - 2014-05-06 17:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 22:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 22:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 22:54 - 2013-09-30 14:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 22:51 - 2013-09-30 14:31 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 21:55 - 2013-10-01 21:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-10 09:14 - 2013-10-23 21:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-03 23:14 - 2014-11-03 13:12 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-03 23:14 - 2014-11-03 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-03 23:13 - 2014-11-03 13:12 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-03 23:13 - 2014-01-21 12:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-02 13:01 - 2014-11-15 13:23 - 00002028 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-12-02 13:01 - 2014-09-28 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-12-02 13:01 - 2013-09-17 14:38 - 00289014 _____ () C:\Windows\DPINST.LOG
2014-12-02 13:00 - 2013-09-17 21:50 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-02 00:11 - 2014-11-27 19:43 - 00000000 ____D () C:\Users\niki\AppData\Roaming\fotoCharlyBestellsoftware
2014-12-01 23:27 - 2013-10-23 21:50 - 00000000 ____D () C:\ProgramData\Adobe

Some content of TEMP:
====================
C:\Users\niki\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpx_yxdr.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-15 14:54

==================== End Of Log ============================
--- --- ---


Besten Dank, und guten Rutsch ins neue Jahr ;-)

MfG

schrauber 31.12.2014 18:26
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

niko laus 04.01.2015 11:33
Hallo,

Vielen Dank für deine Hilfe!!!! Es funktioniert jetzt alles wieder einwandfrei!! ;-)

Danke! ;-)

mfg

schrauber 04.01.2015 14:49
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:07 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58