AdwCleaner Logfile: Code:
# AdwCleaner v4.107 - Bericht erstellt am 15/01/2015 um 22:40:41
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-13.2 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : RAaM2 - RAINER-PC
# Gestartet von : C:\Users\RAaM2\Desktop\AdwCleaner_4.107.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : yewimmxqbs32
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online
Ordner Gelöscht : C:\Program Files\002
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\NCH Software
Ordner Gelöscht : C:\Program Files\RrFilter
Ordner Gelöscht : C:\Program Files\VideoConverter
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\RAaM2\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\RAaM2\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\RAaM2\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\RAaM2\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\RAaM2\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\RAaM2\AppData\Roaming\Windows Net Data
[!] Ordner Gelöscht : C:\Users\RAaM2\AppData\Roaming\Compatibility Verifier
Ordner Gelöscht : C:\Users\RAaM2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Ordner Gelöscht : C:\Users\RAaM2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Online
Ordner Gelöscht : C:\Users\RAaM2\AppData\Roaming\Mozilla\Firefox\Profiles\vs2ls8wg.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
Ordner Gelöscht : C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ainbkicbloikcngphmjfpjdemblcojdd
Ordner Gelöscht : C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Datei Gelöscht : C:\Windows\system32\drivers\netfilter.sys
Datei Gelöscht : C:\Users\RAaM2\AppData\Roaming\BabMaint.exe
Datei Gelöscht : C:\Users\RAaM2\AppData\Roaming\Mozilla\Firefox\Profiles\vs2ls8wg.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\RAaM2\AppData\Roaming\Mozilla\Firefox\Profiles\vs2ls8wg.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\RAaM2\AppData\Roaming\Mozilla\Firefox\Profiles\vs2ls8wg.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\bprotector web data
***** [ Tasks ] *****
Task Gelöscht : BitGuard
Task Gelöscht : EPUpdater
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ClickPotatoLite@ClickPotatoLite.com]
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\MenuButtonIE.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ClickPotatoLiteAx.Info
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ClickPotatoLiteAx.Info.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ClickPotatoLiteAX.UserProfiles
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ClickPotatoLiteAX.UserProfiles.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MenuButtonIE.ButtonIE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MenuButtonIE.ButtonIE.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKCU\Software\9edf8cb23cb943
Schlüssel Gelöscht : HKLM\SOFTWARE\9edf8cb23cb943
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D2083641-E57F-4EAB-BB85-0582424F4A29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4F36-8D02-8C43722EE5DA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Schlüssel Gelöscht : HKCU\Software\BABSOLUTION
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\clickpotatolitesa
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\Imesh
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\MGShareware
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Rr Savings
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\ClickPotatoLite
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\LevelQualityWatcher
Schlüssel Gelöscht : HKLM\SOFTWARE\MGShareware
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\RrSavings
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VIS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v12.0 (de)
[vs2ls8wg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.enabledItems", "{3112ca9c-de6d-4884-a869-9855de68056c}:7.1.20101113Wb1,vshare@toolbar:1.0.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17");
[vs2ls8wg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.vshare@toolbar.update.enabled", false);
-\\ Google Chrome v
[C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.delta-homes.com/web/?type=ds&ts=1402593230&from=wpm0612&uid=ST320LT012-1DG14C_W3P2NVM1XXXXW3P2NVM1&q={searchTerms}
[C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
-\\ Opera v0.0.0.0
[C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.delta-homes.com/web/?type=ds&ts=1402593230&from=wpm0612&uid=ST320LT012-1DG14C_W3P2NVM1XXXXW3P2NVM1&q={searchTerms}
[C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
*************************
AdwCleaner[R0].txt - [8946 octets] - [15/01/2015 22:32:26]
AdwCleaner[S0].txt - [9112 octets] - [15/01/2015 22:40:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9172 octets] ########## --- --- ---
[/CODE]JRT Logfile: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x86
Ran by RAaM2 on 15.01.2015 at 22:57:15,98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files\freerip3"
Successfully deleted: [Folder] "C:\Program Files\myfree codec"
~~~ FireFox
Successfully deleted the following from C:\Users\RAaM2\AppData\Roaming\mozilla\firefox\profiles\vs2ls8wg.default\prefs.js
user_pref("google.toolbar.button_option.cached.gtbSearchBlogs", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchBlogs\" t
user_pref("google.toolbar.button_option.cached.gtbSearchPhotos", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchPhotos\"
user_pref("google.toolbar.button_option.cached.gtbSearchScholar", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchScholar
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_CTK0Y7F4MTG6NKYH03WT-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.01.2015 at 23:00:17,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --- --- ---
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015 01
Ran by RAaM2 (administrator) on RAINER-PC on 15-01-2015 23:02:06
Running from C:\Users\RAaM2\Desktop
Loaded Profiles: RAaM2 (Available profiles: RAaM2 & Sarah & Christa & Gast)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(REINER SCT) C:\Windows\System32\cjpcsc.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Windows\System32\PSIService.exe
() C:\Program Files\Macrium\Reflect\ReflectService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
() C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
() C:\Windows\System32\UMonit.exe
() C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\ZOOM\Edit_Share\bin\ZOOM Edit&Share startup.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Update\GoogleUpdate.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Users\RAaM2\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Google Quick Search Box] => C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [122880 2009-11-27] (Google Inc.)
HKLM\...\Run: [NetFxUpdate_v1.1.4322] => C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [106496 2004-08-10] (Microsoft)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1603152 2007-09-13] (CANON INC.)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [NPSStartup] => [X]
HKLM\...\Run: [UMonit] => C:\Windows\system32\UMonit.exe [200704 2007-06-18] ()
HKLM\...\Run: [BigDog303] => C:\Windows\VM303_STI.EXE [61440 2006-01-24] (Vimicro)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Path] => C:\Program Files\ZOOM\Edit_Share\bin\ZOOM Edit&Share startup.exe [1989632 2012-06-08] ()
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2296600 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2707992 2014-09-03] (Sony Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-27] (Google Inc.)
HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [Google Update] => C:\Users\RAaM2\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.)
HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [SkyDrive] => C:\Users\RAaM2\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation)
HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1565504 2014-12-16] (Samsung)
HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [KiesPDLR.exe] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-12-16] (Samsung)
HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\MountPoints2: {46bb24e7-c704-11e2-bb50-4061864d3aa8} - F:\setup_vmb_lite.exe /checkApplicationPresence
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\RAaM2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-837243161-1062950140-3748333167-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-837243161-1062950140-3748333167-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
HKU\S-1-5-21-837243161-1062950140-3748333167-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> DefaultScope {4128802F-8A28-42C8-A441-F464AA11DDFD} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GFRE_deDE355
SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {16639E9F-A73B-4829-BF1B-C8E7FA2A33A7} URL = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {17E5117F-F86D-40CA-B89B-2C5B34D78C4B} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&tag=iesearch-21&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {2BE66F85-635A-44FC-96C2-6CF411D6FAFE} URL = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {4128802F-8A28-42C8-A441-F464AA11DDFD} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GFRE_deDE355
SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {7616FC6D-7F42-41D3-8FAA-C4F318003C6D} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&tag=iesearchde-21&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {945F02B5-2F33-4B96-8841-835C510EC8C2} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&tag=iesearchde-21&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {A8A65AC0-056A-4CEE-9936-3FE3098CF4EA} URL = hxxp://suche.t-online.de/fast-cgi/tsc?q={searchTerms}&sr=searchbar
SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {BC87AC6A-4758-4D2A-94EC-84CD4274D282} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {BCB7F24B-F6E1-4BB1-BE9E-BF32BFE7DEA4} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&index=blended&linkCode=ur2&camp=1638&creative=6742&tag=iepluginsearch-21
SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {D691082F-E5F2-40CE-8941-3106EBE25670} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {EFDAAA28-5D6C-40C3-80EF-43B71364A10F} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&tag=iesearchde-21&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD3FF62E-61A7-48EE-A4A4-97CE7BD1F99D} https://eplace-eu.solvay.com/postauthACC/SodaAgent.CAB
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\RAaM2\AppData\Roaming\Mozilla\Firefox\Profiles\vs2ls8wg.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.4 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @real.com/nppl3260;version=6.0.12.448 -> C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-837243161-1062950140-3748333167-1000: @tools.google.com/Google Update;version=3 -> C:\Users\RAaM2\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-837243161-1062950140-3748333167-1000: @tools.google.com/Google Update;version=9 -> C:\Users\RAaM2\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-837243161-1062950140-3748333167-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\RAaM2\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-31]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-01]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-22]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-05-27]
FF HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Profile: C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (DER SPIEGEL) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aafpbllkmchckcndlogpofcepplhndlg [2012-11-16]
CHR Extension: (Google Drive) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Google Cast) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-03-20]
CHR Extension: (Adblock Plus) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-01]
CHR Extension: (Kindle Cloud Reader) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnemmpobpfaichgccgcilgncfigplmol [2014-11-11]
CHR Extension: (Google-Suche) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (TuneIn: Listen to Online Radio, Music and Talk Stations) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dblgfaikinhoidnoieheigjobmlkhcjc [2013-06-30]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-05-27]
CHR Extension: (Google News) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2013-01-10]
CHR Extension: (Simple Google bookmarks) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dobhkcpfdpfhghdmiecokllfjiemfmgm [2012-10-22]
CHR Extension: (Cut the Rope) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2012-12-31]
CHR Extension: (Dropbox) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2013-04-05]
CHR Extension: (SoundCloud) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2013-04-06]
CHR Extension: (Scratchpad) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjebfhglflhjjjiceimfkgicifkhjlnm [2012-11-16]
CHR Extension: (Super Mario Flash 2 Spiel) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\knbkkfblonehbjjkdfiejflknbokmame [2013-09-23]
CHR Extension: (Google Play) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2012-12-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-10]
CHR Extension: (Google Maps) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-01-10]
CHR Extension: (OneDrive) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2013-04-03]
CHR Extension: (LocalChromecast Player) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmladpigjlinmngadjgfogblnmddndcp [2014-03-25]
CHR Extension: (Google Wallet) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2012-11-24]
CHR Extension: (TV Movie Fernsehprogramm) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\omigcnbanchckjpihkioagdjjdhkhhdh [2013-10-05]
CHR Extension: (Wetter) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\paafljigflaodeomfbpjcggedcilkoop [2013-01-10]
CHR Extension: (Google Mail) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR StartMenuInternet: Google Chrome - C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-04-18] (Teruten) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software)
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [484888 2014-09-03] (Sony Corporation)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
S3 PS3 Media Server; C:\Program Files\PS3 Media Server\win32\service\wrapper.exe [217088 2008-08-17] () [File not signed]
R2 ReflectService; C:\Program Files\Macrium\Reflect\ReflectService.exe [220128 2009-11-12] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-07-27] () [File not signed]
S2 SamsungAllShareV2.0; C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [25504 2012-01-19] (Samsung Electronics Co., Ltd.)
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [657408 2009-10-27] (Nokia) [File not signed]
S3 SimpleSlideShowServer; C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe [27584 2012-03-02] (Samsung Electronics Co., Ltd.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
U2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [File not signed]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S2 Verifies and fixes application compatibility issues; C:\Users\RAaM2\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz) [File not signed]
R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT)
S3 DIGIFW; C:\Windows\System32\DRIVERS\digifw.sys [167952 2010-10-23] (Avid Technology, Inc.)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed]
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28312 2013-05-23] (Logitech, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
S3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1488096 2009-07-30] (NXP Semiconductors Germany GmbH)
S3 PSMounter; C:\Windows\system32\drivers\psmounter.sys [32736 2009-11-12] (Macrium Software)
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [15328 2008-05-20] (Macrium Software)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions) [File not signed]
S3 RTL8187B; C:\Windows\System32\DRIVERS\rtl8187B.sys [379904 2010-03-31] (Realtek Semiconductor Corporation )
R0 TPkd; C:\Windows\system32\Drivers\TPkd.sys [93304 2010-09-26] (PACE Anti-Piracy, Inc.)
R3 TrdCap; C:\Windows\System32\DRIVERS\TrdCap.sys [1554472 2010-06-09] (Trident Microsystems, Inc.)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
S3 ZMGHPAudioSrv; C:\Windows\System32\drivers\zmghpau.sys [38016 2011-02-18] (ZOOM)
S3 ZSMC303; C:\Windows\System32\Drivers\usbVM303.sys [391300 2006-02-23] (Vimicro Corporation)
S1 muhilvre; \??\C:\Windows\system32\drivers\muhilvre.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S2 WiseFS; \??\H:\Folders\Software\WFH\Wise Folder Hider\WiseFs32.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-15 23:00 - 2015-01-15 23:00 - 00002551 _____ () C:\Users\RAaM2\Desktop\JRT.txt
2015-01-15 22:57 - 2015-01-15 22:57 - 00000000 ____D () C:\Windows\ERUNT
2015-01-15 22:49 - 2015-01-15 22:49 - 00000562 _____ () C:\Windows\PFRO.log
2015-01-15 22:32 - 2015-01-15 22:46 - 00000000 ____D () C:\AdwCleaner
2015-01-15 22:29 - 2015-01-15 22:28 - 02191360 _____ () C:\Users\RAaM2\Desktop\AdwCleaner_4.107.exe
2015-01-15 22:29 - 2015-01-15 22:28 - 01707939 _____ (Thisisu) C:\Users\RAaM2\Desktop\JRT.exe
2015-01-15 22:28 - 2015-01-15 22:28 - 01707939 _____ (Thisisu) C:\Users\RAaM2\Downloads\JRT.exe
2015-01-15 22:27 - 2015-01-15 22:28 - 02191360 _____ () C:\Users\RAaM2\Downloads\AdwCleaner_4.107.exe
2015-01-15 21:21 - 2015-01-15 23:02 - 00034373 _____ () C:\Users\RAaM2\Desktop\FRST.txt
2015-01-15 21:21 - 2015-01-15 21:22 - 00070384 _____ () C:\Users\RAaM2\Desktop\Addition.txt
2015-01-15 21:20 - 2015-01-15 21:09 - 01116672 _____ (Farbar) C:\Users\RAaM2\Downloads\FRST.exe
2015-01-15 21:10 - 2015-01-15 23:02 - 00000000 ____D () C:\FRST
2015-01-15 21:08 - 2015-01-15 21:09 - 01116672 _____ (Farbar) C:\Users\RAaM2\Desktop\FRST.exe
2015-01-15 18:11 - 2015-01-15 21:05 - 00001287 _____ () C:\Users\RAaM2\Downloads\Stinger_15012015_181146.html
2015-01-15 17:30 - 2015-01-15 22:49 - 00001033 _____ () C:\Windows\setupact.log
2015-01-15 17:30 - 2015-01-15 17:30 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-15 16:45 - 2015-01-15 14:05 - 04188536 _____ (Piriform Ltd) C:\Users\RAaM2\Downloads\ccsetup501_slim.exe
2015-01-15 16:43 - 2015-01-15 21:09 - 00000114 ___RH () C:\Users\RAaM2\Downloads\Stinger.opt
2015-01-15 13:32 - 2015-01-15 13:32 - 00014029 _____ () C:\Users\RAaM2\Downloads\hijackthis.log
2015-01-15 13:22 - 2015-01-15 13:27 - 00388608 _____ (Trend Micro Inc.) C:\Users\RAaM2\Downloads\HiJackThis204.exe
2015-01-15 13:13 - 2015-01-15 13:13 - 00000000 ____D () C:\Quarantine
2015-01-15 13:07 - 2015-01-15 16:38 - 00001073 _____ () C:\Users\RAaM2\Downloads\Stinger_15012015_130717.html
2015-01-15 13:06 - 2015-01-15 21:09 - 00000000 ____D () C:\Program Files\stinger
2015-01-15 13:00 - 2015-01-15 13:04 - 11165552 _____ (McAfee Inc) C:\Users\RAaM2\Downloads\stinger32.exe
2015-01-14 17:28 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 17:28 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 17:27 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 17:27 - 2014-12-11 18:47 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 17:27 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 17:26 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 17:17 - 2015-01-15 22:49 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\Compatibility Verifier
2015-01-13 20:08 - 2015-01-15 22:30 - 00000112 _____ () C:\ProgramData\W4Gisl.dat
2015-01-13 20:08 - 2015-01-13 20:08 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-13 20:08 - 2015-01-13 20:08 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-13 20:08 - 2015-01-13 20:08 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-13 20:08 - 2015-01-13 20:08 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-13 20:06 - 2015-01-15 22:17 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2015-01-13 20:06 - 2015-01-15 22:17 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier
2015-01-01 18:05 - 2014-10-13 06:57 - 00184192 _____ (DEVGURU Co., LTD.(???? | ????? ???? ?????.)) C:\Windows\system32\Drivers\ssudmdm.sys
2015-01-01 18:05 - 2014-10-13 06:57 - 00089856 _____ (DEVGURU Co., LTD.(???? | ????? ???? ?????.)) C:\Windows\system32\Drivers\ssudbus.sys
2014-12-28 19:40 - 2014-12-28 19:40 - 00001221 _____ () C:\Users\RAaM2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TrayIt!.lnk
2014-12-28 19:39 - 2014-12-28 19:39 - 00000000 ____D () C:\Program Files\trayit_4_6_5_5
2014-12-28 19:35 - 2014-12-28 19:35 - 00000000 ____D () C:\Users\RAaM2\Downloads\nw_7668_trayitzip
2014-12-28 19:33 - 2014-12-28 19:33 - 00335253 _____ () C:\Users\RAaM2\Downloads\nw_7668_trayitzip.zip
2014-12-19 15:21 - 2014-12-19 15:21 - 04330507 _____ () C:\Users\RAaM2\Downloads\Tip0000-Download-Paket-Demo.zip
2014-12-18 12:05 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-15 23:00 - 2009-07-14 05:34 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 23:00 - 2009-07-14 05:34 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 22:51 - 2013-04-05 19:39 - 00000000 ___RD () C:\Users\RAaM2\Dropbox
2015-01-15 22:51 - 2013-04-05 19:34 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\Dropbox
2015-01-15 22:51 - 2013-04-03 15:10 - 00000000 ___RD () C:\Users\RAaM2\SkyDrive
2015-01-15 22:50 - 2014-07-14 18:35 - 00008192 _____ () C:\Windows\system32\WDPABKP.dat
2015-01-15 22:50 - 2013-01-26 20:32 - 00000000 ___RD () C:\Users\RAaM2\Google Drive
2015-01-15 22:50 - 2010-02-15 22:55 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-15 22:49 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 22:48 - 2009-11-27 21:31 - 01107954 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 22:41 - 2013-04-10 10:55 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-01-15 22:36 - 2013-10-04 16:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 22:36 - 2010-02-15 22:55 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-15 22:15 - 2011-07-22 21:58 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-837243161-1062950140-3748333167-1000UA.job
2015-01-15 21:11 - 2014-01-02 12:16 - 00000000 ____D () C:\Program Files\StarMoney 9.0 S-Edition
2015-01-15 17:14 - 2010-05-09 20:30 - 00000000 ____D () C:\Windows\Minidump
2015-01-15 17:11 - 2013-08-15 23:30 - 00000000 ____D () C:\Users\RAaM2\Desktop\Tools
2015-01-15 16:47 - 2014-01-29 13:10 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-15 12:15 - 2011-07-22 21:58 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-837243161-1062950140-3748333167-1000Core.job
2015-01-14 18:36 - 2012-10-24 17:25 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-14 18:36 - 2011-05-16 12:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-14 17:12 - 2013-08-15 23:45 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 16:45 - 2009-09-24 16:13 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 15:36 - 2009-11-27 21:31 - 00000000 ____D () C:\Users\RAaM2
2015-01-14 15:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-01-14 15:34 - 2014-10-10 17:19 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\Telegram Win (Unofficial)
2015-01-14 15:34 - 2013-08-15 23:28 - 00000000 ____D () C:\Users\RAaM2\Desktop\Handy
2015-01-14 15:34 - 2013-07-03 14:56 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-14 15:34 - 2012-03-10 15:38 - 00000000 ____D () C:\Users\Sarah
2015-01-14 15:34 - 2010-10-24 13:21 - 00000000 ____D () C:\Users\Christa
2015-01-14 15:34 - 2010-07-10 16:42 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-01-14 15:34 - 2010-01-16 12:23 - 00000000 ____D () C:\Users\Gast
2015-01-14 15:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-01-14 15:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-01-14 15:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-13 22:45 - 2009-09-24 15:43 - 01649492 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-02 17:15 - 2009-12-05 20:19 - 00000404 _____ () C:\Windows\Tasks\1-Klick-Wartung.job
2015-01-01 14:41 - 2013-11-12 23:15 - 00000000 ____D () C:\Users\RAaM2\Documents\SelfMV
2014-12-31 12:13 - 2009-10-05 17:03 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-23 19:41 - 2012-08-03 16:13 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\Skype
2014-12-22 21:22 - 2014-10-22 14:02 - 00000000 ___RD () C:\Program Files\Skype
2014-12-22 21:22 - 2012-08-03 16:13 - 00000000 ____D () C:\ProgramData\Skype
2014-12-19 15:25 - 2009-12-05 01:01 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\vlc
2014-12-17 21:27 - 2009-12-02 23:08 - 00002648 _____ () C:\Users\RAaM2\AppData\Roaming\wklnhst.dat
2014-12-17 17:45 - 2013-04-05 19:36 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
Files to move or delete:
====================
C:\ProgramData\W4Gisl.dat
Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\{7815BC09-5CB0-49E5-B205-E2E29FD09BC9}-21.0.1180.60_chrome_installer.exe
C:\Users\RAaM2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpawoxya.dll
C:\Users\RAaM2\AppData\Local\Temp\Quarantine.exe
C:\Users\RAaM2\AppData\Local\Temp\repair4.exe
C:\Users\RAaM2\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2013-10-31 09:04
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- ---
--- --- ---
--- --- ---
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015 01
Ran by RAaM2 (administrator) on RAINER-PC on 15-01-2015 23:02:06
Running from C:\Users\RAaM2\Desktop
Loaded Profiles: RAaM2 (Available profiles: RAaM2 & Sarah & Christa & Gast)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(REINER SCT) C:\Windows\System32\cjpcsc.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Windows\System32\PSIService.exe
() C:\Program Files\Macrium\Reflect\ReflectService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
() C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
() C:\Windows\System32\UMonit.exe
() C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\ZOOM\Edit_Share\bin\ZOOM Edit&Share startup.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Update\GoogleUpdate.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Users\RAaM2\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Google Quick Search Box] => C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [122880 2009-11-27] (Google Inc.)
HKLM\...\Run: [NetFxUpdate_v1.1.4322] => C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [106496 2004-08-10] (Microsoft)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1603152 2007-09-13] (CANON INC.)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [NPSStartup] => [X]
HKLM\...\Run: [UMonit] => C:\Windows\system32\UMonit.exe [200704 2007-06-18] ()
HKLM\...\Run: [BigDog303] => C:\Windows\VM303_STI.EXE [61440 2006-01-24] (Vimicro)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Path] => C:\Program Files\ZOOM\Edit_Share\bin\ZOOM Edit&Share startup.exe [1989632 2012-06-08] ()
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2296600 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2707992 2014-09-03] (Sony Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-27] (Google Inc.)
HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [Google Update] => C:\Users\RAaM2\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.)
HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [SkyDrive] => C:\Users\RAaM2\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation)
HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1565504 2014-12-16] (Samsung)
HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [KiesPDLR.exe] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-12-16] (Samsung)
HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\MountPoints2: {46bb24e7-c704-11e2-bb50-4061864d3aa8} - F:\setup_vmb_lite.exe /checkApplicationPresence
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\RAaM2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-837243161-1062950140-3748333167-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-837243161-1062950140-3748333167-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
HKU\S-1-5-21-837243161-1062950140-3748333167-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> DefaultScope {4128802F-8A28-42C8-A441-F464AA11DDFD} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GFRE_deDE355
SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {16639E9F-A73B-4829-BF1B-C8E7FA2A33A7} URL = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {17E5117F-F86D-40CA-B89B-2C5B34D78C4B} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&tag=iesearch-21&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {2BE66F85-635A-44FC-96C2-6CF411D6FAFE} URL = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {4128802F-8A28-42C8-A441-F464AA11DDFD} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GFRE_deDE355
SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {7616FC6D-7F42-41D3-8FAA-C4F318003C6D} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&tag=iesearchde-21&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {945F02B5-2F33-4B96-8841-835C510EC8C2} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&tag=iesearchde-21&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {A8A65AC0-056A-4CEE-9936-3FE3098CF4EA} URL = hxxp://suche.t-online.de/fast-cgi/tsc?q={searchTerms}&sr=searchbar
SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {BC87AC6A-4758-4D2A-94EC-84CD4274D282} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {BCB7F24B-F6E1-4BB1-BE9E-BF32BFE7DEA4} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&index=blended&linkCode=ur2&camp=1638&creative=6742&tag=iepluginsearch-21
SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {D691082F-E5F2-40CE-8941-3106EBE25670} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {EFDAAA28-5D6C-40C3-80EF-43B71364A10F} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&tag=iesearchde-21&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD3FF62E-61A7-48EE-A4A4-97CE7BD1F99D} https://eplace-eu.solvay.com/postauthACC/SodaAgent.CAB
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\RAaM2\AppData\Roaming\Mozilla\Firefox\Profiles\vs2ls8wg.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.4 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @real.com/nppl3260;version=6.0.12.448 -> C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-837243161-1062950140-3748333167-1000: @tools.google.com/Google Update;version=3 -> C:\Users\RAaM2\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-837243161-1062950140-3748333167-1000: @tools.google.com/Google Update;version=9 -> C:\Users\RAaM2\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-837243161-1062950140-3748333167-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\RAaM2\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-31]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-01]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-22]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-05-27]
FF HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Profile: C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (DER SPIEGEL) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aafpbllkmchckcndlogpofcepplhndlg [2012-11-16]
CHR Extension: (Google Drive) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Google Cast) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-03-20]
CHR Extension: (Adblock Plus) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-01]
CHR Extension: (Kindle Cloud Reader) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnemmpobpfaichgccgcilgncfigplmol [2014-11-11]
CHR Extension: (Google-Suche) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (TuneIn: Listen to Online Radio, Music and Talk Stations) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dblgfaikinhoidnoieheigjobmlkhcjc [2013-06-30]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-05-27]
CHR Extension: (Google News) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2013-01-10]
CHR Extension: (Simple Google bookmarks) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dobhkcpfdpfhghdmiecokllfjiemfmgm [2012-10-22]
CHR Extension: (Cut the Rope) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2012-12-31]
CHR Extension: (Dropbox) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2013-04-05]
CHR Extension: (SoundCloud) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2013-04-06]
CHR Extension: (Scratchpad) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjebfhglflhjjjiceimfkgicifkhjlnm [2012-11-16]
CHR Extension: (Super Mario Flash 2 Spiel) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\knbkkfblonehbjjkdfiejflknbokmame [2013-09-23]
CHR Extension: (Google Play) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2012-12-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-10]
CHR Extension: (Google Maps) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-01-10]
CHR Extension: (OneDrive) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2013-04-03]
CHR Extension: (LocalChromecast Player) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmladpigjlinmngadjgfogblnmddndcp [2014-03-25]
CHR Extension: (Google Wallet) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2012-11-24]
CHR Extension: (TV Movie Fernsehprogramm) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\omigcnbanchckjpihkioagdjjdhkhhdh [2013-10-05]
CHR Extension: (Wetter) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\paafljigflaodeomfbpjcggedcilkoop [2013-01-10]
CHR Extension: (Google Mail) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR StartMenuInternet: Google Chrome - C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-04-18] (Teruten) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software)
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [484888 2014-09-03] (Sony Corporation)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
S3 PS3 Media Server; C:\Program Files\PS3 Media Server\win32\service\wrapper.exe [217088 2008-08-17] () [File not signed]
R2 ReflectService; C:\Program Files\Macrium\Reflect\ReflectService.exe [220128 2009-11-12] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-07-27] () [File not signed]
S2 SamsungAllShareV2.0; C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [25504 2012-01-19] (Samsung Electronics Co., Ltd.)
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [657408 2009-10-27] (Nokia) [File not signed]
S3 SimpleSlideShowServer; C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe [27584 2012-03-02] (Samsung Electronics Co., Ltd.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
U2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [File not signed]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S2 Verifies and fixes application compatibility issues; C:\Users\RAaM2\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz) [File not signed]
R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT)
S3 DIGIFW; C:\Windows\System32\DRIVERS\digifw.sys [167952 2010-10-23] (Avid Technology, Inc.)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed]
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28312 2013-05-23] (Logitech, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
S3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1488096 2009-07-30] (NXP Semiconductors Germany GmbH)
S3 PSMounter; C:\Windows\system32\drivers\psmounter.sys [32736 2009-11-12] (Macrium Software)
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [15328 2008-05-20] (Macrium Software)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions) [File not signed]
S3 RTL8187B; C:\Windows\System32\DRIVERS\rtl8187B.sys [379904 2010-03-31] (Realtek Semiconductor Corporation )
R0 TPkd; C:\Windows\system32\Drivers\TPkd.sys [93304 2010-09-26] (PACE Anti-Piracy, Inc.)
R3 TrdCap; C:\Windows\System32\DRIVERS\TrdCap.sys [1554472 2010-06-09] (Trident Microsystems, Inc.)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
S3 ZMGHPAudioSrv; C:\Windows\System32\drivers\zmghpau.sys [38016 2011-02-18] (ZOOM)
S3 ZSMC303; C:\Windows\System32\Drivers\usbVM303.sys [391300 2006-02-23] (Vimicro Corporation)
S1 muhilvre; \??\C:\Windows\system32\drivers\muhilvre.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S2 WiseFS; \??\H:\Folders\Software\WFH\Wise Folder Hider\WiseFs32.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-15 23:00 - 2015-01-15 23:00 - 00002551 _____ () C:\Users\RAaM2\Desktop\JRT.txt
2015-01-15 22:57 - 2015-01-15 22:57 - 00000000 ____D () C:\Windows\ERUNT
2015-01-15 22:49 - 2015-01-15 22:49 - 00000562 _____ () C:\Windows\PFRO.log
2015-01-15 22:32 - 2015-01-15 22:46 - 00000000 ____D () C:\AdwCleaner
2015-01-15 22:29 - 2015-01-15 22:28 - 02191360 _____ () C:\Users\RAaM2\Desktop\AdwCleaner_4.107.exe
2015-01-15 22:29 - 2015-01-15 22:28 - 01707939 _____ (Thisisu) C:\Users\RAaM2\Desktop\JRT.exe
2015-01-15 22:28 - 2015-01-15 22:28 - 01707939 _____ (Thisisu) C:\Users\RAaM2\Downloads\JRT.exe
2015-01-15 22:27 - 2015-01-15 22:28 - 02191360 _____ () C:\Users\RAaM2\Downloads\AdwCleaner_4.107.exe
2015-01-15 21:21 - 2015-01-15 23:02 - 00034373 _____ () C:\Users\RAaM2\Desktop\FRST.txt
2015-01-15 21:21 - 2015-01-15 21:22 - 00070384 _____ () C:\Users\RAaM2\Desktop\Addition.txt
2015-01-15 21:20 - 2015-01-15 21:09 - 01116672 _____ (Farbar) C:\Users\RAaM2\Downloads\FRST.exe
2015-01-15 21:10 - 2015-01-15 23:02 - 00000000 ____D () C:\FRST
2015-01-15 21:08 - 2015-01-15 21:09 - 01116672 _____ (Farbar) C:\Users\RAaM2\Desktop\FRST.exe
2015-01-15 18:11 - 2015-01-15 21:05 - 00001287 _____ () C:\Users\RAaM2\Downloads\Stinger_15012015_181146.html
2015-01-15 17:30 - 2015-01-15 22:49 - 00001033 _____ () C:\Windows\setupact.log
2015-01-15 17:30 - 2015-01-15 17:30 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-15 16:45 - 2015-01-15 14:05 - 04188536 _____ (Piriform Ltd) C:\Users\RAaM2\Downloads\ccsetup501_slim.exe
2015-01-15 16:43 - 2015-01-15 21:09 - 00000114 ___RH () C:\Users\RAaM2\Downloads\Stinger.opt
2015-01-15 13:32 - 2015-01-15 13:32 - 00014029 _____ () C:\Users\RAaM2\Downloads\hijackthis.log
2015-01-15 13:22 - 2015-01-15 13:27 - 00388608 _____ (Trend Micro Inc.) C:\Users\RAaM2\Downloads\HiJackThis204.exe
2015-01-15 13:13 - 2015-01-15 13:13 - 00000000 ____D () C:\Quarantine
2015-01-15 13:07 - 2015-01-15 16:38 - 00001073 _____ () C:\Users\RAaM2\Downloads\Stinger_15012015_130717.html
2015-01-15 13:06 - 2015-01-15 21:09 - 00000000 ____D () C:\Program Files\stinger
2015-01-15 13:00 - 2015-01-15 13:04 - 11165552 _____ (McAfee Inc) C:\Users\RAaM2\Downloads\stinger32.exe
2015-01-14 17:28 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 17:28 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 17:27 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 17:27 - 2014-12-11 18:47 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 17:27 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 17:26 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 17:17 - 2015-01-15 22:49 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\Compatibility Verifier
2015-01-13 20:08 - 2015-01-15 22:30 - 00000112 _____ () C:\ProgramData\W4Gisl.dat
2015-01-13 20:08 - 2015-01-13 20:08 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-13 20:08 - 2015-01-13 20:08 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-13 20:08 - 2015-01-13 20:08 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-13 20:08 - 2015-01-13 20:08 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-13 20:06 - 2015-01-15 22:17 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2015-01-13 20:06 - 2015-01-15 22:17 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier
2015-01-01 18:05 - 2014-10-13 06:57 - 00184192 _____ (DEVGURU Co., LTD.(???? | ????? ???? ?????.)) C:\Windows\system32\Drivers\ssudmdm.sys
2015-01-01 18:05 - 2014-10-13 06:57 - 00089856 _____ (DEVGURU Co., LTD.(???? | ????? ???? ?????.)) C:\Windows\system32\Drivers\ssudbus.sys
2014-12-28 19:40 - 2014-12-28 19:40 - 00001221 _____ () C:\Users\RAaM2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TrayIt!.lnk
2014-12-28 19:39 - 2014-12-28 19:39 - 00000000 ____D () C:\Program Files\trayit_4_6_5_5
2014-12-28 19:35 - 2014-12-28 19:35 - 00000000 ____D () C:\Users\RAaM2\Downloads\nw_7668_trayitzip
2014-12-28 19:33 - 2014-12-28 19:33 - 00335253 _____ () C:\Users\RAaM2\Downloads\nw_7668_trayitzip.zip
2014-12-19 15:21 - 2014-12-19 15:21 - 04330507 _____ () C:\Users\RAaM2\Downloads\Tip0000-Download-Paket-Demo.zip
2014-12-18 12:05 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-15 23:00 - 2009-07-14 05:34 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 23:00 - 2009-07-14 05:34 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 22:51 - 2013-04-05 19:39 - 00000000 ___RD () C:\Users\RAaM2\Dropbox
2015-01-15 22:51 - 2013-04-05 19:34 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\Dropbox
2015-01-15 22:51 - 2013-04-03 15:10 - 00000000 ___RD () C:\Users\RAaM2\SkyDrive
2015-01-15 22:50 - 2014-07-14 18:35 - 00008192 _____ () C:\Windows\system32\WDPABKP.dat
2015-01-15 22:50 - 2013-01-26 20:32 - 00000000 ___RD () C:\Users\RAaM2\Google Drive
2015-01-15 22:50 - 2010-02-15 22:55 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-15 22:49 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 22:48 - 2009-11-27 21:31 - 01107954 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 22:41 - 2013-04-10 10:55 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-01-15 22:36 - 2013-10-04 16:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 22:36 - 2010-02-15 22:55 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-15 22:15 - 2011-07-22 21:58 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-837243161-1062950140-3748333167-1000UA.job
2015-01-15 21:11 - 2014-01-02 12:16 - 00000000 ____D () C:\Program Files\StarMoney 9.0 S-Edition
2015-01-15 17:14 - 2010-05-09 20:30 - 00000000 ____D () C:\Windows\Minidump
2015-01-15 17:11 - 2013-08-15 23:30 - 00000000 ____D () C:\Users\RAaM2\Desktop\Tools
2015-01-15 16:47 - 2014-01-29 13:10 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-15 12:15 - 2011-07-22 21:58 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-837243161-1062950140-3748333167-1000Core.job
2015-01-14 18:36 - 2012-10-24 17:25 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-14 18:36 - 2011-05-16 12:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-14 17:12 - 2013-08-15 23:45 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 16:45 - 2009-09-24 16:13 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 15:36 - 2009-11-27 21:31 - 00000000 ____D () C:\Users\RAaM2
2015-01-14 15:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-01-14 15:34 - 2014-10-10 17:19 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\Telegram Win (Unofficial)
2015-01-14 15:34 - 2013-08-15 23:28 - 00000000 ____D () C:\Users\RAaM2\Desktop\Handy
2015-01-14 15:34 - 2013-07-03 14:56 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-14 15:34 - 2012-03-10 15:38 - 00000000 ____D () C:\Users\Sarah
2015-01-14 15:34 - 2010-10-24 13:21 - 00000000 ____D () C:\Users\Christa
2015-01-14 15:34 - 2010-07-10 16:42 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-01-14 15:34 - 2010-01-16 12:23 - 00000000 ____D () C:\Users\Gast
2015-01-14 15:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-01-14 15:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-01-14 15:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-13 22:45 - 2009-09-24 15:43 - 01649492 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-02 17:15 - 2009-12-05 20:19 - 00000404 _____ () C:\Windows\Tasks\1-Klick-Wartung.job
2015-01-01 14:41 - 2013-11-12 23:15 - 00000000 ____D () C:\Users\RAaM2\Documents\SelfMV
2014-12-31 12:13 - 2009-10-05 17:03 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-23 19:41 - 2012-08-03 16:13 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\Skype
2014-12-22 21:22 - 2014-10-22 14:02 - 00000000 ___RD () C:\Program Files\Skype
2014-12-22 21:22 - 2012-08-03 16:13 - 00000000 ____D () C:\ProgramData\Skype
2014-12-19 15:25 - 2009-12-05 01:01 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\vlc
2014-12-17 21:27 - 2009-12-02 23:08 - 00002648 _____ () C:\Users\RAaM2\AppData\Roaming\wklnhst.dat
2014-12-17 17:45 - 2013-04-05 19:36 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
Files to move or delete:
====================
C:\ProgramData\W4Gisl.dat
Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\{7815BC09-5CB0-49E5-B205-E2E29FD09BC9}-21.0.1180.60_chrome_installer.exe
C:\Users\RAaM2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpawoxya.dll
C:\Users\RAaM2\AppData\Local\Temp\Quarantine.exe
C:\Users\RAaM2\AppData\Local\Temp\repair4.exe
C:\Users\RAaM2\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2013-10-31 09:04
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- ---
--- --- ---
Sorry, FRST hab ich zweimal hochgeladen. Eure Board Software sagte dass ich nur alle 40 Sek eine Antwort schicken kann. Da hab ich's nochmal geschickt.
Hey cosinus. Ist jetzt alles ok? Dann würde ich den PC nochmal neu starten.
Und wie kann ich feststellen ob db22.exe noch aktiv ist?
Erstmal vielen Dank zwischendurch!!! |