Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Firefox durch Werbung unbrauchbar, viele Internet Explorer Prozesse (https://www.trojaner-board.de/166232-firefox-werbung-unbrauchbar-viele-internet-explorer-prozesse.html)

NoMW! 18.04.2015 18:35
Firefox durch Werbung unbrauchbar, viele Internet Explorer Prozesse
 
Hallo,
ich habe auf meinem Laptop Windows 7 SP1

Es geht mir ähnlich wie fibi2222 in seinem Thread „Trotz Anti Maleware/Adware - Überflutung von Adware usw.“ und anderen. Anti-Malwareprogramme, wie : Spybot, Malewarebytes Antimalware, CCleaner usw. verhindern nicht, dass im firefox-Browser Werbefenster aufpoppen, der Tag mit einer neuen Adresse verlinkt wird oder ein neues Fenster geöffnet wird. Rücksetzung oder Neuinstallieren von firefox, deinstallieren von Programmen, Add ons löschen, usw. löste das Problem nicht

Es kommen Popups von Ads by name. Fenster von de.efix.com, offers.bycontext.com, mcafeestore.com, luu.lightquartrate.com und anderen werden geöffnet.
Zunächst ging das Arbeiten noch mit dem Internet Explorer bis der PC immer langsamer wurde. Im Tastmanager wird der prozess iexplorer *32 mehrfach neben einem Prozess iexplore gestartet.
Beim 1. Scan mit FRST64.exe blieb dieser mit „Getting Office Session error: 4131“ stecken. Der 2. Scan-Versuch war erfolgreich mit einer FRST.txt und einer Addition.txt.
Logfiles von Malewarebytes Antimalware (Testphase abgelaufen) finde ich nur als xml-Dateien.
Der McAffee-Virenscanner läuft auf dem Laptop (und die sind bei diesen Werbeattacken dabei!).
Wenn gewünscht, kann ich noch diverse Logfiles vom Spybot zur Verfügung stellen.

Ich hoffe sehr, dass mir geholfen werden kann.

Viele Grüße

McAffee kami_ODS.log:

Code:
10/3/2014        4:36:31 PM        Scan Started: 10/03/2014 04:36:31 PM

10/3/2014        4:55:40 PM        Total objects scanned: 7320

10/3/2014        4:55:40 PM        Objects detected: 0

10/3/2014        4:55:40 PM        Scan Done: 10/03/2014 04:55:40 PM

12/27/2014        3:22:36 PM        Scan Started: 12/27/2014 03:22:36 PM

12/27/2014        3:23:00 PM        Total objects scanned: 237

12/27/2014        3:23:00 PM        Objects detected: 0

12/27/2014        3:23:00 PM        Scan Done: 12/27/2014 03:23:00 PM

1/22/2015        6:49:49 PM        Scan Started: 01/22/2015 06:49:49 PM

1/22/2015        6:58:44 PM        Total objects scanned: 11323

1/22/2015        6:58:44 PM        Objects detected: 0

1/22/2015        6:58:44 PM        Scan Done: 01/22/2015 06:58:44 PM

4/2/2015        6:19:20 PM        Scan Started: 04/02/2015 06:19:20 PM

4/2/2015        6:51:09 PM        Total objects scanned: 9024

4/2/2015        6:51:09 PM        Objects detected: 0

4/2/2015        6:51:09 PM        Scan Done: 04/02/2015 06:51:09 PM

4/10/2015        1:44:00 AM        Scan Started: 04/10/2015 01:44:00 AM

4/10/2015        1:44:02 AM        Total objects scanned: 3

4/10/2015        1:44:02 AM        Objects detected: 0

4/10/2015        1:44:02 AM        Scan Done: 04/10/2015 01:44:02 AM
McAffee OAS.log:

Code:
7/10/2014        12:55:36 PM        "C:\Users\kami\Downloads\Setup.exe"        "SoftPulse"        "3"

7/10/2014        12:55:38 PM        "C:\Users\kami\Downloads\Setup(1).exe"        "CryptDomaIQ"        "3"

7/10/2014        12:55:38 PM        "C:\Users\kami\Downloads\Setup(2).exe"        "SoftPulse"        "3"

7/10/2014        12:55:40 PM        "C:\Users\kami\Downloads\Setup(3).exe"        "SoftPulse"        "3"

7/10/2014        12:56:50 PM        "C:\Users\kami\Downloads\Setup.exe"        "SoftPulse"        "3"

7/10/2014        12:56:50 PM        "C:\Users\kami\Downloads\Setup(2).exe"        "SoftPulse"        "3"

7/10/2014        12:56:50 PM        "C:\Users\kami\Downloads\Setup(3).exe"        "SoftPulse"        "3"

7/10/2014        12:57:22 PM        "C:\Users\kami\Downloads\Setup(3).exe"        "SoftPulse"        "3"

12/11/2014        4:04:42 PM        "C:\Users\kami\AppData\Local\Temp\nsu7282.tmp\213971"        "Artemis!DCED27297AEA"        "2"

1/21/2015        11:36:02 PM        "C:\Program Files (x86)\Cain\Cain.exe"        "Artemis!80DFBAB8966C"        "3"

1/21/2015        11:36:04 PM        "C:\Program Files (x86)\Cain\Abel.exe"        "Artemis!ECBCBDE87B98"        "3"

1/21/2015        11:38:48 PM        "C:\Program Files (x86)\Cain\Cain.exe"        "Artemis!80DFBAB8966C"        "3"

1/21/2015        11:39:14 PM        "C:\Program Files (x86)\Cain\Cain.exe"        "Artemis!80DFBAB8966C"        "3"

1/21/2015        11:39:43 PM        "C:\Program Files (x86)\Cain\Cain.exe"        "Artemis!80DFBAB8966C"        "3"

4/2/2015        4:10:33 PM        "C:\Program Files (x86)\yellow cabs\yellow_cabs_notification_service.exe"        "Artemis!7016A5D74459"        "2"

4/2/2015        4:10:36 PM        "C:\Program Files (x86)\yellow cabs\yellow_cabs_updating_service.exe"        "Artemis!5F126BD699C6"        "2"

4/7/2015        11:54:06 AM        "C:\Program Files (x86)\Elex-tech\YAC\iSafe.exe"        "Artemis!D69B87F37CEA"        "2"

4/7/2015        11:54:11 AM        "C:\Program Files (x86)\Elex-tech\YAC\iSafe.exe"        "Artemis!D69B87F37CEA"        "2"

4/7/2015        8:29:11 PM        "C:\Users\kami\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OY5BO166\yet_another_cleaner_hdr (1).exe"        "Artemis!E497222C8947"        "2"

4/7/2015        8:29:21 PM        "C:\Users\kami\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OY5BO166\yet_another_cleaner_hdr.exe"        "Artemis!E497222C8947"        "2"

4/8/2015        9:59:15 AM        "C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\Download\{DC365999-6C15-4A44-B257-B988CF650B4B}\1.3.25.27\setup.exe.vir"        "Artemis!D96EEA80426D"        "3"
McAffee System_ODS.log:

Code:
6/15/2014        8:25:18 PM        Scan Started: 06/15/2014 08:25:18 PM

7/6/2014        10:43:39 AM        Scan Started: 07/06/2014 10:43:39 AM

7/6/2014        11:45:48 PM        Total objects scanned: 472931

7/6/2014        11:45:48 PM        Objects detected: 0

7/6/2014        11:45:48 PM        Scan Done: 07/06/2014 11:45:48 PM

7/13/2014        8:05:24 PM        Scan Started: 07/13/2014 08:05:24 PM

7/14/2014        3:29:52 PM        Total objects scanned: 470227

7/14/2014        3:29:52 PM        Objects detected: 0

7/14/2014        3:29:52 PM        Scan Done: 07/14/2014 03:29:52 PM

7/20/2014        9:01:16 PM        Scan Started: 07/20/2014 09:01:16 PM

7/21/2014        10:20:17 AM        Total objects scanned: 339225

7/21/2014        10:20:17 AM        Objects detected: 0

7/21/2014        10:20:17 AM        Scan Done: 07/21/2014 10:20:17 AM

7/27/2014        1:09:04 PM        Scan Started: 07/27/2014 01:09:04 PM

7/27/2014        2:38:15 PM        Total objects scanned: 157095

7/27/2014        2:38:15 PM        Objects detected: 0

7/27/2014        2:38:15 PM        Scan Done: 07/27/2014 02:38:15 PM

8/3/2014        12:52:29 PM        Scan Started: 08/03/2014 12:52:29 PM

8/3/2014        6:56:30 PM        Total objects scanned: 467940

8/3/2014        6:56:30 PM        Objects detected: 0

8/3/2014        6:56:30 PM        Scan Done: 08/03/2014 06:56:30 PM

8/11/2014        1:34:09 PM        Scan Started: 08/11/2014 01:34:09 PM

8/11/2014        2:36:43 PM        Total objects scanned: 111215

8/11/2014        2:36:43 PM        Objects detected: 0

8/11/2014        2:36:43 PM        Scan Done: 08/11/2014 02:36:43 PM

8/17/2014        1:16:40 PM        Scan Started: 08/17/2014 01:16:40 PM

8/18/2014        3:04:55 PM        Total objects scanned: 468267

8/18/2014        3:04:55 PM        Objects detected: 0

8/18/2014        3:04:55 PM        Scan Done: 08/18/2014 03:04:55 PM

8/25/2014        1:28:22 PM        Scan Started: 08/25/2014 01:28:22 PM

8/25/2014        3:18:46 PM        Total objects scanned: 263518

8/25/2014        3:18:46 PM        Objects detected: 0

8/25/2014        3:18:46 PM        Scan Done: 08/25/2014 03:18:46 PM

8/31/2014        1:57:26 PM        Scan Started: 08/31/2014 01:57:26 PM

8/31/2014        2:01:11 PM        "C:\AdwCleaner\Quarantine\C\Program Files\003\xmkysecqun64.exe.vir"        "Artemis!69CA9A1113F9"        "3"

8/31/2014        2:01:13 PM        "C:\AdwCleaner\Quarantine\C\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe.vir"        "Artemis!6E7EC665F0ED"        "3"

9/19/2014        9:09:19 AM        Scan Started: 09/19/2014 09:09:19 AM

9/19/2014        9:17:05 AM        "C:\AdwCleaner\Quarantine\C\Program Files\003\xmkysecqun64.exe.vir"        "Artemis!69CA9A1113F9"        "3"

9/19/2014        9:17:06 AM        "C:\AdwCleaner\Quarantine\C\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe.vir"        "Artemis!6E7EC665F0ED"        "3"

9/19/2014        10:04:07 AM        Total objects scanned: 71876

9/19/2014        10:04:07 AM        Objects detected: 2

9/19/2014        10:04:07 AM        Scan Done: 09/19/2014 10:04:07 AM

9/26/2014        2:26:14 PM        Scan Started: 09/26/2014 02:26:14 PM

9/26/2014        5:39:20 PM        Total objects scanned: 90537

9/26/2014        5:39:20 PM        Objects detected: 0

9/26/2014        5:39:20 PM        Scan Done: 09/26/2014 05:39:20 PM

10/3/2014        2:07:39 PM        Scan Started: 10/03/2014 02:07:39 PM

10/3/2014        4:35:45 PM        Total objects scanned: 272080

10/3/2014        4:35:45 PM        Objects detected: 0

10/3/2014        4:35:45 PM        Scan Done: 10/03/2014 04:35:45 PM

10/13/2014        1:22:14 PM        Scan Started: 10/13/2014 01:22:14 PM

10/13/2014        1:58:39 PM        Total objects scanned: 63749

10/13/2014        1:58:39 PM        Objects detected: 0

10/13/2014        1:58:39 PM        Scan Done: 10/13/2014 01:58:39 PM

10/17/2014        2:18:29 PM        Scan Started: 10/17/2014 02:18:29 PM

10/17/2014        2:37:55 PM        Total objects scanned: 35901

10/17/2014        2:37:55 PM        Objects detected: 0

10/17/2014        2:37:55 PM        Scan Done: 10/17/2014 02:37:55 PM

10/24/2014        1:55:54 PM        Scan Started: 10/24/2014 01:55:54 PM

10/24/2014        2:00:18 PM        "C:\AdwCleaner\Quarantine\C\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe.vir"        "Adware-RocketTab"        "3"

10/24/2014        5:31:52 PM        Total objects scanned: 316323

10/24/2014        5:31:52 PM        Objects detected: 1

10/24/2014        5:31:52 PM        Scan Done: 10/24/2014 05:31:52 PM

10/31/2014        7:29:08 PM        Scan Started: 10/31/2014 07:29:08 PM

10/31/2014        7:36:52 PM        Total objects scanned: 26213

10/31/2014        7:36:52 PM        Objects detected: 0

10/31/2014        7:36:52 PM        Scan Done: 10/31/2014 07:36:52 PM

11/9/2014        1:38:43 PM        Scan Started: 11/09/2014 01:38:43 PM

11/9/2014        5:28:07 PM        Total objects scanned: 188820

11/9/2014        5:28:07 PM        Objects detected: 0

11/9/2014        5:28:07 PM        Scan Done: 11/09/2014 05:28:07 PM

11/18/2014        7:57:52 PM        Scan Started: 11/18/2014 07:57:52 PM

11/18/2014        8:14:17 PM        Total objects scanned: 31931

11/18/2014        8:14:17 PM        Objects detected: 0

11/18/2014        8:14:17 PM        Scan Done: 11/18/2014 08:14:17 PM

11/23/2014        2:10:33 PM        Scan Started: 11/23/2014 02:10:33 PM

11/24/2014        10:22:31 AM        Total objects scanned: 83032

11/24/2014        10:22:31 AM        Objects detected: 0

11/24/2014        10:22:31 AM        Scan Done: 11/24/2014 10:22:31 AM

11/28/2014        9:55:04 AM        Scan Started: 11/28/2014 09:55:04 AM

11/28/2014        10:12:08 AM        Total objects scanned: 34179

11/28/2014        10:12:08 AM        Objects detected: 0

11/28/2014        10:12:08 AM        Scan Done: 11/28/2014 10:12:08 AM

12/5/2014        1:34:30 PM        Scan Started: 12/05/2014 01:34:30 PM

12/12/2014        10:51:21 AM        Scan Started: 12/12/2014 10:51:21 AM

12/12/2014        11:07:02 AM        Total objects scanned: 36275

12/12/2014        11:07:02 AM        Objects detected: 0

12/12/2014        11:07:02 AM        Scan Done: 12/12/2014 11:07:02 AM

12/19/2014        11:13:23 AM        Scan Started: 12/19/2014 11:13:23 AM

12/19/2014        12:22:01 PM        "C:\Program Files (x86)\Super Radio\utils.exe"        "Artemis!ADA808F1674B"        "2"

12/19/2014        7:23:36 PM        Total objects scanned: 540169

12/19/2014        7:23:36 PM        Objects detected: 1

12/19/2014        7:23:36 PM        Scan Done: 12/19/2014 07:23:36 PM

12/26/2014        7:39:53 PM        Scan Started: 12/26/2014 07:39:53 PM

12/27/2014        3:22:07 PM        Total objects scanned: 66333

12/27/2014        3:22:07 PM        Objects detected: 0

12/27/2014        3:22:07 PM        Scan Done: 12/27/2014 03:22:07 PM

1/2/2015        11:46:21 AM        Scan Started: 01/02/2015 11:46:21 AM

1/2/2015        5:42:19 PM        Total objects scanned: 354127

1/2/2015        5:42:19 PM        Objects detected: 0

1/2/2015        5:42:19 PM        Scan Done: 01/02/2015 05:42:19 PM

1/9/2015        12:57:14 PM        Scan Started: 01/09/2015 12:57:14 PM

1/9/2015        1:32:57 PM        Total objects scanned: 47398

1/9/2015        1:32:57 PM        Objects detected: 0

1/9/2015        1:32:57 PM        Scan Done: 01/09/2015 01:32:57 PM

1/16/2015        10:46:12 AM        Scan Started: 01/16/2015 10:46:12 AM

1/16/2015        5:50:14 PM        Total objects scanned: 484587

1/16/2015        5:50:14 PM        Objects detected: 0

1/16/2015        5:50:14 PM        Scan Done: 01/16/2015 05:50:14 PM

1/23/2015        12:26:32 PM        Scan Started: 01/23/2015 12:26:32 PM

1/23/2015        1:10:30 PM        "C:\Program Files (x86)\Cain\Abel.exe"        "Artemis!ECBCBDE87B98"        "3"

1/24/2015        2:55:00 PM        "E:\BETA\Backup Set 2014-06-15 190003\Backup Files 2014-07-06 190008\Backup files 1.zip"        "CryptDomaIQ"        "3"

1/24/2015        2:55:01 PM        "E:\BETA\Backup Set 2014-06-15 190003\Backup Files 2014-07-06 190008\Backup files 1.zip"        "SoftPulse"        "3"

1/24/2015        2:55:02 PM        "E:\BETA\Backup Set 2014-06-15 190003\Backup Files 2014-07-06 190008\Backup files 1.zip"        "SoftPulse"        "3"

1/24/2015        2:55:03 PM        "E:\BETA\Backup Set 2014-06-15 190003\Backup Files 2014-07-06 190008\Backup files 1.zip"        "SoftPulse"        "3"

1/24/2015        7:07:42 PM        Total objects scanned: 824115

1/24/2015        7:07:42 PM        Objects detected: 2

1/24/2015        7:07:42 PM        Scan Done: 01/24/2015 07:07:42 PM

1/30/2015        10:25:10 AM        Scan Started: 01/30/2015 10:25:10 AM

1/30/2015        4:40:48 PM        Total objects scanned: 77290

1/30/2015        4:40:48 PM        Objects detected: 0

1/30/2015        4:40:48 PM        Scan Done: 01/30/2015 04:40:48 PM

2/6/2015        9:36:34 AM        Scan Started: 02/06/2015 09:36:34 AM

2/6/2015        10:13:37 AM        Total objects scanned: 63657

2/6/2015        10:13:37 AM        Objects detected: 0

2/6/2015        10:13:37 AM        Scan Done: 02/06/2015 10:13:37 AM

2/13/2015        11:07:55 AM        Scan Started: 02/13/2015 11:07:55 AM

2/13/2015        1:10:47 PM        Total objects scanned: 236173

2/13/2015        1:10:47 PM        Objects detected: 0

2/13/2015        1:10:47 PM        Scan Done: 02/13/2015 01:10:47 PM

2/20/2015        1:03:20 PM        Scan Started: 02/20/2015 01:03:20 PM

2/20/2015        3:03:14 PM        Total objects scanned: 199537

2/20/2015        3:03:14 PM        Objects detected: 0

2/20/2015        3:03:14 PM        Scan Done: 02/20/2015 03:03:14 PM

2/27/2015        2:06:39 PM        Scan Started: 02/27/2015 02:06:39 PM

2/27/2015        3:55:33 PM        Total objects scanned: 139930

2/27/2015        3:55:33 PM        Objects detected: 0

2/27/2015        3:55:33 PM        Scan Done: 02/27/2015 03:55:33 PM

3/8/2015        11:56:27 AM        Scan Started: 03/08/2015 11:56:27 AM

3/9/2015        1:58:36 PM        Total objects scanned: 402380

3/9/2015        1:58:36 PM        Objects detected: 0

3/9/2015        1:58:36 PM        Scan Done: 03/09/2015 01:58:36 PM

3/15/2015        2:24:07 PM        Scan Started: 03/15/2015 02:24:07 PM

3/20/2015        10:17:00 PM        Scan Started: 03/20/2015 10:17:00 PM

3/21/2015        0:21:20 AM        Total objects scanned: 29901

3/21/2015        0:21:20 AM        Objects detected: 0

3/21/2015        0:21:20 AM        Scan Done: 03/21/2015 00:21:20 AM

3/27/2015        5:26:34 PM        Scan Started: 03/27/2015 05:26:34 PM

3/29/2015        1:49:07 PM        Total objects scanned: 828343

3/29/2015        1:49:07 PM        Objects detected: 0

3/29/2015        1:49:07 PM        Scan Done: 03/29/2015 01:49:07 PM

4/3/2015        5:25:00 PM        Scan Started: 04/03/2015 05:25:00 PM

4/12/2015        1:34:36 PM        Scan Started: 04/12/2015 01:34:36 PM

4/12/2015        1:46:59 PM        Total objects scanned: 29475

4/12/2015        1:46:59 PM        Objects detected: 0

4/12/2015        1:46:59 PM        Scan Done: 04/12/2015 01:46:59 PM

4/17/2015        1:52:10 PM        Scan Started: 04/17/2015 01:52:10 PM


Defogger:

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:08 on 18/04/2015 (kami)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST.txt

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-04-2015 01
Ran by kami (administrator) on BETA on 18-04-2015 18:05:48
Running from C:\Users\kami\Desktop
Loaded Profiles: kami (Available profiles: kami & RF & Vais & Hotel & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(C-Dilla Ltd) C:\Windows\SysWOW64\drivers\CDAC11BA.EXE
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Haufe Mediengruppe) C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskpython.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\xampp\mysql\bin\mysqld.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(XIMETA, Inc.) C:\Program Files\NDAS\System\ndassvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Apache Software Foundation) C:\Program Files (x86)\vtigercrm-5.3.0\apache\bin\Apache.exe
() C:\Program Files (x86)\vtigercrm-5.3.0\mysql\bin\mysqld-nt.exe
(Apache Software Foundation) C:\Program Files (x86)\vtigercrm-5.3.0\apache\bin\Apache.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Smith Micro Software, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(1&1 Internet AG) C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
() C:\Program Files (x86)\Sony Corporation\Image Transfer\SonyTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Smith Micro Software, Inc) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3196272 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [HP Connection Manager.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe [1119048 2010-03-13] (Smith Micro Software, Inc)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-10] ()
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [1&1_1&1 Office-Drive Manager] => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE [993392 2012-09-24] (1&1 Internet AG)
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\MountPoints2: {0b8f30ef-76c2-11e3-8617-70f395d12e69} - H:\LGAutoRun.exe
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\MountPoints2: {34ddf33c-c45e-11e1-9b12-70f395d12e69} - E:\SISetup.exe
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\MountPoints2: {ddb543cf-2706-11e1-8e01-70f395d12e69} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\MountPoints2: {eb9a1205-6382-11e0-bc7c-70f395d12e69} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-18\...\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] => C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90120000-0017-0000-0000-0000000FF1CE}] => C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2014-12-17] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Image Transfer.lnk
ShortcutTarget: Image Transfer.lnk -> C:\Program Files (x86)\Sony Corporation\Image Transfer\SonyTray.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Jubiläumsversion Zahlungserinnerung.lnk
ShortcutTarget: Quicken Jubiläumsversion Zahlungserinnerung.lnk -> C:\Windows\Installer\{A907A713-DA24-4352-8786-96C7A6944646}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation)
ShellIconOverlayIdentifiers: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS64.DLL (1&1 Internet AG)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS.DLL (1&1 Internet AG)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
URLSearchHook: HKLM-x32 - (No Name) - {32361cec-8645-4eea-a02e-406794b05835} - No File
SearchScopes: HKLM -> {72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2479338598-3314396831-1710804073-1003 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2479338598-3314396831-1710804073-1003 -> {0BCB17D6-B352-4483-809A-DE0B5CD02F8F} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE0&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2479338598-3314396831-1710804073-1003 -> {72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D} URL =
SearchScopes: HKU\S-1-5-21-2479338598-3314396831-1710804073-1003 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2479338598-3314396831-1710804073-1003 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = hxxp://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10140_cnet_150403&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2010-05-06] (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation)
Handler: haufereader - No CLSID Value
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{49B937D5-91CB-4C63-A626-90511A9E92EA}: [NameServer] 192.168.178.1
Tcpip\..\Interfaces\{704C1AD4-1DA1-4F83-B0A1-F0CFB199FA80}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{8951B8BC-2E91-404E-88AE-F86E28012953}: [NameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\c625zout.default
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2011-06-25] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2010-10-28] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2011-06-25] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-12-13] (Nullsoft, Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2010-12-10] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @virtools.com/3DviaPlayer -> C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll [2012-04-05] (Dassault Systèmes)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll [2010-11-01] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-10-22] (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-24]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-09-12]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-15]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon [2011-04-09]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-07-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-06-11]
FF HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\##my-prefs.js [2015-03-25] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\my.cfg [2015-03-25] <==== ATTENTION

Chrome:
=======
CHR Profile: C:\Users\kami\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SiteAdvisor) - C:\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-08-27]
CHR Extension: (Google Wallet) - C:\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-05]
CHR HKLM-x32\...\Chrome\Extension: [jgfpelakfkbbkkdchaaaknckhoadkcbo] - C:\Program Files (x86)\Mein Gutscheincode Finder\Chrome\chrome-extension.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-04] (ActivIdentity)
R2 Apache2.2; c:\xampp\apache\bin\httpd.exe [24636 2008-12-10] (Apache Software Foundation) [File not signed]
R2 C-DillaCdaC11BA; C:\windows\SysWOW64\drivers\CDAC11BA.EXE [39936 2010-12-14] (C-Dilla Ltd) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2010-02-02] (McAfee, Inc.) [File not signed]
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-12-07] (Hewlett-Packard Ltd)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [90112 2010-06-14] (Hewlett-Packard Company) [File not signed]
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2010-02-02] (McAfee, Inc.)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [298496 2010-05-06] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 HRService; C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe [71024 2012-01-11] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 McAPExe; C:\PROGRAM FILES\MCAFEE\MSC\MCAPEXE.EXE [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-10-08] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mysql; c:\xampp\mysql\bin\mysqld.exe [6562432 2009-03-16] ()
R2 ndassvc; C:\Program Files\NDAS\System\ndassvc.exe [376808 2007-06-29] (XIMETA, Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 QDLService2kHP; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe [1687360 2011-04-29] (QUALCOMM, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SMManager; C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe [82760 2010-03-13] (Smith Micro Software, Inc.)
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9216 2010-12-31] (Vodafone) [File not signed]
R2 vtigercrmApache530; C:\Program Files (x86)\vtigercrm-5.3.0\apache\bin\Apache.exe [20541 2009-05-08] (Apache Software Foundation) [File not signed]
R2 vtigercrmMysql530; C:\Program Files (x86)\vtigercrm-5.3.0\mysql\my.ini [2994 2012-02-14] () [File not signed]
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-02-12] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 XAMPP; c:\xampp\service.exe [60928 2007-12-21] () [File not signed]
S2 HPSLPSVC; C:\Users\kami\AppData\Local\Temp\7zS03A3\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\lgandadb.sys [31744 2010-08-01] (Google Inc)
S3 BioNTDrv; C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\BioNTDrv.SYS [18696 2014-05-19] (Paragon Software Group)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2011-04-09] (Bytemobile, Inc.) [File not signed]
S2 CdaC15BA; C:\windows\SysWOW64\drivers\CDAC15BA.SYS [8864 2012-01-05] () [File not signed]
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [419840 2010-12-31] (Huawei Technologies Co., Ltd.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 lfsfilt; C:\Windows\System32\DRIVERS\lfsfilt.sys [339944 2007-06-29] (XIMETA, Inc.)
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.)
R0 lpx; C:\Windows\System32\DRIVERS\lpx.sys [97256 2007-06-29] (XIMETA, Inc.)
R1 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [107736 2015-03-17] (Malwarebytes Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
S3 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-04] (Marvell Semiconductor, Inc.)
R3 ndasbus; C:\Windows\System32\DRIVERS\ndasbus.sys [108520 2007-06-29] (XIMETA, Inc.)
R1 ndasfat; C:\windows\system32\DRIVERS\ndasfat.sys [537064 2007-06-29] (XIMETA, Inc.)
S3 ndasscsi; C:\Windows\System32\DRIVERS\ndasscsi.sys [235496 2007-06-29] (XIMETA, Inc.)
S3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [602112 2006-11-08] (PixArt Imaging Inc.)
R3 qcfilterhp2k; C:\Windows\System32\DRIVERS\qcfilterhp2k.sys [6400 2011-04-29] (QUALCOMM Incorporated)
R3 qcombushp; C:\Windows\System32\DRIVERS\qcombushp.sys [160328 2011-04-29] (MCCI)
R3 qcusbnethp2k; C:\Windows\System32\DRIVERS\qcusbnethp2k.sys [444416 2011-04-29] (QUALCOMM Incorporated)
R3 qcusbserhp2k; C:\Windows\System32\DRIVERS\qcusbserhp2k.sys [230784 2011-04-29] (QUALCOMM Incorporated)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2010-02-02] (McAfee, Inc.)
R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2010-02-02] (McAfee, Inc.)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2010-02-02] ()
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2010-02-02] (McAfee, Inc.)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2010-02-02] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2010-02-02] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2010-02-02] (McAfee, Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-01-19] ()
R1 tcpipBM; C:\windows\system32\drivers\tcpipBM.sys [39552 2011-04-09] (Bytemobile, Inc.) [File not signed]
R1 ui11drdr; C:\Windows\System32\DRIVERS\ui11drdr.sys [201072 2012-09-24] (1&1 Internet AG)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-05-19] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-05-19] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700296 2014-05-19] ()
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-19] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-19] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-19] (LG Electronics Inc.)
R4 epp64; system32\DRIVERS\epp64.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
S1 iSafeKrnlKit; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [X]
S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X]
S1 iSafeKrnlR3; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [X]
S0 vmci; system32\DRIVERS\vmci.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-18 18:05 - 2015-04-18 18:05 - 00092155 _____ () C:\Users\kami\Desktop\FRST_a.txt
2015-04-18 18:00 - 2015-04-18 18:00 - 00000000 ____D () C:\Users\kami\Desktop\FRST-OlderVersion
2015-04-18 17:23 - 2015-04-18 17:23 - 00380416 _____ () C:\Users\kami\Desktop\Gmer-19357.exe
2015-04-18 17:20 - 2015-04-18 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-04-18 17:11 - 2015-04-18 18:00 - 00076118 _____ () C:\Users\kami\Desktop\Addition.txt
2015-04-18 17:09 - 2015-04-18 18:06 - 00037123 _____ () C:\Users\kami\Desktop\FRST.txt
2015-04-18 17:09 - 2015-04-18 18:05 - 00000000 ____D () C:\FRST
2015-04-18 17:07 - 2015-04-18 17:08 - 00000470 _____ () C:\Users\kami\Desktop\defogger_disable.log
2015-04-18 17:07 - 2015-04-18 17:07 - 00000000 _____ () C:\Users\kami\defogger_reenable
2015-04-18 17:05 - 2015-04-18 17:05 - 00050477 _____ () C:\Users\kami\Downloads\Defogger.exe
2015-04-18 12:24 - 2015-04-18 11:52 - 00450771 ____R () C:\windows\system32\Drivers\etc\hosts.20150418-122415.backup
2015-04-17 18:03 - 2015-04-17 18:03 - 00050477 _____ () C:\Users\kami\Desktop\Defogger.exe
2015-04-17 13:03 - 2015-04-18 18:00 - 02098176 _____ (Farbar) C:\Users\kami\Desktop\FRST64.exe
2015-04-17 11:08 - 2015-04-18 11:49 - 00001983 _____ () C:\Users\kami\Desktop\Malware@firefox.txt
2015-04-16 12:20 - 2015-04-17 22:51 - 00008192 _____ () C:\windows\SysWOW64\WDPABKP.dat
2015-04-16 09:47 - 2015-04-16 09:47 - 00001947 _____ () C:\Users\Public\Desktop\Sonos.lnk
2015-04-16 09:47 - 2015-04-16 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonos
2015-04-16 09:47 - 2015-04-16 09:47 - 00000000 ____D () C:\Program Files (x86)\Sonos
2015-04-16 09:34 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-04-16 09:34 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-04-16 09:34 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-04-16 09:34 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-04-16 09:34 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-04-16 09:34 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-04-16 09:34 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-04-16 09:34 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-04-16 09:34 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-04-16 09:34 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-04-16 09:34 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-04-16 09:34 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-04-16 09:34 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-04-16 09:34 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-04-16 09:34 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-04-16 09:34 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-04-16 09:34 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-04-16 09:33 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-04-16 09:33 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-04-16 09:33 - 2015-03-10 07:29 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-04-16 09:33 - 2015-03-10 07:28 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-04-16 09:33 - 2015-03-10 07:28 - 01409024 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-04-16 09:33 - 2015-03-10 07:28 - 00600576 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 19292672 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 15409152 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 02656256 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-04-16 09:33 - 2015-03-10 07:26 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-04-16 09:33 - 2015-03-10 07:26 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-04-16 09:33 - 2015-03-10 07:26 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 14373376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 02864640 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 01763328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 13767680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-04-16 09:33 - 2015-03-10 05:48 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-04-16 09:33 - 2015-03-10 05:32 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-04-16 09:33 - 2015-03-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-04-16 09:33 - 2015-03-10 05:07 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-04-16 09:33 - 2015-03-10 04:42 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2015-04-16 09:33 - 2015-03-10 04:39 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-04-16 09:33 - 2015-03-10 04:16 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2015-04-16 09:33 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2015-04-16 09:33 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2015-04-16 09:33 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\clfsw32.dll
2015-04-16 09:32 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-04-16 09:32 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-04-16 09:32 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-04-16 09:32 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-04-16 09:32 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-04-16 09:32 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-04-16 09:32 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-04-16 09:32 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-04-16 09:32 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-04-16 09:32 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-04-16 09:32 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-04-16 09:32 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-04-16 09:32 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-04-16 09:32 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-04-16 09:32 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-04-16 09:32 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-04-16 09:32 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-04-16 09:32 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-04-16 09:32 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-04-16 09:32 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-04-16 09:32 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-04-16 09:32 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-04-16 09:32 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-04-16 09:32 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-04-16 09:32 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-04-16 09:32 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-04-16 09:32 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-16 09:31 - 2015-04-18 10:46 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2015-04-16 09:30 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-04-16 09:30 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-04-16 09:30 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-04-16 09:30 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-04-16 09:29 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2015-04-16 09:01 - 2015-04-16 09:02 - 00995568 _____ () C:\windows\Minidump\041615-50325-01.dmp
2015-04-16 09:00 - 2015-04-16 09:00 - 876794833 _____ () C:\windows\MEMORY.DMP
2015-04-14 12:15 - 2015-04-14 12:15 - 00001153 _____ () C:\Users\Public\Desktop\WD My Cloud.lnk
2015-04-14 12:15 - 2015-04-14 12:15 - 00000000 ____D () C:\Users\kami\AppData\Roaming\com.wd.WDMyCloud
2015-04-14 12:14 - 2015-04-14 12:14 - 00000158 _____ () C:\Users\kami\Desktop\WD My Cloud – Öffentliche Freigabe (WCC4E2EJRERE).url
2015-04-14 12:14 - 2015-04-14 12:14 - 00000154 _____ () C:\Users\kami\Desktop\WD My Cloud-Dashboard (WCC4E2EJRERE).url
2015-04-14 12:03 - 2015-04-14 12:03 - 00000000 ____D () C:\Users\kami\AppData\Roaming\WDC
2015-04-14 12:02 - 2015-04-16 09:17 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-14 11:58 - 2015-04-14 12:00 - 00560552 _____ (Oracle Corporation) C:\Users\kami\Downloads\JavaSetup8u40.exe
2015-04-13 22:52 - 2015-04-13 22:52 - 00000000 ____D () C:\ProgramData\launcher
2015-04-13 22:21 - 2015-04-13 22:21 - 00000000 ____D () C:\ProgramData\rmbwizard
2015-04-13 19:37 - 2015-04-13 19:38 - 71601392 _____ () C:\Users\kami\Downloads\mc_windows_setup.exe
2015-04-13 19:08 - 2015-04-13 19:08 - 00000473 _____ () C:\Users\kami\Downloads\WDMyCloud-20150413-1908.conf
2015-04-13 18:29 - 2015-04-13 19:32 - 00000000 ____D () C:\Users\kami\AppData\Local\Western_Digital_Technolog
2015-04-13 18:21 - 2015-04-13 18:24 - 247429605 _____ () C:\Users\kami\Downloads\MyNetViewFull_1_0_12_0.zip
2015-04-13 18:20 - 2015-04-13 18:20 - 00000000 ____D () C:\Program Files\Western Digital
2015-04-13 18:20 - 2015-04-13 18:20 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2015-04-13 18:13 - 2015-04-14 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-04-13 18:13 - 2015-04-14 12:15 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2015-04-13 18:13 - 2015-04-13 18:13 - 00001186 _____ () C:\Users\Public\Desktop\WD Discovery.lnk
2015-04-13 16:53 - 2015-04-13 17:00 - 71601392 _____ () C:\Users\kami\Downloads\mc_windows_setup (1).exe
2015-04-13 16:12 - 2015-04-13 16:12 - 00001083 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2015-04-13 16:12 - 2015-04-13 16:12 - 00001063 _____ () C:\Users\Public\Desktop\PDF24 Fax.lnk
2015-04-13 16:12 - 2015-04-13 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-04-13 12:24 - 2015-04-13 16:12 - 00000000 ____D () C:\Program Files (x86)\PDF24
2015-04-13 11:59 - 2015-04-13 11:59 - 00001274 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk
2015-04-13 11:59 - 2015-04-13 11:59 - 00001262 _____ () C:\Users\Public\Desktop\Absolute Uninstaller.lnk
2015-04-13 11:59 - 2015-04-13 11:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2015-04-13 11:58 - 2015-04-13 11:58 - 04737952 _____ () C:\Users\kami\Downloads\ausetup5.3.1.20.exe
2015-04-13 11:58 - 2015-04-13 11:58 - 00000000 ____D () C:\Program Files (x86)\Glarysoft
2015-04-13 11:46 - 2015-04-13 11:46 - 16342352 _____ (Geek Software GmbH ) C:\Users\kami\Downloads\pdf24-creator-6.9.2 (1).exe
2015-04-12 11:34 - 2015-04-12 11:34 - 16342352 _____ (Geek Software GmbH ) C:\Users\kami\Downloads\pdf24-creator-6.9.2.exe
2015-04-11 20:08 - 2015-04-11 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour-Druckdienste
2015-04-11 20:08 - 2015-04-11 20:08 - 00000000 ____D () C:\Program Files\Bonjour Print Services
2015-04-11 20:02 - 2015-04-14 12:14 - 00000204 _____ () C:\Users\kami\Desktop\Lerncenter WD My Cloud.url
2015-04-11 20:02 - 2015-04-13 18:20 - 00000000 ____D () C:\ProgramData\Western Digital
2015-04-11 20:02 - 2015-04-11 20:02 - 00000158 _____ () C:\Users\kami\Desktop\WD My Cloud – Öffentliche Freigabe.url
2015-04-11 20:02 - 2015-04-11 20:02 - 00000154 _____ () C:\Users\kami\Desktop\WD My Cloud-Dashboard.url
2015-04-11 19:33 - 2015-04-13 18:29 - 00000000 ____D () C:\Users\kami\AppData\Local\Western Digital
2015-04-10 11:35 - 2015-04-10 11:35 - 00000000 ____D () C:\Users\kami\Neuer Ordner
2015-04-10 02:00 - 2015-04-10 02:00 - 00002331 _____ () C:\Users\Public\Desktop\Paragon Backup and Recovery™ 2014 Free.lnk
2015-04-10 02:00 - 2015-04-10 02:00 - 00002163 _____ () C:\Users\Public\Desktop\Paragon Recovery Media Builder™.lnk
2015-04-10 02:00 - 2015-04-10 02:00 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_blockmounter_01_09_00.Wdf
2015-04-10 02:00 - 2015-04-10 02:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup and Recovery™ 2014 Free
2015-04-10 01:59 - 2015-04-10 01:59 - 00000000 ____D () C:\Program Files\Paragon Software
2015-04-10 01:54 - 2015-04-10 01:54 - 00000000 ____D () C:\ProgramData\explauncher
2015-04-10 01:32 - 2015-04-10 01:52 - 417659040 _____ () C:\Users\kami\Downloads\br2014Free101.exe
2015-04-09 22:35 - 2015-04-09 22:35 - 00003110 _____ () C:\windows\System32\Tasks\{046986FD-9DB1-4173-A375-483BF9D48683}
2015-04-09 21:03 - 2015-04-09 21:03 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-04-09 11:46 - 2015-04-09 11:46 - 00022328 _____ () C:\Users\kami\Downloads\hijackthis.log
2015-04-09 10:51 - 2015-04-09 11:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\kami\Downloads\HijackThis.exe
2015-04-09 02:29 - 2015-04-09 02:29 - 00003432 _____ () C:\windows\System32\Tasks\Avira Browser Safety Updater Task
2015-04-09 02:29 - 2015-04-09 02:29 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-09 01:55 - 2015-04-18 17:16 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-04-09 01:55 - 2015-04-16 09:17 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-04-09 01:55 - 2015-04-16 09:17 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-09 01:55 - 2015-04-16 09:17 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-04-09 01:22 - 2015-04-18 15:35 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-04-09 01:13 - 2015-04-09 09:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-09 01:08 - 2015-04-09 01:44 - 00000000 ____D () C:\Users\kami\Entmister-SW
2015-04-08 23:55 - 2015-04-08 23:55 - 16502728 _____ (Malwarebytes Corp.) C:\Users\kami\Downloads\mbar-1.09.1.1004.exe
2015-04-08 22:25 - 2015-04-08 22:25 - 00002037 _____ () C:\Users\Public\Desktop\LightScribe.lnk
2015-04-08 22:25 - 2015-04-08 22:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2015-04-08 19:34 - 2015-04-13 18:20 - 00160620 _____ () C:\windows\DPINST.LOG
2015-04-08 19:32 - 2015-04-08 19:32 - 00002102 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-04-08 19:32 - 2015-04-08 19:32 - 00000000 ____D () C:\ProgramData\Sony
2015-04-08 19:31 - 2015-04-08 19:31 - 28579392 _____ (Sony Mobile Communications ) C:\Users\kami\Downloads\Sony PC Companion_Web.exe
2015-04-08 15:16 - 2015-04-08 15:21 - 00000000 ____D () C:\Users\kami\AppData\Roaming\Mozilla
2015-04-08 15:16 - 2015-04-08 15:16 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-08 15:16 - 2015-04-08 15:16 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-08 15:16 - 2015-04-08 15:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-08 12:50 - 2015-04-08 12:50 - 00243656 _____ () C:\Users\kami\Downloads\Firefox Setup Stub 37.0.1.exe
2015-04-08 11:29 - 2015-04-08 11:29 - 00116528 _____ () C:\Users\kami\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-08 11:15 - 2015-04-17 22:48 - 00003081 _____ () C:\windows\setupact.log
2015-04-08 11:15 - 2015-04-08 11:15 - 00000000 _____ () C:\windows\setuperr.log
2015-04-08 11:14 - 2015-04-16 12:13 - 00010690 _____ () C:\windows\PFRO.log
2015-04-08 11:14 - 2015-04-08 11:15 - 00439280 _____ () C:\windows\system32\FNTCACHE.DAT
2015-04-08 09:38 - 2015-04-08 09:38 - 00000000 ____D () C:\Users\kami\VirtualBox VMs
2015-04-08 09:30 - 2015-04-08 09:30 - 00003144 _____ () C:\windows\System32\Tasks\{BEE6F6BC-7E4E-4156-B456-4BC6B32E9CFC}
2015-04-08 09:27 - 2015-04-13 16:03 - 00000000 ____D () C:\Users\kami\.VirtualBox
2015-04-08 09:25 - 2015-04-08 09:29 - 00001036 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2015-04-08 09:25 - 2015-04-08 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-04-08 09:25 - 2015-03-16 17:36 - 00922704 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxDrv.sys
2015-04-08 09:24 - 2015-04-08 09:24 - 00000000 ____D () C:\Program Files\Oracle
2015-04-08 09:24 - 2015-03-16 17:35 - 00128592 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxUSBMon.sys
2015-04-08 02:22 - 2015-04-08 02:22 - 00000000 ____D () C:\Users\kami\AppData\Local\BVRP Software
2015-04-07 21:40 - 2009-06-10 23:00 - 00000824 _____ () C:\windows\system32\Drivers\etc\hosts.20150407-214026.backup
2015-04-07 21:16 - 2015-04-07 21:16 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-04-07 21:16 - 2015-04-07 21:16 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-04-07 21:16 - 2015-04-07 21:16 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2015-04-07 21:16 - 2015-04-07 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-04-07 21:16 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2015-04-07 21:15 - 2015-04-18 11:38 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-07 21:15 - 2015-04-07 22:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-07 21:09 - 2015-04-07 21:14 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-07 21:09 - 2015-04-07 21:09 - 00002780 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2015-04-07 21:09 - 2015-04-07 21:09 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-07 21:09 - 2015-04-07 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-07 20:40 - 2015-04-07 20:40 - 00005684 _____ () C:\windows\system32\.crusader
2015-04-07 20:20 - 2015-04-07 20:41 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-06 13:21 - 2015-04-07 11:36 - 00000000 ____D () C:\windows\system32\log
2015-04-04 12:49 - 2015-04-04 12:49 - 00000000 ___SD () C:\windows\SysWOW64\GWX
2015-04-04 12:49 - 2015-04-04 12:49 - 00000000 ___SD () C:\windows\system32\GWX
2015-04-03 19:13 - 2015-04-03 19:13 - 00001373 _____ () C:\Users\kami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-03 17:22 - 2015-04-03 17:22 - 01400416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2015-04-03 17:22 - 2015-04-03 17:22 - 01400416 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2015-04-03 17:22 - 2015-04-03 17:22 - 01054720 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00905728 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00719360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00247296 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00232960 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00204800 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00185344 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00173568 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00150528 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00149504 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00138752 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00137216 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00125440 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00117248 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00110592 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2015-04-03 17:22 - 2015-04-03 17:22 - 00073728 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2015-04-03 17:22 - 2015-04-03 17:22 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00041984 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2015-04-03 03:31 - 2015-04-03 03:31 - 00000000 ____D () C:\Users\kami\AppData\Roaming\LavasoftStatistics
2015-04-03 03:31 - 2015-03-12 11:59 - 00373864 _____ (Lavasoft Limited) C:\windows\system32\LavasoftTcpService64.dll
2015-04-03 03:31 - 2015-03-12 11:58 - 00326288 _____ (Lavasoft Limited) C:\windows\SysWOW64\LavasoftTcpService.dll
2015-04-03 01:38 - 2015-04-03 01:38 - 00001381 _____ () C:\Users\kami\Desktop\Internet Explorer (64-bit).lnk
2015-04-02 22:13 - 2015-04-18 11:19 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-02 22:12 - 2015-04-02 22:12 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-02 22:12 - 2015-04-02 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-02 22:12 - 2015-04-02 22:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-02 22:12 - 2015-04-02 22:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-02 22:12 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-04-02 22:12 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-04-02 22:12 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-04-02 16:10 - 2015-04-18 16:10 - 00001020 _____ () C:\windows\Tasks\HnmIsEN3HeBGjmHRcutCSbAF6p.job
2015-04-02 16:10 - 2015-04-02 16:10 - 00004036 _____ () C:\windows\System32\Tasks\HnmIsEN3HeBGjmHRcutCSbAF6p
2015-04-02 01:49 - 2015-04-02 17:18 - 00005632 _____ () C:\Users\kami\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-31 10:14 - 2015-03-31 10:14 - 00004387 _____ () C:\Users\kami\AppData\Roaming\HnmIsEN3HeBGjmHRcutCSbAF6p
2015-03-24 12:10 - 2015-04-08 15:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-18 18:02 - 2010-12-07 04:02 - 00000000 ____D () C:\Users\kami\Postfach
2015-04-18 17:53 - 2011-05-11 22:54 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-18 17:40 - 2014-11-14 09:48 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cfffdf66526ee7.job
2015-04-18 17:20 - 2014-06-11 00:04 - 00001804 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2015-04-18 17:11 - 2010-11-13 17:40 - 01629946 _____ () C:\windows\WindowsUpdate.log
2015-04-18 17:07 - 2010-12-02 21:21 - 00000000 ____D () C:\Users\kami
2015-04-18 15:12 - 2010-12-26 11:56 - 00000000 ____D () C:\ProgramData\Lexware
2015-04-18 12:40 - 2014-08-18 17:35 - 00000000 ____D () C:\Users\kami\AppData\Roaming\Opera Software
2015-04-18 12:15 - 2014-06-05 15:36 - 00000000 ____D () C:\temp
2015-04-18 11:26 - 2013-02-17 14:56 - 00003180 _____ () C:\windows\System32\Tasks\HPCeeScheduleForkami
2015-04-18 11:26 - 2013-02-17 14:56 - 00000328 _____ () C:\windows\Tasks\HPCeeScheduleForkami.job
2015-04-18 10:16 - 2010-09-12 22:06 - 05485612 _____ () C:\windows\system32\perfh007.dat
2015-04-18 10:16 - 2010-09-12 22:06 - 01696992 _____ () C:\windows\system32\perfc007.dat
2015-04-18 10:16 - 2009-07-14 07:13 - 00006792 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-18 10:10 - 2011-05-11 22:54 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-18 01:49 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\AppCompat
2015-04-17 22:59 - 2009-07-14 06:45 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-17 22:59 - 2009-07-14 06:45 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-17 22:48 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-17 22:41 - 2010-12-03 03:23 - 00007620 _____ () C:\Users\kami\AppData\Local\Resmon.ResmonCfg
2015-04-17 22:38 - 2011-11-11 23:52 - 00000000 ____D () C:\ProgramData\Avanquest Bluetooth SDK
2015-04-17 18:16 - 2011-05-02 15:09 - 00000000 ____D () C:\Users\kami\Documents\Aktuell
2015-04-17 00:01 - 2011-03-22 23:08 - 00001644 _____ () C:\Users\kami\Desktop\FUS.txt
2015-04-16 23:51 - 2010-12-03 06:13 - 00000000 ____D () C:\windows\rescache
2015-04-16 12:37 - 2010-12-15 14:08 - 00000000 ____D () C:\Users\kami\Documents\Finanzen
2015-04-16 12:20 - 2009-07-27 17:04 - 00000000 ____D () C:\windows\Panther
2015-04-16 12:14 - 2014-12-11 10:22 - 00000000 ____D () C:\windows\system32\appraiser
2015-04-16 12:14 - 2014-07-09 13:10 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-04-16 11:40 - 2010-12-06 22:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-16 09:44 - 2013-08-15 11:37 - 00000000 ____D () C:\windows\system32\MRT
2015-04-16 09:34 - 2010-12-05 18:07 - 128913832 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-04-16 09:28 - 2013-10-22 21:00 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-16 09:27 - 2010-12-12 19:58 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-16 09:01 - 2012-10-10 23:49 - 00000000 ____D () C:\windows\Minidump
2015-04-14 12:01 - 2013-10-22 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-13 18:19 - 2013-03-26 12:05 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-13 17:36 - 2011-12-28 02:35 - 00000000 ____D () C:\Users\kami\AppData\Roaming\HpUpdate
2015-04-13 16:40 - 2010-09-12 22:37 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-04-13 16:32 - 2012-12-07 17:41 - 00002771 _____ () C:\Users\Public\Desktop\Lexware buchhalter.lnk
2015-04-13 16:32 - 2010-12-26 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2015-04-13 14:00 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2015-04-12 11:55 - 2011-06-21 00:16 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2015-04-12 11:37 - 2012-06-29 08:57 - 00000000 ____D () C:\Users\Hotel
2015-04-12 11:37 - 2012-01-11 18:12 - 00000000 ____D () C:\Users\Vais
2015-04-12 11:37 - 2011-11-20 12:17 - 00000000 ____D () C:\Users\Administrator
2015-04-12 11:37 - 2010-12-13 15:25 - 00000000 ____D () C:\Users\RF
2015-04-10 12:05 - 2011-10-13 10:12 - 00000000 ____D () C:\Users\kami\Documents\Bluetooth Exchange Folder
2015-04-10 03:00 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2015-04-10 01:56 - 2010-12-02 21:23 - 00000000 ____D () C:\Users\kami\AppData\Local\Downloaded Installations
2015-04-09 21:50 - 2014-12-11 17:04 - 00000000 ____D () C:\Program Files (x86)\Super Radio
2015-04-09 01:55 - 2014-08-19 13:20 - 00000000 ____D () C:\Users\kami\AppData\Local\Adobe
2015-04-08 23:27 - 2012-06-29 09:03 - 00000000 ____D () C:\Users\Hotel\AppData\Local\Mozilla
2015-04-08 23:25 - 2012-06-29 08:58 - 00000000 ___RD () C:\Users\Hotel\Virtual Machines
2015-04-08 23:24 - 2015-03-05 18:42 - 00001536 __RSH () C:\Users\Hotel\ntuser.pol
2015-04-08 23:02 - 2011-12-15 21:08 - 00113152 ___SH () C:\Users\kami\Documents\Thumbs.db
2015-04-08 19:34 - 2011-05-25 15:15 - 00000000 ____D () C:\Users\kami\AppData\Local\Sony
2015-04-08 19:32 - 2011-05-25 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-04-08 19:32 - 2011-05-25 15:03 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-04-08 19:32 - 2010-09-12 22:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-08 13:08 - 2013-05-29 20:35 - 00006256 _____ () C:\Users\kami\_viminfo
2015-04-08 09:29 - 2012-01-11 18:14 - 00116528 _____ () C:\windows\system32\GDIPFONTCACHEV1.DAT
2015-04-08 03:53 - 2013-07-08 13:46 - 00000000 ____D () C:\Users\kami\AppData\Roaming\DVDVideoSoft
2015-04-08 03:51 - 2013-08-27 23:00 - 00000000 ____D () C:\Program Files (x86)\IGC
2015-04-08 03:21 - 2014-07-07 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
2015-04-08 03:21 - 2013-10-22 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-04-08 03:21 - 2013-05-27 13:36 - 00000000 ____D () C:\Users\kami\Desktop\4Trading
2015-04-08 03:21 - 2013-05-27 13:33 - 00000000 ____D () C:\Users\kami\Desktop\4CAD
2015-04-08 03:21 - 2013-05-27 13:30 - 00000000 ____D () C:\Users\kami\Desktop\4Navi
2015-04-08 03:21 - 2012-03-20 17:11 - 00000000 ____D () C:\Users\kami\AppData\Roaming\Notepad++
2015-04-08 03:21 - 2011-11-01 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenEstate
2015-04-08 03:21 - 2010-12-03 03:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Interactive Brokers
2015-04-08 02:31 - 2013-03-26 17:30 - 00000000 ____D () C:\Users\kami\Documents\Garmin
2015-04-08 02:31 - 2012-06-02 12:42 - 00000000 ____D () C:\Users\kami\AppData\Local\Garmin
2015-04-08 02:31 - 2010-12-09 02:14 - 00000000 ____D () C:\Users\kami\AppData\Roaming\GARMIN
2015-04-08 02:31 - 2010-12-09 01:44 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-04-08 02:31 - 2010-12-08 23:11 - 00000000 ____D () C:\ProgramData\GARMIN
2015-04-08 02:31 - 2010-12-08 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-04-08 02:28 - 2013-02-28 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasternGraphics
2015-04-08 02:28 - 2011-01-29 11:56 - 00000000 ____D () C:\Program Files (x86)\EasternGraphics
2015-04-08 01:09 - 2010-12-10 01:41 - 00000000 ____D () C:\Users\kami\AppData\Roaming\Dropbox
2015-04-08 00:40 - 2010-12-10 01:43 - 00000000 ___RD () C:\Users\kami\Documents\My Dropbox
2015-04-08 00:13 - 2012-08-29 01:12 - 00000000 ____D () C:\Users\kami\Desktop\Alte Firefox-Daten
2015-04-07 21:40 - 2009-07-14 04:34 - 00450771 ____R () C:\windows\system32\Drivers\etc\hosts.20150418-115254.backup
2015-04-07 21:12 - 2011-11-02 21:22 - 00000000 ____D () C:\Users\kami\AppData\Roaming\FileZilla
2015-04-07 21:12 - 2011-08-27 21:49 - 00000000 ____D () C:\Users\kami\AppData\Roaming\Skype
2015-04-07 11:40 - 2014-11-09 19:16 - 00000000 ____D () C:\Program Files (x86)\MINEA
2015-04-07 11:38 - 2013-12-30 15:56 - 00000000 ____D () C:\AdwCleaner
2015-04-07 11:18 - 2015-02-15 16:36 - 00000000 ___HD () C:\ProgramData\{5EE865C2-E8FF-4231-A2B8-0188FEFBCE3D}
2015-04-06 12:58 - 2014-12-11 17:08 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-04-06 12:06 - 2011-12-14 20:11 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-04-03 19:02 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-04-03 02:15 - 2013-12-14 12:10 - 00000000 ____D () C:\windows\PAC7311
2015-04-03 02:12 - 2011-11-17 01:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
2015-04-02 23:07 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\schemas
2015-04-02 22:24 - 2014-12-22 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\psynetic
2015-03-23 15:12 - 2011-11-01 11:58 - 00000000 ____D () C:\Program Files\Java

==================== Files in the root of some directories =======

2010-12-29 13:54 - 2011-06-15 19:55 - 0001854 _____ () C:\Users\kami\AppData\Roaming\GhostObjGAFix.xml
2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Users\kami\AppData\Roaming\HnmIsEN3HeBGjmHRcutCSbAF6p
2014-07-07 22:50 - 2014-07-07 22:50 - 0038444 _____ () C:\Users\kami\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
2014-07-07 22:46 - 2014-07-07 22:46 - 0038441 _____ () C:\Users\kami\AppData\Roaming\Microsoft Excel 97-2003.ADR
2015-04-02 01:49 - 2015-04-02 17:18 - 0005632 _____ () C:\Users\kami\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-08 22:13 - 2013-05-08 22:13 - 0004096 ____H () C:\Users\kami\AppData\Local\keyfile3.drm
2010-12-08 03:36 - 2010-12-08 03:50 - 0448206 _____ () C:\Users\kami\AppData\Local\MODup-Log.txt
2010-12-03 03:23 - 2015-04-17 22:41 - 0007620 _____ () C:\Users\kami\AppData\Local\Resmon.ResmonCfg
2012-12-20 00:05 - 2012-12-20 00:05 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-12-31 12:48 - 2010-12-31 12:48 - 0208552 ____R () C:\ProgramData\DeviceManager.xml.rc4
2010-12-04 12:11 - 2012-11-27 20:04 - 0017022 _____ () C:\ProgramData\hpzinstall.log
2013-01-18 03:59 - 2013-01-18 03:59 - 0000285 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-02-20 23:07 - 2013-02-20 23:07 - 0000115 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Files to move or delete:
====================
C:\Users\kami\REG4DigiFoto_Hilfedatei.reg


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

M-K-D-B 18.04.2015 18:39
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Danke für deine Mitarbeit!




Bitte noch die Addition.txt von FRST posten, dann kann es losgehen.

NoMW! 18.04.2015 18:54
Hallo Matthias,
vielen Dank für die schnelle Reaktion.
Die Logs haben nicht alle hineingepasst. Nachlieferung:

Addition.txt:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-04-2015 01
Ran by kami at 2015-04-18 18:06:30
Running from C:\Users\kami\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1&1 Office-Drive Manager (HKLM-x32\...\1&1 Office-Drive Manager) (Version: 2.0.687 - 1&1 Internet AG)
3DVIA player 5.0.0.20 (HKLM-x32\...\{F06365EC-061E-48C3-B761-E1816658D618}) (Version: 5.0.20 - 3DVIA)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
ABBYY FineReader 5.0 Sprint (HKLM-x32\...\{D1696920-9794-4BBC-8A30-7A88763DE5A2}) (Version: 5.0.0.33417 - ABBYY Software House)
ABBYY FineReader 6.0 (HKLM-x32\...\{AF600F7B-67A7-48D9-BA3B-0FF97F35F970}) (Version: 6.0.759.29421 - ABBYY Software House)
Absolute Uninstaller 5.3.1.20 (HKLM-x32\...\Absolute Uninstaller) (Version: 5.3.1.20 - Glarysoft Ltd)
ActivClient x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - )
Agent Ransack 2010 (64-bit) (HKLM\...\Agent Ransack (64-bit)_is1) (Version:  - )
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
ArcSoft PhotoImpression (HKLM-x32\...\{6C5D7191-140A-11D6-B5A0-0050DA208A93}) (Version:  - )
Avery Wizard 3.1 (HKLM-x32\...\{77077FFF-8831-470F-9627-E86F06A50CCD}) (Version: 3.1.8 - Avery)
Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{CA0D2F09-F811-48D4-843E-C87696C6A9D9}) (Version: 3.0.0.2 - Apple Inc.)
Bonjour-Druckdienste (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Broadcom 2070 Bluetooth 2.1 + EDR (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.35 - Broadcom Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
c4200_Help (x32 Version: 82.0.210.000 - Hewlett-Packard) Hidden
C4340 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
CFX Trader (HKLM-x32\...\{AC5E101F-8D42-406B-BFC0-7B906879F705}) (Version: 2.52.12.0 - CFX Broker)
CoP Outlook Plugin (HKLM-x32\...\{CBB9BD2B-C3FA-413F-9913-924EFFCE9CCC}) (Version: 4.11.1 - SMC Software Management Consulting)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Core FTP Server (HKLM-x32\...\CoreFTPServer) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Data Center 2 (HKLM-x32\...\Data Center 2) (Version:  - Sigma Elektro GmbH)
DataCenter2 (HKLM-x32\...\DataCenter2.6A52D17A1C86211F195F60E94C15876515EBE62C.1) (Version: 2.0.2 - Sigma Elektro GmbH)
DataCenter2 (x32 Version: 2.0.2 - Sigma Elektro GmbH) Hidden
DDBAC (HKLM-x32\...\{78F6AFE2-A4F3-4AE1-A710-9FD5758C2EB0}) (Version: 5.3.26 - DataDesign)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Deutsche Post E-Porto (HKLM-x32\...\{5CCF8330-F742-411A-8A04-719806D168B5}) (Version: 2.3.0 - Deutsche Post AG)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.1.9 - Hewlett-Packard)
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Doodle Outlook Connector (HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\33030675DC63B8C8D12A223C2017505053D50B01) (Version: 1.2.0.0 - Doodle AG)
Drive Encryption for HP ProtectTools (HKLM-x32\...\Drive Encryption) (Version: 5.0.6.0 - Hewlett-Packard)
Drive Encryption for HP ProtectTools (Version: 5.0.6.0 - Hewlett-Packard) Hidden
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.0.15910 - Landesfinanzdirektion Thüringen)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
EPSON Copy Utility (HKLM-x32\...\{B69CC1A5-0404-11D6-ABCB-005004C21D30}) (Version:  - )
EPSON Photo Print (HKLM-x32\...\{D379964B-685C-44D5-AE46-C953A9FEEA14}) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON Smart Panel (HKLM-x32\...\{6C11D561-620B-47DA-A693-4C597F3CDF40}) (Version:  - )
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 5.0.1.4 - Hewlett-Packard)
FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Folder Marker v 1.4 (HKLM-x32\...\Folder Marker_is1) (Version: 1.4 - ArcticLine Software)
FreeFileSync 5.6 (HKLM-x32\...\FreeFileSync) (Version: 5.6 - ZenJu)
GALILEOS Viewer 1.9 (HKLM-x32\...\{A1AD28CE-ADDF-46F1-94DC-7D7ACBC1451B}) (Version: 1.9.4368.23293 - SICAT GmbH & Co. KG)
Garmin City Navigator Europe NT 2012.30 Update (HKLM-x32\...\{71401465-5DAD-4E95-BCFC-B13DFDD9771E}) (Version: 15.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2013.30 Update (HKLM-x32\...\{BD9FCA8B-7692-42BD-9AF3-88346B436CB0}) (Version: 16.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT v9 (HKLM-x32\...\{29EA075F-2C61-472F-B01D-80E8D8F023F1}) (Version: 9.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}) (Version: 2.9.3 - Garmin Ltd or its subsidiaries)
Garmin TOPO Deutschland v3 (HKLM-x32\...\{AE255C55-E0CF-4591-AA86-CAA19AA32C53}) (Version: 3.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{CCB71FF8-DE82-469C-8641-44378F4443EB}) (Version: 2.5.4 - Garmin Ltd or its subsidiaries)
Geberit ProPlanner 2013 R2 (HKLM-x32\...\{D06C9C18-D361-486A-9E6D-DBAFF1266028}) (Version: 3.3.000 - Geberit Verwaltungs AG)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Haufe Formular-Manager (HKLM-x32\...\{CE7F2CA3-ADA3-4907-9013-8B61C370B6E4}) (Version: 11.01.03.0001 - Haufe-Lexware GmbH & Co. KG)
Haufe iDesk-Browser (HKLM-x32\...\{0F32914F-A633-4516-B531-7084C8F19F93}) (Version: 10.10.14.0000 - Haufe-Lexware GmbH & Co. KG)
Haufe iDesk-Service (HKLM-x32\...\{F3A444B0-3BF9-11E1-A2DD-005056B12123}) (Version: 12.01.11.8176 - Haufe)
HP 3D DriveGuard (HKLM\...\{299625B9-6C69-462C-9CEA-8E06D878B1C5}) (Version: 4.0.5.1 - Hewlett-Packard Company)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Connection Manager (HKLM-x32\...\{DE637160-7A1C-4F73-B1AB-4300AE2C2DDE}) (Version: 3.1.3 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Documentation (HKLM-x32\...\{4054365C-8CD6-4F08-A2F9-44CADFD7A9D0}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.6.4.1 - Hewlett-Packard Company)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{1241CE77-0B65-40A0-B893-02EA49E35332}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{14BC5667-22B0-4DC4-8205-597053BBDDC9}) (Version: 13.0 - HP)
HP Photosmart C4340 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{20B8FE13-36FB-47A8-B43C-4BD23B36ADB2}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Power Assistant (HKLM\...\{09A06482-FAF9-4DC5-9EC7-D340B394E22A}) (Version: 2.0.6.0 - Hewlett-Packard Company)
HP Power Data (HKLM\...\{5CEE98FB-1963-4662-A780-410DA4533D53}) (Version: 1.0.35.187 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP QuickLook (HKLM\...\{E6BEE2A9-04CF-42FF-B95B-BB70FAD2DC3E}) (Version: 3.3.1.4 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{7861911B-4270-498A-8F7A-FCF0570F4877}) (Version: 1.0.1.62 - DeviceVM, Inc.)
HP QuickWeb (HKLM-x32\...\{7861911B-4270-498A-8F7A-FCF0570F48E3}) (Version: 1.0.1.74 - DeviceVM, Inc.)
HP Setup (HKLM-x32\...\{96AC1B0B-02D1-4FAA-9C1E-C92ECA74921A}) (Version: 8.2.4130.3367 - Hewlett-Packard Company)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP SoftPaq Download Manager (HKLM-x32\...\{2DA697D7-FED3-4DE2-A174-92A2A12F9688}) (Version: 3.0.5.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{18F4179A-385F-40EE-AE2D-FA0E1BE62753}) (Version: 4.5.12.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{04801E42-B1A6-4C52-9F3D-CADB5A050433}) (Version: 7.0.1.6 - Hewlett-Packard Company)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP System Default Settings (HKLM-x32\...\{C4E9E8A4-EEC4-4F9E-B140-520A8B75F430}) (Version: 2.4.1.2 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.26.3 - Roxio)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50012.1 - Sonix)
HP Wireless Assistant (HKLM\...\{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}) (Version: 4.0.10.0 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6300.0 - IDT)
Image Transfer (HKLM-x32\...\{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}) (Version:  - )
ImageMixer for Sony (HKLM-x32\...\{1B4AA674-F5CA-4BB5-831A-CD37B4021959}) (Version:  - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.8 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java Card Security for HP ProtectTools (HKLM\...\{F4477CC0-7293-414A-93BC-20EE897A80F0}) (Version: 5.0.4.1 - Hewlett-Packard)
Java(TM) SE Development Kit 7 Update 1 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170010}) (Version: 1.7.0.10 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexware buchhalter 2013 (HKLM-x32\...\{6AB4E5CD-0062-48E8-96A3-E5B4486DFCB3}) (Version: 18.04.00.0021 - Haufe-Lexware GmbH Co.KG)
Lexware Elster (HKLM-x32\...\{1C227C2E-2295-4820-87B1-4B13E98E6C66}) (Version: 13.15.00.0074 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (HKLM-x32\...\{8AE7E507-BC49-4DF0-A236-26878691AB53}) (Version: 2.90.00.0009 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM-x32\...\{607D1882-6E4E-4861-BAA3-16B12FA21C73}) (Version: 20.00.00.0059 - Haufe-Lexware GmbH Co.KG)
Lexware online banking V 2.39 (HKLM-x32\...\{66017349-81C8-48C3-B0E2-704DB146D70F}) (Version:  - )
LG Bluetooth Drivers (HKLM-x32\...\{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}) (Version: 1.1 - LG Electronics)
LG PC Suite IV (HKLM-x32\...\LG PC Suite IV) (Version: 4.3.80.20121017 - LG Electronics)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics)
LG USB Modem Drivers (HKLM-x32\...\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}) (Version: 4.9.4 - LG Electronics)
LightScribe System Software (HKLM-x32\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
LTplus architektur (HKLM-x32\...\{8E93D569-667D-4845-A677-B9FC54AFE9F2}_is1) (Version:  - ArchitektenInitiative e.V.)
LTplus architektur (HKLM-x32\...\{FAA933B5-F74F-4841-AA49-9735D6DD4256}_is1) (Version:  - ArchitektenInitiative e.V.)
LTplus EnEV 2010 (HKLM-x32\...\{BF024BF3-9FE5-4417-AA04-16A5FF937931}_is1) (Version:  - ArchitektenInitiative e.V.)
LTplus SketchUP Plugin 7.1 (HKLM-x32\...\LTplus SketchUP Plugin 7.1) (Version: 7.1 - ArchitektenInitiative e.V.)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Markets-pro Trading Plattform (HKLM-x32\...\Markets-pro Trading Plattform) (Version: 1.0.0.0 - Information Internet)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Media Go (HKLM-x32\...\{0F895695-33CC-4203-9C47-25EF2AC9441C}) (Version: 1.7.254 - Sony)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{963E5FEB-1367-46B9-851D-A957F1A3747F}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office SharePoint Designer 2007 (HKLM-x32\...\SharePointDesigner) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}) (Version:  - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Tool Web Package : EXCTRLST.EXE (HKLM-x32\...\{B0650E3D-FDCA-4908-B74B-0CC1731BDB93}) (Version: 1.00.0.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{75E2C40C-4345-4DD0-B5B3-B8EB92EEECB5}) (Version: 4.0.1679 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.4 - F.J. Wechselberger)
MySQL Workbench 5.2 CE (HKLM-x32\...\{455D9FD3-2AB6-44E0-BF49-B9E13911401A}) (Version: 5.2.38 - Oracle Corporation)
NDAS-Software 3.20.1523 (64-bit Windows) (HKLM\...\{07C16B8B-AE11-4515-888F-0BD2E0A9F2AD}) (Version: 3.20.1523 - XIMETA, Inc.)
Netzwerkaufzeichnungs-Player (HKLM-x32\...\{77A9065F-823B-4CDD-B28B-F340B69B62E3}) (Version: 28.4.0.14953 - Cisco WebEx LLC)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.34 - Symantec)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.8 - )
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation)
P1670 Referenzhandbuch (HKLM-x32\...\P1670 Referenzhandbuch) (Version:  - )
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Paragon Backup and Recovery™ 2014 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
pdfforge Toolbar v6.6 (HKLM-x32\...\{65739FA2-0444-4AB2-B598-872406539EBD}) (Version: 6.6 - Spigot, Inc.) <==== ATTENTION
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 9.0 - PlotSoft LLC)
Privacy Manager for HP ProtectTools (HKLM\...\{32394B71-1E8E-4233-8958-B84F4CDC8F4D}) (Version: 5.11.814 - Hewlett-Packard Company)
PS_AIO_03_C4340_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_Software_min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Qualcomm Gobi 2000 Package for HP (HKLM-x32\...\{5A771AE0-513F-4EC5-AB09-A7D3D22A2E20}) (Version: 1.1.240 - QUALCOMM)
Quicken 2011 - ServicePack 4 (HKLM-x32\...\{9DC1A9BA-070A-455F-8AC3-62587524ADFB}) (Version: 18.04.00.0123 - Haufe-Lexware GmbH & Co KG)
Quicken DELUXE 2004 (HKLM-x32\...\InstallShield_{00F115CE-9BDD-4729-9122-2476CD02856B}) (Version: 11.00.0000 - Lexware)
Quicken DELUXE 2004 (x32 Version: 11.00.0000 - Lexware) Hidden
Quicken DELUXE Jubiläumsversion (HKLM-x32\...\{A907A713-DA24-4352-8786-96C7A6944646}) (Version: 20.36.00.0134 - Haufe-Lexware GmbH & Co.KG)
Quicken Import Export Server Jubiläumsversion (HKLM-x32\...\{7FE9F5F5-8C9B-49F2-989C-BD885BD79B8D}) (Version: 20.30.00.0099 - Haufe-Lexware GmbH & Co.KG)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Richtig_Kontieren_von_A_Z (HKLM-x32\...\{83F8B710-715B-47B6-AD4D-036280EC269B}) (Version: 16.0.0.0 - Haufe-Lexware GmbH & Co. KG)
RICOH Media Driver (HKLM-x32\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.14.00.05 - RICOH)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SDK (x32 Version: 2.26.012 - Portrait Displays, Inc.) Hidden
Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sigma Data Center 3.2 (HKLM-x32\...\Sigma Data Center3.2) (Version: 3.2 - Sigma Elektro GmbH)
Sigma Data Center 3.3 (HKLM-x32\...\Sigma Data Center3.3) (Version: 3.3 - Sigma Elektro GmbH)
SketchUp 2014 (HKLM-x32\...\{D71C0CA7-A245-4CB7-A958-7DB3377602AE}) (Version: 14.0.4900 - Trimble Navigation Limited)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartTools Publishing • Word Falz & Lochmarken-Assistent (HKLM-x32\...\SmartToolsFalz & Lochmarken-Assistentv7.00) (Version: v7.00 - SmartTools Publishing)
SmartTools Publishing • Word Sonderzeichen-Assistent (HKLM-x32\...\SmartToolsSonderzeichen-Assistentv2.00) (Version: v2.00 - SmartTools Publishing)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Softi FreeOCR (HKLM-x32\...\{ABBACAD2-4DAF-490E-932B-E330B33FCF98}) (Version: 2.6.0 - Softi Software)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 28.1.86200 - Sonos, Inc.)
Sony Ericsson Update Service (HKLM-x32\...\Update Service) (Version: 2.11.5.6 - Sony Ericsson Mobile Communications AB)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.9.201406230908 - Sony Mobile Communications AB)
Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steuer-Spar-Erklärung 2009 (HKLM-x32\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.01.0000 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2010 (HKLM-x32\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.15 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.18 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.28.138 - Akademische Arbeitsgemeinschaft)
Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version:  - )
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{4DF1691E-8012-4E7C-89CF-3F7B9146DA6E}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.12979 - TeamViewer)
Theft Recovery (HKLM-x32\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 5.1.0.21 - Hewlett-Packard)
Theft Recovery (x32 Version: 5.1.0.21 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Trader Workstation (HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Trader Workstation) (Version:  - Interactive Brokers)
Trader Workstation 4.0 (HKLM-x32\...\Trader Workstation 4.0) (Version:  - )
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.73 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.245 - TuneUp Software) Hidden
TZ-EasyBuch Start  (HKLM-x32\...\TZ-EasyBuch Start) (Version:  - Thomas Zeh)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Validity Fingerprint Driver (HKLM\...\{DD966CEF-5EA9-4BA2-B210-490FEBC27EA7}) (Version: 4.0.15.0 - Validity Sensors, Inc.)
VCDS PCI 11.11 (HKLM-x32\...\VCDS PCI) (Version: PCI 11.11 - PCI Diagnosetechnik GmbH & Co. KG)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Vim 7.3 (self-installing) (HKLM\...\Vim 7.3) (Version:  - )
Vodafone Mobile Broadband (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.1.108.29105 - Vodafone)
vtiger CRM Office Plug-in 5.0.4 (HKLM-x32\...\{194D92D9-8A52-4C0D-8C3F-0D12B0DE28D7}) (Version:  - )
vtiger CRM Outlook plugin 2.1 (64-bit) (HKLM\...\vtiger CRM Outlook plugin 2.1 (64-bit)) (Version:  - Vtiger)
vtigercrm-5.3.0 (HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\vtigercrm-5.3.0) (Version:  - )
WD Discovery (HKLM-x32\...\{A80AE043-EF68-4B64-9C6F-088405FED315}) (Version: 102.0.1.10 - Western Digital Technologies, Inc.)
WD My Cloud (HKLM\...\{8F19C800-80A5-4636-B560-39A58112D45B}) (Version: 1.0.4.37 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{BE1B25F9-5A51-4DB8-81FA-CE0CABC14D07}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{FECF90E3-FDEA-4A87-8A06-2683388C69C4}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{647175e1-9944-4a82-bac1-102c95f0a99a}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WEB.DE Club SmartFax (HKLM-x32\...\WEB.DE Club SmartFax) (Version: 2.00.235 - 1&1 Mail & Media GmbH)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wertpapieranalyse 2011 (HKLM-x32\...\{F625701A-E55C-47B4-8FC0-52B4FFE306BB}) (Version: 1.00.0003 - Haufe-Lexware GmbH & Co. KG)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\2DC0AA065FA83047D7ECD51C7000C1620D79A4C5) (Version: 02/17/2009 2.04.16 - FTDI)
Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\51A4D522DD31538335EF5736F0E7F588C70BCB12) (Version: 02/17/2009 2.04.16 - FTDI)
Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02) (HKLM\...\F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443) (Version: 06/16/2010 2.06.02 - Ross-Tech)
Windows-Treiberpaket - SIGMA Elektro GmbH (usbser) Ports  (04/27/2012 5.1.2600.5512) (HKLM\...\DCCAC4C88E429408A2DDF8C0C5BAEB9187FA5713) (Version: 04/27/2012 5.1.2600.5512 - SIGMA Elektro GmbH)
WinRAR 5.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
XAMPP 1.7.1 (HKLM-x32\...\xampp) (Version:  - )
XBRL Tool (HKLM-x32\...\{53A2399A-7ECE-4717-9CD0-1C57FD35BBCA}) (Version: 1.9.0 - ITA Systemhaus GmbH)
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
XMLmind XML Editor Personal Edition 4.6.0 (2010-05-31) (HKLM-x32\...\XMLmind XML Editor_is1) (Version: 4.6.0 - XMLmind)
XMLServiceToolV2 (HKLM-x32\...\{0F72FEF7-6E87-49C5-AB0E-FBAFD0E00EF2}) (Version: 2.0.0 - Bundesanzeiger)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

12-04-2015 13:47:51 Removed PDF Architect
13-04-2015 11:48:42 Windows-Sicherung
13-04-2015 16:55:42 Removed WD My Cloud
13-04-2015 18:12:30 Installed WD Discovery
13-04-2015 18:19:39 WD SmartWare Installer
16-04-2015 09:15:07 Windows Update
16-04-2015 09:45:53 Installed Sonos Controller.
16-04-2015 11:31:08 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-04-18 12:24 - 00450771 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com
127.0.0.1        123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {001933A8-3016-4963-8B69-09B00BD41833} - \Plus-HD-3.8-codedownloader No Task File <==== ATTENTION
Task: {06283FF5-567C-4E7B-902F-4E7A84945D32} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {08498D11-C830-45A6-80E4-B08EC8116490} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {1900BDE0-6E60-458D-9BBD-788CDBC6BE8A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {1BF7F865-DFC4-4BB9-84D0-95A54C4FDCD3} - System32\Tasks\{405953F1-54EC-4820-B1B7-CB52898624C4} => pcalua.exe -a C:\Users\kami\Downloads\USBDrivers_23.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {1CDAC75A-A1BB-4D04-9630-64A18F451B58} - System32\Tasks\GoogleUpdateTaskMachineUA1cfffdf66526ee7 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {1D3A14F6-6594-4D40-A055-303C7DBB67DE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {41DDAF3D-7352-4F37-8E87-8CB214F157FC} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {47811B2F-2343-4CB2-9140-C3E42AD7C1FE} - \Plus-HD-3.8-firefoxinstaller No Task File <==== ATTENTION
Task: {4872684A-CC41-4E96-90EE-23B6B7C308FE} - System32\Tasks\{F6F71C2E-4C20-44B7-9DDD-C0E18F922370} => pcalua.exe -a C:\Users\kami\Downloads\jxpiinstall.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {499D170C-5FEB-4231-8DEE-23C591D5D5D8} - \Plus-HD-3.8-chromeinstaller No Task File <==== ATTENTION
Task: {529BD07D-ACE0-4638-AA71-CA5A93B28ED8} - System32\Tasks\{4E98F3FB-7896-4058-BD13-823D6945B38F} => pcalua.exe -a "C:\Users\kami\Documents\My Projects\Zyste\Kiefer-CT\DV31\DE_DE\SETUPW2K.EXE" -d "C:\Users\kami\Documents\My Projects\Zyste\Kiefer-CT\DV31\DE_DE"
Task: {53BD8261-DF20-4254-A0A5-09F7295623AB} - System32\Tasks\{A20C8E88-8BEE-43D1-80E4-CCA6A63FD689} => pcalua.exe -a C:\Users\kami\Downloads\zumo550_440.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {575A5CCE-D922-435E-8CE5-6B9A47BBA28B} - System32\Tasks\{7EE4D7BA-9010-475C-AD3D-4149B76B04A0} => pcalua.exe -a "C:\Program Files (x86)\ElsterFormular\bin\installationsverwaltung.exe" -d "C:\Program Files (x86)\ElsterFormular\bin" -c --zeigeDlg
Task: {60AEE8DF-D87A-424E-8D37-F357C03B19B1} - System32\Tasks\{BEE6F6BC-7E4E-4156-B456-4BC6B32E9CFC} => pcalua.exe -a C:\Users\kami\Downloads\VirtualBox-4.3.26-98988-Win.exe -d C:\Users\kami\Desktop
Task: {64EE2590-8AD0-4CF8-9776-19F80B91032C} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2011-05-10] (Hewlett-Packard)
Task: {73646A09-01DF-4BEC-8410-7A6AE7C76317} - \Plus-HD-3.8-updater No Task File <==== ATTENTION
Task: {768DF770-0874-4AAD-901E-3FEA36209A02} - System32\Tasks\{3FB10DA3-D217-4D1D-A771-73D471FA49B1} => pcalua.exe -a G:\BMW-Diagnose\LuPeDi-CD\VMware-player-4.0.1-528992.exe -d G:\BMW-Diagnose\LuPeDi-CD
Task: {76A33DD5-687B-4858-B2A4-EF9C08D5F959} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {7B8CFA59-807A-4655-9875-EEDEC70E3777} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {7F761247-E1AF-4456-9207-4A11B453F630} - System32\Tasks\{287FC240-3430-4628-A791-173374ACA4CF} => pcalua.exe -a "C:\VAIS GmbH\Equipment\Nikon Coolpix P500\F-P500-V11W.exe" -d "C:\VAIS GmbH\Equipment\Nikon Coolpix P500"
Task: {88A4FA0C-9E4A-4A24-977F-CE990BA1AA65} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8CF46AA4-9CC9-4A74-A0F9-0F9E299AA524} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {9D6B54ED-177F-47FF-B1EB-95D9CEDEAD34} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {A57C7A01-277D-4D15-A4BA-CA7D721817C4} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2011-07-31] (Haufe-Lexware GmbH & Co. KG)
Task: {A7218D38-69E6-4613-A538-20DD7105C023} - System32\Tasks\{046986FD-9DB1-4173-A375-483BF9D48683} => pcalua.exe -a C:\Users\kami\Downloads\HijackThis.exe -d C:\Users\kami\Desktop
Task: {B0A3A30D-AB38-4825-B792-0C4C23D2141D} - System32\Tasks\{8DD31CD2-8F7C-4809-A0DC-3D78AE6D2EBA} => pcalua.exe -a C:\Users\kami\Downloads\jxpiinstall(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {B6886E16-78D2-4BA2-80D7-69A8EB0BF45A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {B6C8C5F6-F6C7-45BA-9BFC-AF612B65BE58} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-10] (Oracle Corporation)
Task: {B7DBF47E-DC3B-42B5-ADB6-B3864C826B0B} - System32\Tasks\{D977A8D3-C6B2-4D0E-8DEA-C673B3B19161} => pcalua.exe -a C:\Users\kami\Downloads\F-P500-V11W.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {B8D3B2D9-07A9-4875-AE6E-5C18921CDCAE} - System32\Tasks\{05045DF5-9001-44CA-A8E1-54E8DB85B6F1} => pcalua.exe -a C:\Users\kami\Downloads\wrdszch.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {B8EE803A-E92F-43C6-A773-8374447A3E11} - System32\Tasks\{0F2BF6C1-C062-480F-84CD-9A531DDBA372} => pcalua.exe -a C:\LTplusCAD\LTplus.exe -d C:\LTplusCAD -c /B ltsetup.scr
Task: {BCC46F08-5CD5-42CC-9378-327BA4284D62} - System32\Tasks\{5061C3C4-0A3A-474E-918E-D32C552B168C} => pcalua.exe -a C:\Users\kami\Downloads\sp54177.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {C2FBB3EE-F010-4B3C-A201-A91F236DA2EC} - \Plus-HD-3.8-enabler No Task File <==== ATTENTION
Task: {C4A17781-6F9D-4116-8E58-1B051E5EAF86} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {C58C3221-9713-4F19-923F-50E5674D7145} - System32\Tasks\{74EF2365-0D63-4583-9BCC-2FD89228B725} => pcalua.exe -a C:\Users\kami\Downloads\LTplus_SketchUP.exe -d C:\Users\kami\Downloads
Task: {C720A7E1-77FD-4AEF-9B54-2E57F75F3D47} - System32\Tasks\{CBD9BC13-72E0-4024-900F-DB43F8C2D5BF} => C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
Task: {C9DEB7EB-7896-4346-80FA-0274F70206B3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {CFFFD4B8-026B-46E1-967C-E0B39FB0F775} - System32\Tasks\{1543AE92-FCE4-4364-A7D8-1EA7D9234B81} => pcalua.exe -a C:\Users\kami\Downloads\LTplus_SketchUP(1).exe -d C:\Users\kami\Downloads
Task: {E027C661-49DA-4A77-9278-0DBAA1B3D060} - System32\Tasks\{DE6BC2ED-4D34-4602-AE3C-3357C8C96680} => pcalua.exe -a D:\setup_vmc_lite.exe -d D:\ -c /checkApplicationPresence
Task: {E486B4CA-EE16-4464-BD4E-206BF5553C94} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {E4A5226E-5589-477E-960D-4E7D79AB8FC9} - System32\Tasks\HnmIsEN3HeBGjmHRcutCSbAF6p => C:\Users\kami\AppData\Roaming\HnmIsEN3HeBGjmHRcutCSbAF6p.exe <==== ATTENTION
Task: {E9651246-1E99-43D6-9CC2-835C1554CE73} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated)
Task: {E9BD553D-0254-4BBF-9838-026B9A4DD3D6} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG)
Task: {ED2C4FF2-1097-4757-B28C-B590AB00AB0F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {F1174B2C-0522-44F4-ACB9-C9A13ED06D3B} - System32\Tasks\HPCeeScheduleForkami => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {F75C495F-1484-4C60-AF41-CB80528A9C41} - System32\Tasks\{AD831500-7CCF-4C8A-B6EE-42468807CDEE} => pcalua.exe -a C:\Users\kami\Downloads\sp57708.exe -d C:\Users\kami\Downloads
Task: {F769D86F-0104-4FE3-9AE9-F4C5A98E43B5} - System32\Tasks\Trader Workstation Update => C:\Jts\WiseUpdt.exe [2006-11-08] ()
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1cfffdf66526ee7.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HnmIsEN3HeBGjmHRcutCSbAF6p.job => C:\Users\kami\AppData\Roaming\HnmIsEN3HeBGjmHRcutCSbAF6p.exe <==== ATTENTION
Task: C:\windows\Tasks\HPCeeScheduleForkami.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2013-08-23 00:29 - 2006-02-23 11:35 - 00020480 _____ () C:\windows\System32\FritzColorPort64.dll
2013-08-23 00:29 - 2006-02-22 10:39 - 00020480 _____ () C:\windows\System32\FritzPort64.dll
2012-07-03 11:51 - 2011-04-02 16:05 - 00290304 _____ () C:\windows\System32\HP1100LM.DLL
2012-07-03 11:53 - 2011-04-02 16:04 - 00074240 _____ () C:\windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2009-03-16 13:29 - 2009-03-16 13:29 - 06562432 _____ () c:\xampp\mysql\bin\mysqld.exe
2009-05-08 16:41 - 2009-05-08 16:41 - 05750784 _____ () C:\Program Files (x86)\vtigercrm-5.3.0\mysql\bin\mysqld-nt.exe
2011-09-12 18:02 - 2011-09-12 18:02 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-07-18 23:04 - 2011-07-18 23:04 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2011-03-29 21:58 - 2002-10-16 20:20 - 00073728 _____ () C:\Program Files (x86)\Sony Corporation\Image Transfer\SonyTray.exe
2015-03-13 15:54 - 2015-03-13 15:54 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2011-02-03 22:39 - 2010-04-21 10:59 - 00058880 _____ () C:\Program Files (x86)\Hardcopy\HcDLL2_30_x64.dll
2015-04-08 19:32 - 2014-06-23 08:07 - 00113376 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2008-01-18 01:17 - 2008-01-18 01:17 - 00073782 _____ () c:\xampp\apache\bin\zlib1.dll
2007-02-04 11:14 - 2007-02-04 11:14 - 00020687 _____ () C:\xampp\php\zendOptimizer\lib\ZendExtensionManager.dll
2009-02-25 16:54 - 2009-02-25 16:54 - 00166912 _____ () c:\xampp\apache\bin\libmcrypt.dll
2009-02-25 16:54 - 2009-02-25 16:54 - 02076672 _____ () c:\xampp\apache\bin\LIBMYSQL.dll
2009-02-25 16:54 - 2009-02-25 16:54 - 00464172 _____ () c:\xampp\apache\bin\LIBPQ.dll
2007-10-25 10:34 - 2007-10-25 10:34 - 00163840 _____ () c:\xampp\apache\bin\pslib.dll
2007-10-30 14:28 - 2007-10-30 14:28 - 00086016 _____ () c:\xampp\apache\bin\pxlib.dll
2008-01-07 17:47 - 2008-01-07 17:47 - 00721095 _____ () C:\xampp\php\zendOptimizer\lib\Optimizer\php-5.2.x\ZendOptimizer.dll
2012-01-11 01:57 - 2012-01-11 01:57 - 00071024 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\zlib.pyd
2012-01-11 02:05 - 2012-01-11 02:05 - 00103792 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\pywintypes24.dll
2012-01-11 02:05 - 2012-01-11 02:05 - 00032112 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32process.pyd
2012-01-11 02:05 - 2012-01-11 02:05 - 00019312 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32event.pyd
2012-01-11 01:57 - 2012-01-11 01:57 - 00054640 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\_socket.pyd
2012-01-11 01:57 - 2012-01-11 01:57 - 00017264 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\_ssl.pyd
2012-01-11 01:50 - 2012-01-11 01:50 - 00832880 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\LIBEAY32.dll
2012-01-11 01:50 - 2012-01-11 01:50 - 00161136 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\SSLEAY32.dll
2012-01-11 02:05 - 2012-01-11 02:05 - 00075120 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32api.pyd
2012-01-11 02:05 - 2012-01-11 02:05 - 00019312 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32evtlog.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00021360 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\persistent.cPersistence.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00014192 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\persistent.TimeStamp.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00020848 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\persistent.cPickleCache.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00026480 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Acquisition._Acquisition.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00020848 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\ExtensionClass._ExtensionClass.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00010608 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\ComputedAttribute._ComputedAttribute.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00026992 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\AccessControl.cAccessControl.pyd
2012-01-11 04:08 - 2012-01-11 04:08 - 00013168 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Record._Record.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00020336 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\DocumentTemplate.cDocumentTemplate.pyd
2012-01-11 01:57 - 2012-01-11 01:57 - 00140656 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\pyexpat.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00058736 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._OOBTree.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00062832 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._OIBTree.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00062832 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._IOBTree.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00062832 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._IIBTree.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00011120 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Persistence._Persistence.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00010096 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\MethodObject._MethodObject.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00011120 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Missing._Missing.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00011632 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\MultiMapping._MultiMapping.pyd
2012-01-11 01:57 - 2012-01-11 01:57 - 00013680 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\select.pyd
2012-01-11 04:08 - 2012-01-11 04:08 - 00010096 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\ZODB.winlock.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00010096 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Products.ZCTextIndex.stopper.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00010096 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Products.ZCTextIndex.okascore.pyd
2012-01-11 04:08 - 2012-01-11 04:08 - 00341360 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\_jpype.pyd
2012-01-11 04:08 - 2012-01-11 04:08 - 00013168 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\TextIndexNG2\normalizer.pyd
2012-01-11 04:08 - 2012-01-11 04:08 - 00012656 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\TextIndexNG2\indexsupport.pyd
2010-10-14 06:38 - 2010-10-14 06:38 - 00583168 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\OSR32V10.dll
2012-01-11 04:07 - 2012-01-11 04:07 - 00062832 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._fsBTree.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00271728 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\M2Crypto.__m2crypto.pyd
2008-01-18 01:17 - 2008-01-18 01:17 - 00073782 _____ () C:\xampp\apache\bin\zlib1.dll
2009-02-25 16:54 - 2009-02-25 16:54 - 00166912 _____ () C:\xampp\apache\bin\libmcrypt.dll
2009-02-25 16:54 - 2009-02-25 16:54 - 02076672 _____ () C:\xampp\apache\bin\LIBMYSQL.dll
2009-02-25 16:54 - 2009-02-25 16:54 - 00464172 _____ () C:\xampp\apache\bin\LIBPQ.dll
2007-10-25 10:34 - 2007-10-25 10:34 - 00163840 _____ () C:\xampp\apache\bin\pslib.dll
2007-10-30 14:28 - 2007-10-30 14:28 - 00086016 _____ () C:\xampp\apache\bin\pxlib.dll
2015-04-07 21:15 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-07 21:15 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-07 21:15 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2009-05-08 16:41 - 2009-05-08 16:41 - 02076672 _____ () C:\Program Files (x86)\vtigercrm-5.3.0\apache\bin\LIBMYSQL.dll
2010-03-13 05:27 - 2010-03-13 05:27 - 00168280 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMBIOSController.dll
2015-04-07 21:15 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-07 21:15 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-04-08 19:32 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2015-04-08 19:32 - 2014-12-04 14:18 - 00241152 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2013-06-11 09:31 - 2013-06-11 09:31 - 00090112 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CalEngine.dll
2012-04-04 14:33 - 2012-04-04 14:33 - 00139776 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CAgdLNotes.dll
2013-01-08 17:02 - 2013-01-08 17:02 - 00163840 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CAgdOutlook.dll
2012-07-26 11:51 - 2012-07-26 11:51 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VistaCalendar.dll
2015-04-08 19:32 - 2010-01-11 15:44 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
2011-01-05 15:01 - 2011-01-05 15:01 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PimNotes.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2011-03-29 21:58 - 2002-10-16 20:20 - 00012288 _____ () C:\Program Files (x86)\Sony Corporation\Image Transfer\SonyTray.dll
2010-03-13 05:25 - 2010-03-13 05:25 - 00602624 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.UI.ViewModel.dll
2010-03-13 05:25 - 2010-03-13 05:25 - 00355328 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Application.dll
2010-03-13 05:24 - 2010-03-13 05:24 - 00130048 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP.ShinyNoire.UI.dll
2010-03-13 05:27 - 2010-03-13 05:27 - 00136040 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.SharedUI.WPF.dll
2010-03-13 05:24 - 2010-03-13 05:24 - 00015360 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Resources.WPF.dll
2010-03-13 05:24 - 2010-03-13 05:24 - 00014848 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.Resources.WPF.resources.dll
2010-03-13 05:24 - 2010-03-13 05:24 - 01601536 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\en-US\HP.ShinyNoire.UI.resources.dll
2010-03-13 05:26 - 2010-03-13 05:26 - 00311296 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.SharedUI.WPF.resources.dll
2010-03-13 05:24 - 2010-03-13 05:24 - 00483328 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\en-US\SmithMicro.Resources.WPF.resources.dll
2010-03-13 05:25 - 2010-03-13 05:25 - 00059904 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.UI.Models.dll
2010-03-13 05:26 - 2010-03-13 05:26 - 00195584 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.WwanDiagnostics.dll
2010-03-13 05:24 - 2010-03-13 05:24 - 00573440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Message.XmlSerializers.dll
2010-03-13 05:25 - 2010-03-13 05:25 - 00045056 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Application.XmlSerializers.dll
2010-03-13 05:25 - 2010-03-13 05:25 - 00005120 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.Application.resources.dll
2010-03-13 05:25 - 2010-03-13 05:25 - 00015872 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.UI.ViewModel.resources.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2011-03-08 05:44 - 2011-03-23 20:46 - 00466944 _____ () C:\Program Files (x86)\SmartTools\Word Falz & Lochmarken-Assistent\adxloader.dll
2013-12-05 13:08 - 2013-12-05 13:08 - 00495616 _____ () C:\Users\kami\AppData\Local\assembly\dl3\YNQE85JZ.M4J\VJ5OYTVX.MAE\9366e6d6\00f8b38e_8380c901\Interop.Word.DLL
2012-08-05 11:22 - 2011-05-07 03:53 - 00190836 _____ () C:\Program Files (x86)\SmartTools\Word Falz & Lochmarken-Assistent\STP_FuncLib.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\kami\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken 2004 Zahlungserinnerung.lnk => C:\windows\pss\Quicken 2004 Zahlungserinnerung.lnk.CommonStartup
MSCONFIG\startupreg: Iminent => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
MSCONFIG\startupreg: IminentMessenger => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background

==================== Accounts: =============================

Administrator (S-1-5-21-2479338598-3314396831-1710804073-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-2479338598-3314396831-1710804073-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2479338598-3314396831-1710804073-1004 - Limited - Enabled)
Hotel (S-1-5-21-2479338598-3314396831-1710804073-1007 - Limited - Enabled) => C:\Users\Hotel
kami (S-1-5-21-2479338598-3314396831-1710804073-1003 - Administrator - Enabled) => C:\Users\kami
RF (S-1-5-21-2479338598-3314396831-1710804073-1005 - Limited - Enabled) => C:\Users\RF
Sonos (S-1-5-21-2479338598-3314396831-1710804073-1016 - Limited - Enabled)
Vais (S-1-5-21-2479338598-3314396831-1710804073-1006 - Administrator - Enabled) => C:\Users\Vais

==================== Faulty Device Manager Devices =============

Name: YAC Ring3 Driver
Description: YAC Ring3 Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: iSafeKrnlR3
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: YAC Kit Driver
Description: YAC Kit Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: iSafeKrnlKit
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/18/2015 04:22:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.17296 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2fbc

Startzeit: 01d079e0bb1d060b

Endzeit: 26

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID:

Error: (04/18/2015 00:51:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SDImmunize.exe, Version 2.4.40.130 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2634

Startzeit: 01d079bba02b7b6d

Endzeit: 1123

Anwendungspfad: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe

Berichts-ID: 2ea2100d-e5b8-11e4-8c29-70f395d12e69

Error: (04/18/2015 10:16:14 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (04/18/2015 10:16:14 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (04/18/2015 10:16:14 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (04/18/2015 10:10:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (04/18/2015 10:10:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (04/18/2015 01:47:17 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (04/17/2015 10:58:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (04/17/2015 10:58:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.


System errors:
=============
Error: (04/18/2015 05:17:23 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (04/18/2015 05:04:31 PM) (Source: DCOM) (EventID: 10016) (User: Beta)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}BetakamiS-1-5-21-2479338598-3314396831-1710804073-1003LocalHost (unter Verwendung von LRPC)

Error: (04/18/2015 05:04:31 PM) (Source: DCOM) (EventID: 10016) (User: Beta)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}BetakamiS-1-5-21-2479338598-3314396831-1710804073-1003LocalHost (unter Verwendung von LRPC)

Error: (04/18/2015 04:22:20 PM) (Source: DCOM) (EventID: 10016) (User: Beta)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}BetakamiS-1-5-21-2479338598-3314396831-1710804073-1003LocalHost (unter Verwendung von LRPC)

Error: (04/18/2015 04:22:20 PM) (Source: DCOM) (EventID: 10016) (User: Beta)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}BetakamiS-1-5-21-2479338598-3314396831-1710804073-1003LocalHost (unter Verwendung von LRPC)

Error: (04/18/2015 04:10:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Haufe iDesk-Service in C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/18/2015 04:09:47 PM) (Source: DCOM) (EventID: 10016) (User: Beta)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}BetakamiS-1-5-21-2479338598-3314396831-1710804073-1003LocalHost (unter Verwendung von LRPC)

Error: (04/18/2015 04:09:47 PM) (Source: DCOM) (EventID: 10016) (User: Beta)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}BetakamiS-1-5-21-2479338598-3314396831-1710804073-1003LocalHost (unter Verwendung von LRPC)

Error: (04/18/2015 04:06:17 PM) (Source: DCOM) (EventID: 10016) (User: Beta)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}BetakamiS-1-5-21-2479338598-3314396831-1710804073-1003LocalHost (unter Verwendung von LRPC)

Error: (04/18/2015 04:06:17 PM) (Source: DCOM) (EventID: 10016) (User: Beta)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}BetakamiS-1-5-21-2479338598-3314396831-1710804073-1003LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================

NoMW! 18.04.2015 18:56
Matthias, ich kann heute wahrscheinlich nicht mehr antworten.

Gmer.txt:

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-18 18:41:36
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PC3O 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\kami\AppData\Local\Temp\pxldqpow.sys


---- Kernel code sections - GMER 2.1 ----

.text  C:\windows\System32\win32k.sys!W32pServiceTable                                                                                                          fffff96000124c00 7 bytes [00, 93, F3, FF, 41, A4, F0]
.text  C:\windows\System32\win32k.sys!W32pServiceTable + 8                                                                                                      fffff96000124c08 3 bytes [00, 07, 02]

---- User code sections - GMER 2.1 ----

.text  C:\windows\system32\taskhost.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                        000000007729de30 6 bytes {JMP QWORD [RIP+0x8ea2200]}
.text  C:\windows\system32\taskhost.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                                000000007729de40 6 bytes {JMP QWORD [RIP+0x8f021f0]}
.text  C:\windows\system32\taskhost.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                          000000007729df00 6 bytes {JMP QWORD [RIP+0x8ee2130]}
.text  C:\windows\system32\taskhost.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                        000000007729e120 6 bytes {JMP QWORD [RIP+0x8ec1f10]}
.text  C:\windows\system32\taskhost.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                        000000007729e1d0 6 bytes {JMP QWORD [RIP+0x8e61e60]}
.text  C:\windows\system32\taskhost.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                                    000000007729e760 6 bytes {JMP QWORD [RIP+0x8e818d0]}
.text  C:\windows\system32\taskhost.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                  000000007729f100 6 bytes {JMP QWORD [RIP+0x8f20f30]}
.text  C:\windows\system32\taskhost.exe[2684] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                            000007fefd3fa6f5 3 bytes [15, 59, 05]
.text  C:\windows\Explorer.EXE[3100] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                000000007729de30 6 bytes {JMP QWORD [RIP+0x8ea2200]}
.text  C:\windows\Explorer.EXE[3100] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                                          000000007729de40 6 bytes {JMP QWORD [RIP+0x8f021f0]}
.text  C:\windows\Explorer.EXE[3100] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                    000000007729df00 6 bytes {JMP QWORD [RIP+0x8ee2130]}
.text  C:\windows\Explorer.EXE[3100] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                  000000007729e120 6 bytes {JMP QWORD [RIP+0x8ec1f10]}
.text  C:\windows\Explorer.EXE[3100] C:\windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                000000007729e1d0 6 bytes {JMP QWORD [RIP+0x8e61e60]}
.text  C:\windows\Explorer.EXE[3100] C:\windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                                              000000007729e760 6 bytes {JMP QWORD [RIP+0x8e818d0]}
.text  C:\windows\Explorer.EXE[3100] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                            000000007729f100 6 bytes {JMP QWORD [RIP+0x8f20f30]}
.text  C:\windows\Explorer.EXE[3100] C:\windows\system32\kernel32.dll!CreateProcessInternalW                                                                    000000007714dbc0 6 bytes {JMP QWORD [RIP+0x9092470]}
.text  C:\windows\Explorer.EXE[3100] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                    000007fefd3fa6f5 3 bytes [15, 59, 05]
.text  C:\windows\Explorer.EXE[3100] C:\windows\system32\msi.dll!MsiSetInternalUI                                                                                000007feed8d5c70 6 bytes {JMP QWORD [RIP+0x9da3c0]}
.text  C:\windows\Explorer.EXE[3100] C:\windows\system32\msi.dll!MsiInstallProductA                                                                              000007feed952ad4 2 bytes [FF, 25]
.text  C:\windows\Explorer.EXE[3100] C:\windows\system32\msi.dll!MsiInstallProductA + 3                                                                          000007feed952ad7 3 bytes [D5, 91, 00]
.text  C:\windows\Explorer.EXE[3100] C:\windows\system32\msi.dll!MsiInstallProductW                                                                              000007feed96167c 6 bytes {JMP QWORD [RIP+0x92e9b4]}
.text  C:\windows\Explorer.EXE[3100] C:\windows\system32\WINSPOOL.DRV!AddPrintProvidorA                                                                          000007fefaec7b34 6 bytes {JMP QWORD [RIP+0x884fc]}
.text  C:\windows\Explorer.EXE[3100] C:\windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                                          000007fefaed03c0 6 bytes {JMP QWORD [RIP+0xcfc70]}
.text  C:\windows\Explorer.EXE[3100] C:\windows\system32\WS2_32.dll!WSALookupServiceBeginW                                                                      000007fefe063030 6 bytes {JMP QWORD [RIP+0x158d000]}
.text  C:\windows\Explorer.EXE[3100] C:\windows\system32\WS2_32.dll!connect + 1                                                                                  000007fefe0645c1 5 bytes {JMP QWORD [RIP+0x152ba70]}
.text  C:\windows\Explorer.EXE[3100] C:\windows\system32\WS2_32.dll!listen                                                                                      000007fefe068290 6 bytes {JMP QWORD [RIP+0x1567da0]}
.text  C:\windows\Explorer.EXE[3100] C:\windows\system32\WS2_32.dll!WSAConnect                                                                                  000007fefe08e0f0 6 bytes {JMP QWORD [RIP+0x1521f40]}
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess                                          000000007744fc1c 3 bytes JMP 7178000a
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                      000000007744fc20 2 bytes JMP 7178000a
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile                                  000000007744fc34 3 bytes JMP 716f000a
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                              000000007744fc38 2 bytes JMP 716f000a
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                            000000007744fd60 3 bytes JMP 7172000a
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                        000000007744fd64 2 bytes JMP 7172000a
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                          00000000774500b0 3 bytes JMP 7175000a
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                      00000000774500b4 2 bytes JMP 7175000a
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                                          00000000774501c0 3 bytes JMP 717e000a
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                      00000000774501c4 2 bytes JMP 717e000a
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                      0000000077450a40 3 bytes JMP 717b000a
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                  0000000077450a44 2 bytes JMP 717b000a
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread                                    000000007745191c 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                0000000077451920 2 bytes [6B, 71]
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW                              0000000076413b93 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                          0000000076413b97 2 bytes [68, 71]
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                              0000000075ea2c9e 4 bytes CALL 71af0000
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\syswow64\WS2_32.dll!WSALookupServiceBeginW                                0000000075ee575a 6 bytes JMP 719c000a
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\syswow64\WS2_32.dll!connect                                              0000000075ee6bdd 6 bytes JMP 71a5000a
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\syswow64\WS2_32.dll!listen                                                0000000075eeb001 6 bytes {JMP QWORD [RIP+0x719e001e]}
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\syswow64\WS2_32.dll!WSAConnect                                            0000000075eecc3f 6 bytes {JMP QWORD [RIP+0x71a1001e]}
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess                                          000000007744fc1c 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                      000000007744fc20 2 bytes [77, 71]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile                                    000000007744fc34 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                000000007744fc38 2 bytes [6E, 71]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                              000000007744fd60 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                          000000007744fd64 2 bytes [71, 71]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                            00000000774500b0 3 bytes JMP 7175000a
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                        00000000774500b4 2 bytes JMP 7175000a
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                                          00000000774501c0 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                      00000000774501c4 2 bytes [7D, 71]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                        0000000077450a40 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                    0000000077450a44 2 bytes [7A, 71]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread                                      000000007745191c 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                  0000000077451920 2 bytes [6B, 71]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW                              0000000076413b93 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                          0000000076413b97 2 bytes [68, 71]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                              0000000075ea2c9e 4 bytes {CALL QWORD [RIP+0x71af000a]}
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\USER32.dll!SendMessageW                                          0000000076b09679 6 bytes {JMP QWORD [RIP+0x718c001e]}
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\USER32.dll!PostMessageW                                          0000000076b112a5 6 bytes JMP 7187000a
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\USER32.dll!PostMessageA                                          0000000076b13baa 6 bytes {JMP QWORD [RIP+0x7189001e]}
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\USER32.dll!GetMenu + 412                                          0000000076b151dd 7 bytes JMP 000000011003ac50
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\USER32.dll!PeekMessageA + 407                                    0000000076b1610b 7 bytes JMP 000000011003b000
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\USER32.dll!SendMessageA                                          0000000076b1612e 6 bytes {JMP QWORD [RIP+0x718f001e]}
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamW + 131                      0000000076b1c6c1 7 bytes JMP 000000011003abc0
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\USER32.dll!SendInput                                              0000000076b2ff4a 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\USER32.dll!SendInput + 4                                          0000000076b2ff4e 2 bytes [92, 71]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\USER32.dll!MessageBoxIndirectA + 199                              0000000076b5fc98 7 bytes JMP 000000011003af50
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\USER32.dll!MessageBoxIndirectW + 52                              0000000076b5fcd1 7 bytes JMP 000000011003adf0
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\USER32.dll!MessageBoxExA + 31                                    0000000076b5fcf5 7 bytes JMP 000000011003af00
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\USER32.dll!mouse_event                                            0000000076b6027b 6 bytes {JMP QWORD [RIP+0x7198001e]}
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\USER32.dll!keybd_event                                            0000000076b602bf 6 bytes {JMP QWORD [RIP+0x7195001e]}
.text  C:\Program Files (x86)\Sony Corporation\Image Transfer\SonyTray.exe[8700] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW                        0000000076413b93 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Sony Corporation\Image Transfer\SonyTray.exe[8700] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                    0000000076413b97 2 bytes [7A, 71]
.text  C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[9012] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                    000007fefd3fa6f5 3 bytes CALL 0
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess                  000000007744fc1c 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 4              000000007744fc20 2 bytes [89, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile          000000007744fc34 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4      000000007744fc38 2 bytes [80, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                    000000007744fd60 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                000000007744fd64 2 bytes [83, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                  00000000774500b0 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4              00000000774500b4 2 bytes [86, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                  00000000774501c0 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey + 4              00000000774501c4 2 bytes [8F, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey              0000000077450a40 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4          0000000077450a44 2 bytes [8C, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread            000000007745191c 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread + 4        0000000077451920 2 bytes [7D, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\syswow64\KERNEL32.dll!CreateProcessInternalW      0000000076413b93 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\syswow64\KERNEL32.dll!CreateProcessInternalW + 4  0000000076413b97 2 bytes [7A, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493      0000000075ea2c9e 4 bytes CALL 71af0000
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\syswow64\USER32.dll!SendMessageW                  0000000076b09679 6 bytes {JMP QWORD [RIP+0x719e001e]}
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\syswow64\USER32.dll!PostMessageW                  0000000076b112a5 6 bytes JMP 7199000a
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\syswow64\USER32.dll!PostMessageA                  0000000076b13baa 6 bytes {JMP QWORD [RIP+0x719b001e]}
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\syswow64\USER32.dll!SendMessageA                  0000000076b1612e 6 bytes JMP 71a2000a
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\syswow64\USER32.dll!SendInput                    0000000076b2ff4a 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\syswow64\USER32.dll!SendInput + 4                0000000076b2ff4e 2 bytes [A4, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\syswow64\USER32.dll!mouse_event                  0000000076b6027b 6 bytes {JMP QWORD [RIP+0x71aa001e]}
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\syswow64\USER32.dll!keybd_event                  0000000076b602bf 6 bytes {JMP QWORD [RIP+0x71a7001e]}
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess                                          000000007744fc1c 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                      000000007744fc20 2 bytes [77, 71]
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile                                    000000007744fc34 3 bytes JMP 716f000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                000000007744fc38 2 bytes JMP 716f000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                              000000007744fd60 3 bytes JMP 7172000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                          000000007744fd64 2 bytes JMP 7172000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                            00000000774500b0 3 bytes JMP 7175000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                        00000000774500b4 2 bytes JMP 7175000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                                          00000000774501c0 3 bytes JMP 717e000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                      00000000774501c4 2 bytes JMP 717e000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                        0000000077450a40 3 bytes JMP 717b000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                    0000000077450a44 2 bytes JMP 717b000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread                                      000000007745191c 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                  0000000077451920 2 bytes [6B, 71]
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW                              0000000076413b93 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                          0000000076413b97 2 bytes [68, 71]
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\syswow64\WS2_32.dll!WSALookupServiceBeginW                                0000000075ee575a 6 bytes JMP 719c000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\syswow64\WS2_32.dll!connect                                                0000000075ee6bdd 6 bytes JMP 71a5000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\syswow64\WS2_32.dll!listen                                                0000000075eeb001 6 bytes {JMP QWORD [RIP+0x719e001e]}
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\syswow64\WS2_32.dll!WSAConnect                                            0000000075eecc3f 6 bytes {JMP QWORD [RIP+0x71a1001e]}
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess                                    000000007744fc1c 3 bytes JMP 716f000a
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                000000007744fc20 2 bytes JMP 716f000a
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile                              000000007744fc34 3 bytes JMP 7166000a
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                          000000007744fc38 2 bytes JMP 7166000a
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                        000000007744fd60 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                    000000007744fd64 2 bytes [68, 71]
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                      00000000774500b0 3 bytes JMP 716c000a
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                  00000000774500b4 2 bytes JMP 716c000a
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                                    00000000774501c0 3 bytes JMP 7175000a
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                00000000774501c4 2 bytes JMP 7175000a
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                  0000000077450a40 3 bytes JMP 7172000a
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                              0000000077450a44 2 bytes JMP 7172000a
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread                                000000007745191c 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                            0000000077451920 2 bytes [62, 71]
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW                        0000000076413b93 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                    0000000076413b97 2 bytes [5F, 71]
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\syswow64\WS2_32.dll!WSALookupServiceBeginW                          0000000075ee575a 6 bytes JMP 7193000a
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\syswow64\WS2_32.dll!connect                                          0000000075ee6bdd 6 bytes JMP 719c000a
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\syswow64\WS2_32.dll!listen                                          0000000075eeb001 6 bytes {JMP QWORD [RIP+0x7195001e]}
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\syswow64\WS2_32.dll!WSAConnect                                      0000000075eecc3f 6 bytes {JMP QWORD [RIP+0x7198001e]}
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess                                        000000007744fc1c 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                    000000007744fc20 2 bytes [89, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile                                000000007744fc34 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                            000000007744fc38 2 bytes [80, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                          000000007744fd60 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                      000000007744fd64 2 bytes [83, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                        00000000774500b0 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                    00000000774500b4 2 bytes [86, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                                        00000000774501c0 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                    00000000774501c4 2 bytes [8F, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                    0000000077450a40 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                0000000077450a44 2 bytes [8C, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread                                  000000007745191c 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                              0000000077451920 2 bytes [7D, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\syswow64\KERNEL32.dll!CreateProcessInternalW                            0000000076413b93 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\syswow64\KERNEL32.dll!CreateProcessInternalW + 4                        0000000076413b97 2 bytes [7A, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                            0000000075ea2c9e 4 bytes {CALL QWORD [RIP+0x71af000a]}
.text  C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7176] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                              000000007729de30 6 bytes {JMP QWORD [RIP+0x8ea2200]}
.text  C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7176] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                        000000007729de40 6 bytes {JMP QWORD [RIP+0x8f021f0]}
.text  C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7176] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile                                                  000000007729df00 6 bytes {JMP QWORD [RIP+0x8ee2130]}
.text  C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7176] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                000000007729e120 6 bytes {JMP QWORD [RIP+0x8ec1f10]}
.text  C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7176] C:\windows\SYSTEM32\ntdll.dll!NtSetValueKey                                              000000007729e1d0 6 bytes {JMP QWORD [RIP+0x8e61e60]}
.text  C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7176] C:\windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                            000000007729e760 6 bytes {JMP QWORD [RIP+0x8e818d0]}
.text  C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7176] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                          000000007729f100 6 bytes {JMP QWORD [RIP+0x8f20f30]}
.text  C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7176] C:\windows\system32\kernel32.dll!CreateProcessInternalW                                  000000007714dbc0 6 bytes {JMP QWORD [RIP+0x9092470]}
.text  C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7176] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                  000007fefd3fa6f5 3 bytes [15, 59, 49]
.text  C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7176] C:\windows\system32\WS2_32.dll!WSALookupServiceBeginW                                    000007fefe063030 6 bytes {JMP QWORD [RIP+0x158d000]}
.text  C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7176] C:\windows\system32\WS2_32.dll!connect + 1                                                000007fefe0645c1 5 bytes {JMP QWORD [RIP+0x152ba70]}
.text  C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7176] C:\windows\system32\WS2_32.dll!listen                                                    000007fefe068290 6 bytes {JMP QWORD [RIP+0x1567da0]}
.text  C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7176] C:\windows\system32\WS2_32.dll!WSAConnect                                                000007fefe08e0f0 6 bytes {JMP QWORD [RIP+0x1521f40]}
.text  C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7176] C:\windows\system32\RASAPI32.dll!RasDialW + 1                                            000007fefa8a96f5 5 bytes {JMP QWORD [RIP+0x7693c]}
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess                                              000000007744fc1c 3 bytes JMP 7178000a
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                          000000007744fc20 2 bytes JMP 7178000a
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile                                      000000007744fc34 3 bytes JMP 716f000a
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                  000000007744fc38 2 bytes JMP 716f000a
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                                000000007744fd60 3 bytes JMP 7172000a
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                            000000007744fd64 2 bytes JMP 7172000a
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                              00000000774500b0 3 bytes JMP 7175000a
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                          00000000774500b4 2 bytes JMP 7175000a
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                                              00000000774501c0 3 bytes JMP 717e000a
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                          00000000774501c4 2 bytes JMP 717e000a
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                          0000000077450a40 3 bytes JMP 717b000a
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                      0000000077450a44 2 bytes JMP 717b000a
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread                                        000000007745191c 3 bytes JMP 716c000a
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                    0000000077451920 2 bytes JMP 716c000a
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW                                  0000000076413b93 3 bytes JMP 7169000a
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                              0000000076413b97 2 bytes JMP 7169000a
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                  0000000075ea2c9e 4 bytes CALL 71af0000
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\USER32.dll!SendMessageW                                              0000000076b09679 6 bytes JMP 718d000a
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\USER32.dll!PostMessageW                                              0000000076b112a5 6 bytes JMP 7187000a
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\USER32.dll!PostMessageA                                              0000000076b13baa 6 bytes JMP 718a000a
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\USER32.dll!SendMessageA                                              0000000076b1612e 6 bytes JMP 7190000a
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\USER32.dll!SendInput                                                0000000076b2ff4a 3 bytes JMP 7193000a
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\USER32.dll!SendInput + 4                                            0000000076b2ff4e 2 bytes JMP 7193000a
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\USER32.dll!mouse_event                                              0000000076b6027b 6 bytes JMP 7199000a
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\USER32.dll!keybd_event                                              0000000076b602bf 6 bytes JMP 7196000a
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\ADVAPI32.dll!CreateServiceW                                          0000000076a170c4 6 bytes JMP 7181000a
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\ADVAPI32.dll!CreateServiceA                                          0000000076a33264 6 bytes JMP 7184000a
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\WS2_32.dll!WSALookupServiceBeginW                                    0000000075ee575a 6 bytes JMP 719c000a
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\WS2_32.dll!connect                                                  0000000075ee6bdd 6 bytes JMP 71a5000a
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\WS2_32.dll!listen                                                    0000000075eeb001 6 bytes JMP 719f000a
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\WS2_32.dll!WSAConnect                                                0000000075eecc3f 6 bytes JMP 71a2000a
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                  0000000075211401 2 bytes JMP 7642b1ef C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                    0000000075211419 2 bytes JMP 7642b31a C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                  0000000075211431 2 bytes JMP 764a8f09 C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                  000000007521144a 2 bytes CALL 76404885 C:\windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                      * 9
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                    00000000752114dd 2 bytes JMP 764a8802 C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                              00000000752114f5 2 bytes JMP 764a89d8 C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                    000000007521150d 2 bytes JMP 764a86f8 C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                              0000000075211525 2 bytes JMP 764a8ac2 C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                    000000007521153d 2 bytes JMP 7641fc78 C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                        0000000075211555 2 bytes JMP 764268bf C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                  000000007521156d 2 bytes JMP 764a8fc1 C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                    0000000075211585 2 bytes JMP 764a8b22 C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                      000000007521159d 2 bytes JMP 764a86bc C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                    00000000752115b5 2 bytes JMP 7641fd11 C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                  00000000752115cd 2 bytes JMP 7642b2b0 C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                              00000000752116b2 2 bytes JMP 764a8e84 C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                              00000000752116bd 2 bytes JMP 764a8651 C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess                        000000007744fc1c 3 bytes JMP 718a000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                    000000007744fc20 2 bytes JMP 718a000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile                  000000007744fc34 3 bytes JMP 7181000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4              000000007744fc38 2 bytes JMP 7181000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                            000000007744fd60 3 bytes JMP 7184000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                        000000007744fd64 2 bytes JMP 7184000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                          00000000774500b0 3 bytes JMP 7187000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                      00000000774500b4 2 bytes JMP 7187000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                        00000000774501c0 3 bytes JMP 7190000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                    00000000774501c4 2 bytes JMP 7190000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey                      0000000077450a40 3 bytes JMP 718d000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                  0000000077450a44 2 bytes JMP 718d000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread                    000000007745191c 3 bytes JMP 717e000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                0000000077451920 2 bytes JMP 717e000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW            0000000076413b93 3 bytes JMP 717b000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4        0000000076413b97 2 bytes JMP 717b000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493            0000000075ea2c9e 4 bytes CALL 71af0000
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\syswow64\USER32.dll!SendMessageW                        0000000076b09679 6 bytes JMP 719f000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\syswow64\USER32.dll!PostMessageW                        0000000076b112a5 6 bytes JMP 7199000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\syswow64\USER32.dll!PostMessageA                        0000000076b13baa 6 bytes JMP 719c000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\syswow64\USER32.dll!SendMessageA                        0000000076b1612e 6 bytes JMP 71a2000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\syswow64\USER32.dll!SendInput                            0000000076b2ff4a 3 bytes JMP 71a5000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\syswow64\USER32.dll!SendInput + 4                        0000000076b2ff4e 2 bytes JMP 71a5000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\syswow64\USER32.dll!mouse_event                          0000000076b6027b 6 bytes JMP 71ab000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\syswow64\USER32.dll!keybd_event                          0000000076b602bf 6 bytes JMP 71a8000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\syswow64\ADVAPI32.dll!CreateServiceW                    0000000076a170c4 6 bytes JMP 7193000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\syswow64\ADVAPI32.dll!CreateServiceA                    0000000076a33264 6 bytes JMP 7196000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                  000000007744fc1c 3 bytes JMP 718a000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                                              000000007744fc20 2 bytes JMP 718a000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile                                                            000000007744fc34 3 bytes JMP 7181000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                                        000000007744fc38 2 bytes JMP 7181000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                                                      000000007744fd60 3 bytes JMP 7184000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                                  000000007744fd64 2 bytes JMP 7184000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                                                    00000000774500b0 3 bytes JMP 7187000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                                00000000774500b4 2 bytes JMP 7187000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                  00000000774501c0 3 bytes JMP 7190000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                                              00000000774501c4 2 bytes JMP 7190000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                                                0000000077450a40 3 bytes JMP 718d000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                                            0000000077450a44 2 bytes JMP 718d000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread                                                              000000007745191c 3 bytes JMP 717e000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                                          0000000077451920 2 bytes JMP 717e000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW                                                      0000000076413b93 3 bytes JMP 717b000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                                                  0000000076413b97 2 bytes JMP 717b000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                      0000000075ea2c9e 4 bytes CALL 71af0000
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\syswow64\USER32.dll!SendMessageW                                                                  0000000076b09679 6 bytes JMP 719f000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\syswow64\USER32.dll!PostMessageW                                                                  0000000076b112a5 6 bytes JMP 7199000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\syswow64\USER32.dll!PostMessageA                                                                  0000000076b13baa 6 bytes JMP 719c000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\syswow64\USER32.dll!SendMessageA                                                                  0000000076b1612e 6 bytes JMP 71a2000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\syswow64\USER32.dll!SendInput                                                                      0000000076b2ff4a 3 bytes JMP 71a5000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\syswow64\USER32.dll!SendInput + 4                                                                  0000000076b2ff4e 2 bytes JMP 71a5000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\syswow64\USER32.dll!mouse_event                                                                    0000000076b6027b 6 bytes JMP 71ab000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\syswow64\USER32.dll!keybd_event                                                                    0000000076b602bf 6 bytes JMP 71a8000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\syswow64\ADVAPI32.dll!CreateServiceW                                                              0000000076a170c4 6 bytes JMP 7193000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\syswow64\ADVAPI32.dll!CreateServiceA                                                              0000000076a33264 6 bytes JMP 7196000a

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f395d12e69                                                                             
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f395d12e69@001891615130                                                                  0x4E 0xF5 0x71 0xF9 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f395d12e69@001a45be5960                                                                  0xA1 0xA9 0x4D 0x66 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f395d12e69@0016b8f80bac                                                                  0xC0 0x21 0xB3 0x59 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f395d12e69 (not active ControlSet)                                                         
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f395d12e69@001891615130                                                                      0x4E 0xF5 0x71 0xF9 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f395d12e69@001a45be5960                                                                      0xA1 0xA9 0x4D 0x66 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f395d12e69@0016b8f80bac                                                                      0xC0 0x21 0xB3 0x59 ...

---- EOF - GMER 2.1 ----

M-K-D-B 18.04.2015 20:53
Servus,


wir beginnen mit ComboFix:


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

NoMW! 18.04.2015 23:02
Hallo Matthias,

McAffee schickt ComboFix.exe sofort in Quarantäne, weil er den Trojaner Artemis!D84537E13089 erkannt haben will. Ist dieser Link hxxp://download.bleepingcomputer.com/sUBs/ComboFix.exe der Richtige.
Muss ich den Virenscanner vorher deaktivieren?

Viele Grüße

M-K-D-B 19.04.2015 11:42
Zitat:
Zitat von NoMW! (Beitrag 1456959)
McAffee schickt ComboFix.exe sofort in Quarantäne, weil er den Trojaner Artemis!D84537E13089 erkannt haben will. Ist dieser Link hxxp://download.bleepingcomputer.com/sUBs/ComboFix.exe der Richtige.
Muss ich den Virenscanner vorher deaktivieren?
Ja, bitte den Virenscanner vorher deaktivieren.
Das ist nämlich ein Fehlalarm von McAfee.

NoMW! 19.04.2015 12:56
Hallo Matthias,

ich finde es großartig, dass du dich auch am Sonntag mit meinem Problem befasst.

Das Programm hat moniert, dass Spybot noch aktiv war. Da ich nicht herausfand, wie er zu deaktivieren ist, habe ich ihn deinstalliert. Jedoch keinen Restart durchgeführt.


Code:
ComboFix 15-04-16.01 - kami 19.04.2015  13:15:45.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.5935.2117 [GMT 2:00]
ausgeführt von:: c:\users\kami\Desktop\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\0.bak
c:\programdata\1&1
c:\programdata\1&1\1&1 Office-Drive Manager\ULMSettings.xml
C:\Thumbs.db
c:\users\kami\AppData\Local\assembly\tmp
c:\users\kami\AppData\Roaming\1&1
c:\users\kami\AppData\Roaming\1&1\1&1 Office-Drive Manager\ULMSettings.xml
c:\users\kami\AppData\Roaming\Microsoft\Windows\Recent\Rechnung_Hornbach_7201808198_140213_red.pdf
c:\windows\IsUn0407.exe
c:\windows\ST6UNST.000
c:\windows\wininit.ini
G:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-03-19 bis 2015-04-19  ))))))))))))))))))))))))))))))
.
.
2015-04-19 11:30 . 2015-04-19 11:30        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-04-18 15:09 . 2015-04-18 16:05        --------        d-----w-        C:\FRST
2015-04-16 07:47 . 2015-04-16 07:47        --------        d-----w-        c:\program files (x86)\Sonos
2015-04-16 07:33 . 2015-03-23 03:24        227328        ----a-w-        c:\windows\system32\aepdu.dll
2015-04-16 07:32 . 2015-03-17 05:22        5557696        ----a-w-        c:\windows\system32\ntoskrnl.exe
2015-04-16 07:31 . 2015-04-18 08:46        --------        d-----w-        c:\programdata\Sonos,_Inc
2015-04-16 07:30 . 2015-03-10 03:25        1882624        ----a-w-        c:\windows\system32\msxml3.dll
2015-04-16 07:30 . 2015-03-10 03:08        1237504        ----a-w-        c:\windows\SysWow64\msxml3.dll
2015-04-16 07:30 . 2015-03-10 03:21        2048        ----a-w-        c:\windows\system32\msxml3r.dll
2015-04-16 07:30 . 2015-03-10 03:05        2048        ----a-w-        c:\windows\SysWow64\msxml3r.dll
2015-04-16 07:29 . 2015-02-25 03:18        754688        ----a-w-        c:\windows\system32\drivers\http.sys
2015-04-16 07:19 . 2015-04-16 07:19        --------        d-----w-        c:\program files (x86)\Common Files\Java
2015-04-14 10:15 . 2015-04-14 10:15        --------        d-----w-        c:\users\kami\AppData\Roaming\com.wd.WDMyCloud
2015-04-14 10:03 . 2015-04-14 10:03        --------        d-----w-        c:\users\kami\AppData\Roaming\WDC
2015-04-14 10:02 . 2015-04-16 07:17        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-04-13 20:52 . 2015-04-13 20:52        --------        d-----w-        c:\programdata\launcher
2015-04-13 20:21 . 2015-04-13 20:21        --------        d-----w-        c:\programdata\rmbwizard
2015-04-13 16:29 . 2015-04-13 17:32        --------        d-----w-        c:\users\kami\AppData\Local\Western_Digital_Technolog
2015-04-13 16:20 . 2015-04-13 16:20        --------        d-----w-        c:\program files\Western Digital
2015-04-13 16:20 . 2015-04-13 16:20        --------        d-----w-        c:\program files\Common Files\Western Digital
2015-04-13 16:13 . 2015-04-14 10:15        --------        d-----w-        c:\program files (x86)\Western Digital
2015-04-13 16:13 . 2015-04-13 16:13        --------        d-----w-        c:\program files (x86)\Common Files\Western Digital
2015-04-13 10:24 . 2015-04-13 14:12        --------        d-----w-        c:\program files (x86)\PDF24
2015-04-13 09:58 . 2015-04-13 09:58        --------        d-----w-        c:\program files (x86)\Glarysoft
2015-04-11 18:08 . 2015-04-11 18:08        --------        d-----w-        c:\program files\Bonjour Print Services
2015-04-11 18:02 . 2015-04-13 16:20        --------        d-----w-        c:\programdata\Western Digital
2015-04-11 17:33 . 2015-04-13 16:29        --------        d-----w-        c:\users\kami\AppData\Local\Western Digital
2015-04-10 09:35 . 2015-04-10 09:35        --------        d-----w-        c:\users\kami\Neuer Ordner
2015-04-09 23:59 . 2015-04-09 23:59        --------        d-----w-        c:\program files\Paragon Software
2015-04-09 23:54 . 2015-04-09 23:54        --------        d-----w-        c:\programdata\explauncher
2015-04-09 19:03 . 2015-04-09 19:03        --------        d-----w-        c:\programdata\Emsisoft
2015-04-09 00:29 . 2015-04-09 00:29        --------        d-----w-        c:\program files (x86)\Avira
2015-04-08 23:55 . 2015-04-16 07:17        778416        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-08 23:55 . 2015-04-16 07:17        142512        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-08 23:22 . 2015-04-19 08:01        --------        d-----w-        c:\program files (x86)\Emsisoft Anti-Malware
2015-04-08 23:13 . 2015-04-09 07:12        --------        d-----w-        c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-04-08 23:08 . 2015-04-08 23:44        --------        d-----w-        c:\users\kami\Entmister-SW
2015-04-08 17:32 . 2015-04-08 17:32        --------        d-----w-        c:\programdata\Sony
2015-04-08 13:16 . 2015-04-08 13:16        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service
2015-04-08 07:38 . 2015-04-08 07:38        --------        d-----w-        c:\users\kami\VirtualBox VMs
2015-04-08 07:27 . 2015-04-13 14:03        --------        d-----w-        c:\users\kami\.VirtualBox
2015-04-08 07:25 . 2015-03-16 15:36        922704        ----a-w-        c:\windows\system32\drivers\VBoxDrv.sys
2015-04-08 07:24 . 2015-03-16 15:35        128592        ----a-w-        c:\windows\system32\drivers\VBoxUSBMon.sys
2015-04-08 07:24 . 2015-04-08 07:24        --------        d-----w-        c:\program files\Oracle
2015-04-08 00:22 . 2015-04-08 00:22        --------        d-----w-        c:\users\kami\AppData\Local\BVRP Software
2015-04-07 19:15 . 2015-04-19 11:12        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2015-04-07 19:15 . 2015-04-19 11:12        --------        d-----w-        c:\program files (x86)\Spybot - Search & Destroy 2
2015-04-07 19:09 . 2015-04-07 19:14        --------        d-----w-        c:\program files\CCleaner
2015-04-07 18:20 . 2015-04-07 18:41        --------        d-----w-        c:\programdata\HitmanPro
2015-04-06 11:21 . 2015-04-07 09:36        --------        d-----w-        c:\windows\system32\log
2015-04-04 10:49 . 2015-04-04 10:49        --------        d-s---w-        c:\windows\SysWow64\GWX
2015-04-04 10:49 . 2015-04-04 10:49        --------        d-s---w-        c:\windows\system32\GWX
2015-04-03 01:31 . 2015-04-03 01:31        --------        d-----w-        c:\users\kami\AppData\Roaming\LavasoftStatistics
2015-04-03 01:31 . 2015-03-12 09:59        373864        ----a-w-        c:\windows\system32\LavasoftTcpService64.dll
2015-04-03 01:31 . 2015-03-12 09:58        326288        ----a-w-        c:\windows\SysWow64\LavasoftTcpService.dll
2015-04-02 20:13 . 2015-04-19 09:28        136408        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-02 20:12 . 2015-04-02 20:12        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2015-04-02 20:12 . 2015-04-02 20:12        --------        d-----w-        c:\programdata\Malwarebytes
2015-04-02 20:12 . 2015-03-17 04:15        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2015-04-02 20:12 . 2015-03-17 04:15        107736        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2015-04-02 20:12 . 2015-03-17 04:15        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-18 15:19 . 2013-08-20 20:07        893552        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2015-04-18 15:19 . 2013-08-20 20:07        42168        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2015-04-18 15:19 . 2013-08-06 16:23        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2015-04-16 07:34 . 2010-12-05 16:07        128913832        ----a-w-        c:\windows\system32\MRT.exe
2015-04-13 14:37 . 2013-08-06 16:23        893552        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-04-13 14:37 . 2013-08-06 16:23        42168        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-04-12 10:53 . 2013-08-20 20:07        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2015-03-17 04:56 . 2015-04-16 07:32        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2015-03-16 15:35 . 2015-03-16 15:35        204264        ----a-w-        c:\windows\system32\VBoxNetFltNobj.dll
2015-03-16 15:35 . 2015-03-16 15:35        156360        ----a-w-        c:\windows\system32\drivers\VBoxNetFlt.sys
2015-03-16 15:35 . 2015-03-16 15:35        141440        ----a-w-        c:\windows\system32\drivers\VBoxNetAdp.sys
2015-02-26 03:25 . 2015-03-11 08:57        3204096        ----a-w-        c:\windows\system32\win32k.sys
2015-02-20 04:41 . 2015-03-11 08:59        41984        ----a-w-        c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-11 08:59        100864        ----a-w-        c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-11 08:59        14336        ----a-w-        c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-11 08:59        46080        ----a-w-        c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-11 08:59        70656        ----a-w-        c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-11 08:59        10240        ----a-w-        c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-11 08:59        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-11 08:59        25600        ----a-w-        c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-11 08:59        372224        ----a-w-        c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-11 08:59        299008        ----a-w-        c:\windows\SysWow64\atmfd.dll
2015-02-17 15:04 . 2015-02-17 15:04        1202848        ----a-w-        c:\windows\SysWow64\FM20.DLL
2015-02-13 05:22 . 2015-03-11 08:57        14177280        ----a-w-        c:\windows\system32\shell32.dll
2015-02-04 10:23 . 2015-02-04 10:23        875688        ----a-w-        c:\windows\SysWow64\msvcr120_clr0400.dll
2015-02-04 10:13 . 2015-02-04 10:13        869536        ----a-w-        c:\windows\system32\msvcr120_clr0400.dll
2015-02-04 03:16 . 2015-03-11 08:55        465920        ----a-w-        c:\windows\system32\WMPhoto.dll
2015-02-04 02:54 . 2015-03-11 08:55        417792        ----a-w-        c:\windows\SysWow64\WMPhoto.dll
2015-02-03 03:34 . 2015-03-11 08:58        693176        ----a-w-        c:\windows\system32\winload.efi
2015-02-03 03:34 . 2015-03-11 08:58        94656        ----a-w-        c:\windows\system32\drivers\mountmgr.sys
2015-02-03 03:33 . 2015-03-11 08:58        616360        ----a-w-        c:\windows\system32\winresume.efi
2015-02-03 03:31 . 2015-03-11 08:59        14632960        ----a-w-        c:\windows\system32\wmp.dll
2015-02-03 03:31 . 2015-03-11 08:59        782848        ----a-w-        c:\windows\system32\wmdrmsdk.dll
2015-02-03 03:31 . 2015-03-11 08:58        229376        ----a-w-        c:\windows\system32\wintrust.dll
2015-02-03 03:31 . 2015-03-11 08:57        1424896        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2015-02-03 03:31 . 2015-03-11 08:57        215552        ----a-w-        c:\windows\system32\ubpm.dll
2015-02-03 03:31 . 2015-03-11 08:58        5120        ----a-w-        c:\windows\system32\msdxm.ocx
2015-02-03 03:31 . 2015-03-11 08:58        5120        ----a-w-        c:\windows\system32\dxmasf.dll
2015-02-03 03:31 . 2015-03-11 08:58        63488        ----a-w-        c:\windows\system32\setbcdlocale.dll
2015-02-03 03:31 . 2015-03-11 08:59        1574400        ----a-w-        c:\windows\system32\quartz.dll
2015-02-03 03:31 . 2015-03-11 08:58        500224        ----a-w-        c:\windows\system32\AUDIOKSE.dll
2015-02-03 03:31 . 2015-03-11 08:58        371712        ----a-w-        c:\windows\system32\qdvd.dll
2015-02-03 03:31 . 2015-03-11 08:58        188416        ----a-w-        c:\windows\system32\pcasvc.dll
2015-02-03 03:31 . 2015-03-11 08:58        37376        ----a-w-        c:\windows\system32\pcadm.dll
2015-02-03 03:31 . 2015-03-11 08:58        9728        ----a-w-        c:\windows\system32\spwmp.dll
2015-02-03 03:31 . 2015-03-11 08:58        641024        ----a-w-        c:\windows\system32\msscp.dll
2015-02-03 03:31 . 2015-03-11 08:58        325632        ----a-w-        c:\windows\system32\msnetobj.dll
2015-02-03 03:31 . 2015-03-11 08:58        11264        ----a-w-        c:\windows\system32\msmmsp.dll
2015-02-03 03:31 . 2015-03-11 08:58        432128        ----a-w-        c:\windows\system32\mfplat.dll
2015-02-03 03:31 . 2015-03-11 08:58        4121600        ----a-w-        c:\windows\system32\mf.dll
2015-02-03 03:31 . 2015-03-11 08:58        206848        ----a-w-        c:\windows\system32\mfps.dll
2015-02-03 03:30 . 2015-03-11 08:59        631808        ----a-w-        c:\windows\system32\evr.dll
2015-02-03 03:30 . 2015-03-11 08:58        284672        ----a-w-        c:\windows\system32\EncDump.dll
2015-02-03 03:30 . 2015-03-11 08:59        1202176        ----a-w-        c:\windows\system32\drmv2clt.dll
2015-02-03 03:30 . 2015-03-11 08:59        497664        ----a-w-        c:\windows\system32\drmmgrtn.dll
2015-02-03 03:30 . 2015-03-11 08:59        1480192        ----a-w-        c:\windows\system32\crypt32.dll
2015-02-03 03:30 . 2015-03-11 08:58        1069056        ----a-w-        c:\windows\system32\cryptui.dll
2015-02-03 03:30 . 2015-03-11 08:58        82432        ----a-w-        c:\windows\system32\cryptsp.dll
2015-02-03 03:30 . 2015-03-11 08:58        140288        ----a-w-        c:\windows\system32\cryptnet.dll
2015-02-03 03:30 . 2015-03-11 08:58        187904        ----a-w-        c:\windows\system32\cryptsvc.dll
2015-02-03 03:30 . 2015-03-11 08:59        842240        ----a-w-        c:\windows\system32\blackbox.dll
2015-02-03 03:30 . 2015-03-11 08:58        680960        ----a-w-        c:\windows\system32\audiosrv.dll
2015-02-03 03:30 . 2015-03-11 08:58        296448        ----a-w-        c:\windows\system32\AudioSes.dll
2015-02-03 03:30 . 2015-03-11 08:58        440832        ----a-w-        c:\windows\system32\AudioEng.dll
2015-02-03 03:30 . 2015-03-11 08:58        32256        ----a-w-        c:\windows\system32\appidsvc.dll
2015-02-03 03:30 . 2015-03-11 08:58        58880        ----a-w-        c:\windows\system32\appidapi.dll
2015-02-03 03:30 . 2015-03-11 08:58        55808        ----a-w-        c:\windows\system32\rrinstaller.exe
2015-02-03 03:30 . 2015-03-11 08:58        9728        ----a-w-        c:\windows\system32\pcalua.exe
2015-02-03 03:30 . 2015-03-11 08:58        11264        ----a-w-        c:\windows\system32\pcawrk.exe
2015-02-03 03:30 . 2015-03-11 08:58        24576        ----a-w-        c:\windows\system32\mfpmp.exe
2015-02-03 03:30 . 2015-03-11 08:58        126464        ----a-w-        c:\windows\system32\audiodg.exe
2015-02-03 03:30 . 2015-03-11 08:58        146944        ----a-w-        c:\windows\system32\appidpolicyconverter.exe
2015-02-03 03:30 . 2015-03-11 08:58        17920        ----a-w-        c:\windows\system32\appidcertstorecheck.exe
2015-02-03 03:30 . 2015-03-11 08:58        12625920        ----a-w-        c:\windows\system32\wmploc.DLL
2015-02-03 03:29 . 2015-03-11 08:58        8704        ----a-w-        c:\windows\system32\pcaevts.dll
2015-02-03 03:28 . 2015-03-11 08:58        2048        ----a-w-        c:\windows\system32\mferror.dll
2015-02-03 03:19 . 2015-03-11 08:59        663552        ----a-w-        c:\windows\system32\drivers\PEAuth.sys
2015-02-03 03:12 . 2015-03-11 08:59        617984        ----a-w-        c:\windows\SysWow64\wmdrmsdk.dll
2015-02-03 03:12 . 2015-03-11 08:58        179200        ----a-w-        c:\windows\SysWow64\wintrust.dll
2015-02-03 03:12 . 2015-03-11 08:57        1230848        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2015-02-03 03:12 . 2015-03-11 08:57        171520        ----a-w-        c:\windows\SysWow64\ubpm.dll
2015-02-03 03:12 . 2015-03-11 08:58        4096        ----a-w-        c:\windows\SysWow64\msdxm.ocx
2015-02-03 03:12 . 2015-03-11 08:58        4096        ----a-w-        c:\windows\SysWow64\dxmasf.dll
2015-02-03 03:12 . 2015-03-11 08:58        1329664        ----a-w-        c:\windows\SysWow64\quartz.dll
2015-02-03 03:12 . 2015-03-11 08:58        519680        ----a-w-        c:\windows\SysWow64\qdvd.dll
2015-02-03 03:12 . 2015-03-11 08:58        442880        ----a-w-        c:\windows\SysWow64\AUDIOKSE.dll
2015-02-03 03:12 . 2015-03-11 08:58        8192        ----a-w-        c:\windows\SysWow64\spwmp.dll
2015-02-03 03:12 . 2015-03-11 08:58        504320        ----a-w-        c:\windows\SysWow64\msscp.dll
2015-02-03 03:12 . 2015-03-11 08:58        265216        ----a-w-        c:\windows\SysWow64\msnetobj.dll
2015-02-03 03:12 . 2015-03-11 08:59        3209728        ----a-w-        c:\windows\SysWow64\mf.dll
2015-02-03 03:12 . 2015-03-11 08:58        354816        ----a-w-        c:\windows\SysWow64\mfplat.dll
2015-02-03 03:12 . 2015-03-11 08:58        103424        ----a-w-        c:\windows\SysWow64\mfps.dll
2015-02-03 03:12 . 2015-03-11 08:58        489984        ----a-w-        c:\windows\SysWow64\evr.dll
2015-02-03 03:12 . 2015-03-11 08:59        988160        ----a-w-        c:\windows\SysWow64\drmv2clt.dll
2015-02-03 03:12 . 2015-03-11 08:59        406016        ----a-w-        c:\windows\SysWow64\drmmgrtn.dll
2015-02-03 03:12 . 2015-03-11 08:59        1174528        ----a-w-        c:\windows\SysWow64\crypt32.dll
2015-02-03 03:12 . 2015-03-11 08:58        1005056        ----a-w-        c:\windows\SysWow64\cryptui.dll
2015-02-03 03:12 . 2015-03-11 08:58        81408        ----a-w-        c:\windows\SysWow64\cryptsp.dll
2015-02-03 03:12 . 2015-03-11 08:58        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll
2015-02-03 03:12 . 2015-03-11 08:58        143872        ----a-w-        c:\windows\SysWow64\cryptsvc.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}]
@="{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}"
[HKEY_CLASSES_ROOT\CLSID\{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}]
2012-09-24 15:47        868352        ----a-w-        c:\program files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"1&1_1&1 Office-Drive Manager"="c:\program files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE" [2012-09-24 993392]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-03-13 7451928]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2014-11-27 466144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Connection Manager.exe"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe" [2010-03-13 1119048]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2014-11-28 193568]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2015-02-12 5564784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{90120000-0030-0000-0000-0000000FF1CE}"="del" [X]
"{90120000-0017-0000-0000-0000000FF1CE}"="del" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hardcopy.LNK - c:\program files (x86)\Hardcopy\hardcopy.exe [2011-2-4 1726976]
Image Transfer.lnk - c:\program files (x86)\Sony Corporation\Image Transfer\SonyTray.exe [2011-3-29 73728]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
Quicken Jubiläumsversion Zahlungserinnerung.lnk - c:\windows\Installer\{A907A713-DA24-4352-8786-96C7A6944646}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe [2012-7-11 40960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"LexwareInfoService"=c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R1 iSafeKrnlKit;YAC Kit Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [x]
R1 iSafeKrnlMon;YAC Monitor Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [x]
R1 iSafeKrnlR3;YAC Ring3 Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vtigercrmMysql530;vtigercrmMysql530;c:\program files (x86)\vtigercrm-5.3.0\mysql\bin\mysqld-nt --defaults-file=c:\program files (x86)\vtigercrm-5.3.0\mysql\my.ini vtigercrmMysql530;c:\program files (x86)\vtigercrm-5.3.0\mysql\bin\mysqld-nt --defaults-file=c:\program files (x86)\vtigercrm-5.3.0\mysql\my.ini vtigercrmMysql530 [x]
R2 XAMPP;XAMPP Service;c:\xampp\service.exe;c:\xampp\service.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys;c:\windows\SYSNATIVE\Drivers\lgandadb.sys [x]
R3 BioNTDrv;BioNTDrv;c:\program files\Paragon Software\Backup and Recovery 2014 Free\program\BioNTDrv.SYS;c:\program files\Paragon Software\Backup and Recovery 2014 Free\program\BioNTDrv.SYS [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 iSafeKrnlBoot;YAC Boot Driver;c:\windows\system32\DRIVERS\iSafeKrnlBoot.sys;c:\windows\SYSNATIVE\DRIVERS\iSafeKrnlBoot.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys;c:\windows\SYSNATIVE\DRIVERS\mfenlfk.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 PAC7311;VGA SoC PC-Camer@;c:\windows\system32\DRIVERS\PA707UCM.SYS;c:\windows\SYSNATIVE\DRIVERS\PA707UCM.SYS [x]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys;c:\windows\SYSNATIVE\DRIVERS\s0016bus.sys [x]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s0016mdfl.sys [x]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s0016mdm.sys [x]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s0016mgmt.sys [x]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s0016nd5.sys [x]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys;c:\windows\SYSNATIVE\DRIVERS\s0016obex.sys [x]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys;c:\windows\SYSNATIVE\DRIVERS\s0016unic.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\drivers\vpcuxd.sys;c:\windows\SYSNATIVE\drivers\vpcuxd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys;c:\windows\SYSNATIVE\drivers\BMLoad.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S1 ndasfat;NDAS FAT;c:\windows\system32\DRIVERS\ndasfat.sys;c:\windows\SYSNATIVE\DRIVERS\ndasfat.sys [x]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys;c:\windows\SYSNATIVE\DRIVERS\nm3.sys [x]
S1 RsvLock;RsvLock; [x]
S1 ui11drdr;ui11drdr;c:\windows\system32\DRIVERS\ui11drdr.sys;c:\windows\SYSNATIVE\DRIVERS\ui11drdr.sys [x]
S1 Uim_DEVIM;UIM Direct Device Image Plugin;c:\windows\system32\DRIVERS\uim_devim.sys;c:\windows\SYSNATIVE\DRIVERS\uim_devim.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe;c:\xampp\apache\bin\httpd.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HRService;Haufe iDesk-Service in c:\program files (x86)\Haufe\iDesk\iDeskService\Zope;c:\program files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe;c:\program files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\MCAFEE\MSC\MCAPEXE.EXE;c:\program files\MCAFEE\MSC\MCAPEXE.EXE [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe;c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SMManager;HP Connection Manager Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S2 VmbService;Vodafone-Mobile-Broadband-Dienst;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]
S2 vtigercrmApache530;vtigercrmApache530;c:\program files (x86)\vtigercrm-5.3.0\apache\bin\Apache.exe;c:\program files (x86)\vtigercrm-5.3.0\apache\bin\Apache.exe [x]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 qcfilterhp2k;HP un2420 Mobile Broadband Module USB Device Filter;c:\windows\system32\DRIVERS\qcfilterhp2k.sys;c:\windows\SYSNATIVE\DRIVERS\qcfilterhp2k.sys [x]
S3 qcombushp;Gobi 2000 USB Composite Device Driver(03F0-251D);c:\windows\system32\DRIVERS\qcombushp.sys;c:\windows\SYSNATIVE\DRIVERS\qcombushp.sys [x]
S3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D);c:\windows\system32\DRIVERS\qcusbnethp2k.sys;c:\windows\SYSNATIVE\DRIVERS\qcusbnethp2k.sys [x]
S3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D);c:\windows\system32\DRIVERS\qcusbserhp2k.sys;c:\windows\SYSNATIVE\DRIVERS\qcusbserhp2k.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_K3805-z_dc_enum.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2013-01-16 10:46        454176        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-04-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-08 07:17]
.
2015-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 09:46]
.
2015-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 09:46]
.
2015-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cfffdf66526ee7.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 09:46]
.
2015-04-18 c:\windows\Tasks\HPCeeScheduleForkami.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}]
@="{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}"
[HKEY_CLASSES_ROOT\CLSID\{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}]
2012-09-24 15:48        944128        ----a-w-        c:\program files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS64.DLL
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{c0e8ae32-0758-4c8d-ab71-23b361fe8964} - c:\users\kami\AppData\Local\Temp\ie_script.htm
IE: {{d8f67242-b229-4065-95fa-391b077ed6ca} - {d8f67242-b229-4065-95fa-391b077ed6ca} - mscoree.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{49B937D5-91CB-4C63-A626-90511A9E92EA}: NameServer = 192.168.178.1
TCP: Interfaces\{49B937D5-91CB-4C63-A626-90511A9E92EA}\44865696D6E4F6274613D234: NameServer = 192.168.178.1
TCP: Interfaces\{704C1AD4-1DA1-4F83-B0A1-F0CFB199FA80}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{8951B8BC-2E91-404E-88AE-F86E28012953}: NameServer = 192.168.178.1
Handler: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - c:\windows\System32\mscoree.dll
FF - ProfilePath - c:\users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\c625zout.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Wow6432Node-HKCU-Run-Web Companion - c:\program files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
Wow6432Node-HKU-Default-Run-GarminExpressTrayApp - c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{5CCF8330-F742-411A-8A04-719806D168B5} - msiexec
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-Onboard - c:\program files\Western Digital\WD SmartWare\BackupTask.exe
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
AddRemove-Trader Workstation - c:\windows\system32\javaws.exe
AddRemove-vtigercrm-5.3.0 - c:\vais gmbh\CRM\vtigercrm-5.3.0\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vtigercrmMysql530]
"ImagePath"="\"c:\program files (x86)\vtigercrm-5.3.0\mysql\bin\mysqld-nt\" \"--defaults-file=c:\program files (x86)\vtigercrm-5.3.0\mysql\my.ini\" vtigercrmMysql530"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
@="?"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\¸\XÈ^*]
@="?\\?^"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\¸“*]
@="??"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\(g*]
@="?g"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\Hsc*PKx*]
@="?c?x"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\¸uc*]
@="?c"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\¸uc*Â^*]
@="?c?^"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\ˆwd*ðUa*]
@="?d?a"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\(xc*]
@="?c"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\(xc*PKx*]
@="?c?x"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\Àxd**¼a*]
@="?d?a"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-04-19  13:35:55
ComboFix-quarantined-files.txt  2015-04-19 11:35
.
Vor Suchlauf: 45 Verzeichnis(se), 100.407.566.336 Bytes frei
Nach Suchlauf: 53 Verzeichnis(se), 100.163.768.320 Bytes frei
.
- - End Of File - - 5377157AA4FC1CF5FA41DFCC136BEDC8
A36C5E4F47E84449FF07ED3517B43A31

M-K-D-B 19.04.2015 13:19
Servus,


gut gemacht.


So geht es weiter:



Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von JRT,
  • die beiden neuen Logdateien von FRST.

NoMW! 19.04.2015 23:43
Hallo Matthias,

vielen Dank für die ausführliche Anleitung. Es ist alles gut durchgelaufen bis auf FRST.exe. Da blieb das Fenster wieder 2x mit der FM "Getting Office Sessions errors: 4131 stehen. Die txt-Dateien wurden aber erzeugt.

Ich wünsche dir einen guten Start in die neue Woche.

Gruß
Karl

Schritt 1:
Code:
# AdwCleaner v4.201 - Bericht erstellt 19/04/2015 um 22:27:06
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-19.4 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : kami - BETA
# Gestarted von : C:\Users\kami\Desktop\AdwCleaner_4.201.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : iSafeKrnlBoot
[#] Dienst Gelöscht : iSafeKrnlKit
[#] Dienst Gelöscht : iSafeKrnlMon
[#] Dienst Gelöscht : iSafeKrnlR3

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\kami\AppData\LocalLow\HPAppData
Ordner Gelöscht : C:\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\o0kjmvy6.default\Extensions\sparpilot@sparpilot.com
Datei Gelöscht : C:\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\o0kjmvy6.default\searchplugins\11-suche.xml

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Local AppWizard-Generated Applications
Schlüssel Gelöscht : HKLM\SOFTWARE\Elex-tech
Schlüssel Gelöscht : HKU\.DEFAULT\Software\Elex-tech

***** [ Internetbrowser ] *****

-\\ Internet Explorer v10.0.9200.17296


-\\ Mozilla Firefox v37.0.1 (x86 de)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [89123 Bytes] - [30/12/2013 15:56:07]
AdwCleaner[R1].txt - [10702 Bytes] - [27/08/2014 11:08:06]
AdwCleaner[R2].txt - [9275 Bytes] - [02/04/2015 19:00:51]
AdwCleaner[R3].txt - [9351 Bytes] - [02/04/2015 21:06:24]
AdwCleaner[R4].txt - [9407 Bytes] - [02/04/2015 21:15:07]
AdwCleaner[R5].txt - [1455 Bytes] - [02/04/2015 21:55:14]
AdwCleaner[R6].txt - [2944 Bytes] - [07/04/2015 11:32:15]
AdwCleaner[R7].txt - [2595 Bytes] - [19/04/2015 22:03:20]
AdwCleaner[S0].txt - [86279 Bytes] - [30/12/2013 15:59:16]
AdwCleaner[S1].txt - [10265 Bytes] - [27/08/2014 11:13:02]
AdwCleaner[S2].txt - [9313 Bytes] - [02/04/2015 21:39:15]
AdwCleaner[S3].txt - [2820 Bytes] - [07/04/2015 11:34:59]
AdwCleaner[S4].txt - [2282 Bytes] - [19/04/2015 22:27:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [2341  Bytes] ##########
Schritt 2:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 19.04.2015
Suchlauf-Zeit: 22:40:37
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.03.09.05
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Aktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: kami

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 595005
Verstrichene Zeit: 36 Min, 56 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
Schritt 3:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.8 (04.17.2015:1)
OS: Windows 7 Professional x64
Ran by kami on 19.04.2015 at 23:34:01,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3c77255-42c0-499f-b664-6e981a0b1647}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{c3c77255-42c0-499f-b664-6e981a0b1647}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{c3c77255-42c0-499f-b664-6e981a0b1647}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Users\kami\AppData\Roaming\getrighttogo
Successfully deleted: [Empty Folder] C:\Users\kami\appdata\local\{13061807-DBAA-4FC1-A714-07CBEF1EAB22}
Successfully deleted: [Empty Folder] C:\Users\kami\appdata\local\{1B4E616E-9EF9-4711-8D1C-7576B35C1412}
Successfully deleted: [Empty Folder] C:\Users\kami\appdata\local\{3A2E388D-7420-4BEA-BAAD-8FDC2A22511F}
Successfully deleted: [Empty Folder] C:\Users\kami\appdata\local\{405111D2-E336-4C6D-ABD7-9CABAA0BE822}
Successfully deleted: [Empty Folder] C:\Users\kami\appdata\local\{56EE0AB5-DB26-4410-9F71-C953B35C29B3}
Successfully deleted: [Empty Folder] C:\Users\kami\appdata\local\{8C5DC509-7EA5-4DC7-95E7-F3DB27346B9B}
Successfully deleted: [Empty Folder] C:\Users\kami\appdata\local\{D13E9120-FE5C-4831-B480-D193789502AD}





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.04.2015 at 23:37:18,52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Schritt 4_FRST.txt:

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-04-2015 01
Ran by kami (administrator) on BETA on 19-04-2015 23:56:34
Running from C:\Users\kami\Desktop
Loaded Profiles: kami (Available profiles: kami & RF & Vais & Hotel & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C-Dilla Ltd) C:\Windows\SysWOW64\drivers\CDAC11BA.EXE
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3196272 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [HP Connection Manager.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe [1119048 2010-03-13] (Smith Micro Software, Inc)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-10] ()
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [1&1_1&1 Office-Drive Manager] => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE [993392 2012-09-24] (1&1 Internet AG)
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] => C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90120000-0017-0000-0000-0000000FF1CE}] => C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Image Transfer.lnk
ShortcutTarget: Image Transfer.lnk -> C:\Program Files (x86)\Sony Corporation\Image Transfer\SonyTray.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Jubiläumsversion Zahlungserinnerung.lnk
ShortcutTarget: Quicken Jubiläumsversion Zahlungserinnerung.lnk -> C:\Windows\Installer\{A907A713-DA24-4352-8786-96C7A6944646}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation)
ShellIconOverlayIdentifiers: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS64.DLL (1&1 Internet AG)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS.DLL (1&1 Internet AG)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM-x32 - (No Name) - {32361cec-8645-4eea-a02e-406794b05835} - No File
SearchScopes: HKLM -> {72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2479338598-3314396831-1710804073-1003 -> {0BCB17D6-B352-4483-809A-DE0B5CD02F8F} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE0&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2479338598-3314396831-1710804073-1003 -> {72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D} URL =
SearchScopes: HKU\S-1-5-21-2479338598-3314396831-1710804073-1003 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.de/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2010-05-06] (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation)
Handler: haufereader - No CLSID Value
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{49B937D5-91CB-4C63-A626-90511A9E92EA}: [NameServer] 192.168.178.1
Tcpip\..\Interfaces\{704C1AD4-1DA1-4F83-B0A1-F0CFB199FA80}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{8951B8BC-2E91-404E-88AE-F86E28012953}: [NameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\c625zout.default
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2011-06-25] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2010-10-28] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2011-06-25] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-12-13] (Nullsoft, Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2010-12-10] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @virtools.com/3DviaPlayer -> C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll [2012-04-05] (Dassault Systèmes)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll [2010-11-01] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-10-22] (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-24]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-09-12]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-15]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon [2011-04-09]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-07-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-06-11]
FF HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\kami\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SiteAdvisor) - C:\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-08-27]
CHR Extension: (Google Wallet) - C:\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-05]
CHR HKLM-x32\...\Chrome\Extension: [jgfpelakfkbbkkdchaaaknckhoadkcbo] - C:\Program Files (x86)\Mein Gutscheincode Finder\Chrome\chrome-extension.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-04] (ActivIdentity)
S2 Apache2.2; c:\xampp\apache\bin\httpd.exe [24636 2008-12-10] (Apache Software Foundation) [File not signed]
R2 C-DillaCdaC11BA; C:\windows\SysWOW64\drivers\CDAC11BA.EXE [39936 2010-12-14] (C-Dilla Ltd) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2010-02-02] (McAfee, Inc.) [File not signed]
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-12-07] (Hewlett-Packard Ltd)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
S2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [90112 2010-06-14] (Hewlett-Packard Company) [File not signed]
S2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2010-02-02] (McAfee, Inc.)
S2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [298496 2010-05-06] (Hewlett-Packard) [File not signed]
S2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 HRService; C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe [71024 2012-01-11] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 McAPExe; C:\PROGRAM FILES\MCAFEE\MSC\MCAPEXE.EXE [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-10-08] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mysql; c:\xampp\mysql\bin\mysqld.exe [6562432 2009-03-16] ()
S2 ndassvc; C:\Program Files\NDAS\System\ndassvc.exe [376808 2007-06-29] (XIMETA, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 QDLService2kHP; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe [1687360 2011-04-29] (QUALCOMM, Inc.)
S2 SMManager; C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe [82760 2010-03-13] (Smith Micro Software, Inc.)
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9216 2010-12-31] (Vodafone) [File not signed]
S2 vtigercrmApache530; C:\Program Files (x86)\vtigercrm-5.3.0\apache\bin\Apache.exe [20541 2009-05-08] (Apache Software Foundation) [File not signed]
S2 vtigercrmMysql530; C:\Program Files (x86)\vtigercrm-5.3.0\mysql\my.ini [2994 2012-02-14] () [File not signed]
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-02-12] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 XAMPP; c:\xampp\service.exe [60928 2007-12-21] () [File not signed]
S2 HPSLPSVC; C:\Users\kami\AppData\Local\Temp\7zS03A3\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\lgandadb.sys [31744 2010-08-01] (Google Inc)
S3 BioNTDrv; C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\BioNTDrv.SYS [18696 2014-05-19] (Paragon Software Group)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2011-04-09] (Bytemobile, Inc.) [File not signed]
S2 CdaC15BA; C:\windows\SysWOW64\drivers\CDAC15BA.SYS [8864 2012-01-05] () [File not signed]
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [419840 2010-12-31] (Huawei Technologies Co., Ltd.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 lfsfilt; C:\Windows\System32\DRIVERS\lfsfilt.sys [339944 2007-06-29] (XIMETA, Inc.)
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.)
R0 lpx; C:\Windows\System32\DRIVERS\lpx.sys [97256 2007-06-29] (XIMETA, Inc.)
R1 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [107736 2015-03-17] (Malwarebytes Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-19] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
S3 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-04] (Marvell Semiconductor, Inc.)
R3 ndasbus; C:\Windows\System32\DRIVERS\ndasbus.sys [108520 2007-06-29] (XIMETA, Inc.)
R1 ndasfat; C:\windows\system32\DRIVERS\ndasfat.sys [537064 2007-06-29] (XIMETA, Inc.)
S3 ndasscsi; C:\Windows\System32\DRIVERS\ndasscsi.sys [235496 2007-06-29] (XIMETA, Inc.)
S3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [602112 2006-11-08] (PixArt Imaging Inc.)
R3 qcfilterhp2k; C:\Windows\System32\DRIVERS\qcfilterhp2k.sys [6400 2011-04-29] (QUALCOMM Incorporated)
R3 qcombushp; C:\Windows\System32\DRIVERS\qcombushp.sys [160328 2011-04-29] (MCCI)
R3 qcusbnethp2k; C:\Windows\System32\DRIVERS\qcusbnethp2k.sys [444416 2011-04-29] (QUALCOMM Incorporated)
R3 qcusbserhp2k; C:\Windows\System32\DRIVERS\qcusbserhp2k.sys [230784 2011-04-29] (QUALCOMM Incorporated)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2010-02-02] (McAfee, Inc.)
R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2010-02-02] (McAfee, Inc.)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2010-02-02] ()
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2010-02-02] (McAfee, Inc.)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2010-02-02] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2010-02-02] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2010-02-02] (McAfee, Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-01-19] ()
R1 tcpipBM; C:\windows\system32\drivers\tcpipBM.sys [39552 2011-04-09] (Bytemobile, Inc.) [File not signed]
R1 ui11drdr; C:\Windows\System32\DRIVERS\ui11drdr.sys [201072 2012-09-24] (1&1 Internet AG)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-05-19] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-05-19] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700296 2014-05-19] ()
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-19] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-19] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-19] (LG Electronics Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 vmci; system32\DRIVERS\vmci.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-19 23:54 - 2015-04-19 23:54 - 00001866 _____ () C:\Users\kami\Desktop\JRT_1.txt
2015-04-19 23:37 - 2015-04-19 23:37 - 00001866 _____ () C:\Users\kami\Desktop\JRT.txt
2015-04-19 23:34 - 2015-04-19 23:34 - 00000207 _____ () C:\windows\tweaking.com-regbackup-BETA-Windows-7-Professional-(64-bit).dat
2015-04-19 23:34 - 2015-04-19 23:34 - 00000000 ____D () C:\RegBackup
2015-04-19 23:32 - 2015-04-19 23:32 - 00001206 _____ () C:\Users\kami\Desktop\mbam.txt
2015-04-19 22:40 - 2015-04-19 22:40 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-19 22:40 - 2015-04-19 22:40 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-19 22:40 - 2015-04-19 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-19 22:40 - 2015-04-19 22:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-19 22:40 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-04-19 22:40 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-04-19 22:40 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-04-19 22:37 - 2015-04-19 22:38 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\kami\Desktop\mbam-setup-2.1.4.1018.exe
2015-04-19 22:36 - 2015-04-19 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-04-19 22:32 - 2015-04-19 22:32 - 00002421 _____ () C:\Users\kami\Desktop\AdwCleaner[S4].txt
2015-04-19 21:55 - 2015-04-19 21:55 - 02686254 _____ (Thisisu) C:\Users\kami\Desktop\JRT.exe
2015-04-19 19:04 - 2015-04-19 19:04 - 00000000 ____D () C:\Users\kami\AppData\Roaming\1&1
2015-04-19 19:04 - 2015-04-19 19:04 - 00000000 ____D () C:\ProgramData\1&1
2015-04-19 13:35 - 2015-04-19 13:35 - 00052136 _____ () C:\ComboFix.txt
2015-04-19 13:12 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2015-04-19 13:12 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2015-04-19 13:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-04-19 13:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-04-19 13:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-04-19 13:12 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2015-04-19 13:12 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2015-04-19 13:12 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2015-04-19 13:08 - 2015-04-19 13:36 - 00000000 ____D () C:\Qoobox
2015-04-19 13:07 - 2015-04-19 13:32 - 00000000 ____D () C:\windows\erdnt
2015-04-19 10:45 - 2015-04-19 10:45 - 02217984 _____ () C:\Users\kami\Desktop\AdwCleaner_4.201.exe
2015-04-18 18:51 - 2015-04-18 18:51 - 00000000 ____D () C:\Users\kami\Documents\ProcAlyzer Dumps
2015-04-18 18:41 - 2015-04-18 18:41 - 00059728 _____ () C:\Users\kami\Desktop\Gmer.txt
2015-04-18 18:05 - 2015-04-18 18:05 - 00092155 _____ () C:\Users\kami\Desktop\FRST_a.txt
2015-04-18 18:00 - 2015-04-18 18:00 - 00000000 ____D () C:\Users\kami\Desktop\FRST-OlderVersion
2015-04-18 17:23 - 2015-04-18 17:23 - 00380416 _____ () C:\Users\kami\Desktop\Gmer-19357.exe
2015-04-18 17:11 - 2015-04-19 23:53 - 00058080 _____ () C:\Users\kami\Desktop\Addition.txt
2015-04-18 17:09 - 2015-04-19 23:56 - 00030359 _____ () C:\Users\kami\Desktop\FRST.txt
2015-04-18 17:09 - 2015-04-19 23:56 - 00000000 ____D () C:\FRST
2015-04-18 17:07 - 2015-04-18 17:08 - 00000470 _____ () C:\Users\kami\Desktop\defogger_disable.log
2015-04-18 17:07 - 2015-04-18 17:07 - 00000000 _____ () C:\Users\kami\defogger_reenable
2015-04-18 17:05 - 2015-04-18 17:05 - 00050477 _____ () C:\Users\kami\Downloads\Defogger.exe
2015-04-18 12:24 - 2015-04-18 11:52 - 00450771 ____R () C:\windows\system32\Drivers\etc\hosts.20150418-122415.backup
2015-04-17 18:03 - 2015-04-17 18:03 - 00050477 _____ () C:\Users\kami\Desktop\Defogger.exe
2015-04-17 13:03 - 2015-04-18 18:00 - 02098176 _____ (Farbar) C:\Users\kami\Desktop\FRST64.exe
2015-04-17 11:08 - 2015-04-18 11:49 - 00001983 _____ () C:\Users\kami\Desktop\Malware@firefox.txt
2015-04-16 12:20 - 2015-04-19 23:35 - 00008192 _____ () C:\windows\SysWOW64\WDPABKP.dat
2015-04-16 09:47 - 2015-04-16 09:47 - 00001947 _____ () C:\Users\Public\Desktop\Sonos.lnk
2015-04-16 09:47 - 2015-04-16 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonos
2015-04-16 09:47 - 2015-04-16 09:47 - 00000000 ____D () C:\Program Files (x86)\Sonos
2015-04-16 09:34 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-04-16 09:34 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-04-16 09:34 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-04-16 09:34 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-04-16 09:34 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-04-16 09:34 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-04-16 09:34 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-04-16 09:34 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-04-16 09:34 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-04-16 09:34 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-04-16 09:34 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-04-16 09:34 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-04-16 09:34 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-04-16 09:34 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-04-16 09:34 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-04-16 09:34 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-04-16 09:34 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-04-16 09:33 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-04-16 09:33 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-04-16 09:33 - 2015-03-10 07:29 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-04-16 09:33 - 2015-03-10 07:28 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-04-16 09:33 - 2015-03-10 07:28 - 01409024 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-04-16 09:33 - 2015-03-10 07:28 - 00600576 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 19292672 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 15409152 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 02656256 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-04-16 09:33 - 2015-03-10 07:26 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-04-16 09:33 - 2015-03-10 07:26 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-04-16 09:33 - 2015-03-10 07:26 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 14373376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 02864640 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 01763328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 13767680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-04-16 09:33 - 2015-03-10 05:48 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-04-16 09:33 - 2015-03-10 05:32 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-04-16 09:33 - 2015-03-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-04-16 09:33 - 2015-03-10 05:07 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-04-16 09:33 - 2015-03-10 04:42 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2015-04-16 09:33 - 2015-03-10 04:39 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-04-16 09:33 - 2015-03-10 04:16 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2015-04-16 09:33 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2015-04-16 09:33 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2015-04-16 09:33 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\clfsw32.dll
2015-04-16 09:32 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-04-16 09:32 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-04-16 09:32 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-04-16 09:32 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-04-16 09:32 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-04-16 09:32 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-04-16 09:32 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-04-16 09:32 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-04-16 09:32 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-04-16 09:32 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-04-16 09:32 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-04-16 09:32 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-04-16 09:32 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-04-16 09:32 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-04-16 09:32 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-04-16 09:32 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-04-16 09:32 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-04-16 09:32 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-04-16 09:32 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-04-16 09:32 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-04-16 09:32 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-04-16 09:32 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-04-16 09:32 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-04-16 09:32 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-04-16 09:32 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-04-16 09:32 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-04-16 09:32 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-16 09:31 - 2015-04-18 10:46 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2015-04-16 09:30 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-04-16 09:30 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-04-16 09:30 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-04-16 09:30 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-04-16 09:29 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2015-04-16 09:01 - 2015-04-16 09:02 - 00995568 _____ () C:\windows\Minidump\041615-50325-01.dmp
2015-04-16 09:00 - 2015-04-16 09:00 - 876794833 _____ () C:\windows\MEMORY.DMP
2015-04-14 12:15 - 2015-04-14 12:15 - 00001153 _____ () C:\Users\Public\Desktop\WD My Cloud.lnk
2015-04-14 12:15 - 2015-04-14 12:15 - 00000000 ____D () C:\Users\kami\AppData\Roaming\com.wd.WDMyCloud
2015-04-14 12:14 - 2015-04-14 12:14 - 00000158 _____ () C:\Users\kami\Desktop\WD My Cloud – Öffentliche Freigabe (WCC4E2EJRERE).url
2015-04-14 12:14 - 2015-04-14 12:14 - 00000154 _____ () C:\Users\kami\Desktop\WD My Cloud-Dashboard (WCC4E2EJRERE).url
2015-04-14 12:03 - 2015-04-14 12:03 - 00000000 ____D () C:\Users\kami\AppData\Roaming\WDC
2015-04-14 12:02 - 2015-04-16 09:17 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-14 11:58 - 2015-04-14 12:00 - 00560552 _____ (Oracle Corporation) C:\Users\kami\Downloads\JavaSetup8u40.exe
2015-04-13 22:52 - 2015-04-13 22:52 - 00000000 ____D () C:\ProgramData\launcher
2015-04-13 22:21 - 2015-04-13 22:21 - 00000000 ____D () C:\ProgramData\rmbwizard
2015-04-13 19:37 - 2015-04-13 19:38 - 71601392 _____ () C:\Users\kami\Downloads\mc_windows_setup.exe
2015-04-13 19:08 - 2015-04-13 19:08 - 00000473 _____ () C:\Users\kami\Downloads\WDMyCloud-20150413-1908.conf
2015-04-13 18:29 - 2015-04-13 19:32 - 00000000 ____D () C:\Users\kami\AppData\Local\Western_Digital_Technolog
2015-04-13 18:21 - 2015-04-13 18:24 - 247429605 _____ () C:\Users\kami\Downloads\MyNetViewFull_1_0_12_0.zip
2015-04-13 18:20 - 2015-04-13 18:20 - 00000000 ____D () C:\Program Files\Western Digital
2015-04-13 18:20 - 2015-04-13 18:20 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2015-04-13 18:13 - 2015-04-14 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-04-13 18:13 - 2015-04-14 12:15 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2015-04-13 18:13 - 2015-04-13 18:13 - 00001186 _____ () C:\Users\Public\Desktop\WD Discovery.lnk
2015-04-13 16:53 - 2015-04-13 17:00 - 71601392 _____ () C:\Users\kami\Downloads\mc_windows_setup (1).exe
2015-04-13 16:12 - 2015-04-13 16:12 - 00001083 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2015-04-13 16:12 - 2015-04-13 16:12 - 00001063 _____ () C:\Users\Public\Desktop\PDF24 Fax.lnk
2015-04-13 16:12 - 2015-04-13 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-04-13 12:24 - 2015-04-13 16:12 - 00000000 ____D () C:\Program Files (x86)\PDF24
2015-04-13 11:59 - 2015-04-13 11:59 - 00001274 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk
2015-04-13 11:59 - 2015-04-13 11:59 - 00001262 _____ () C:\Users\Public\Desktop\Absolute Uninstaller.lnk
2015-04-13 11:59 - 2015-04-13 11:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2015-04-13 11:58 - 2015-04-13 11:58 - 04737952 _____ () C:\Users\kami\Downloads\ausetup5.3.1.20.exe
2015-04-13 11:58 - 2015-04-13 11:58 - 00000000 ____D () C:\Program Files (x86)\Glarysoft
2015-04-13 11:46 - 2015-04-13 11:46 - 16342352 _____ (Geek Software GmbH ) C:\Users\kami\Downloads\pdf24-creator-6.9.2 (1).exe
2015-04-12 11:34 - 2015-04-12 11:34 - 16342352 _____ (Geek Software GmbH ) C:\Users\kami\Downloads\pdf24-creator-6.9.2.exe
2015-04-11 20:08 - 2015-04-11 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour-Druckdienste
2015-04-11 20:08 - 2015-04-11 20:08 - 00000000 ____D () C:\Program Files\Bonjour Print Services
2015-04-11 20:02 - 2015-04-14 12:14 - 00000204 _____ () C:\Users\kami\Desktop\Lerncenter WD My Cloud.url
2015-04-11 20:02 - 2015-04-13 18:20 - 00000000 ____D () C:\ProgramData\Western Digital
2015-04-11 20:02 - 2015-04-11 20:02 - 00000158 _____ () C:\Users\kami\Desktop\WD My Cloud – Öffentliche Freigabe.url
2015-04-11 20:02 - 2015-04-11 20:02 - 00000154 _____ () C:\Users\kami\Desktop\WD My Cloud-Dashboard.url
2015-04-11 19:33 - 2015-04-13 18:29 - 00000000 ____D () C:\Users\kami\AppData\Local\Western Digital
2015-04-10 11:35 - 2015-04-10 11:35 - 00000000 ____D () C:\Users\kami\Neuer Ordner
2015-04-10 02:00 - 2015-04-10 02:00 - 00002331 _____ () C:\Users\Public\Desktop\Paragon Backup and Recovery™ 2014 Free.lnk
2015-04-10 02:00 - 2015-04-10 02:00 - 00002163 _____ () C:\Users\Public\Desktop\Paragon Recovery Media Builder™.lnk
2015-04-10 02:00 - 2015-04-10 02:00 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_blockmounter_01_09_00.Wdf
2015-04-10 02:00 - 2015-04-10 02:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup and Recovery™ 2014 Free
2015-04-10 01:59 - 2015-04-10 01:59 - 00000000 ____D () C:\Program Files\Paragon Software
2015-04-10 01:54 - 2015-04-10 01:54 - 00000000 ____D () C:\ProgramData\explauncher
2015-04-10 01:32 - 2015-04-10 01:52 - 417659040 _____ () C:\Users\kami\Downloads\br2014Free101.exe
2015-04-09 22:35 - 2015-04-09 22:35 - 00003110 _____ () C:\windows\System32\Tasks\{046986FD-9DB1-4173-A375-483BF9D48683}
2015-04-09 21:03 - 2015-04-09 21:03 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-04-09 11:46 - 2015-04-09 11:46 - 00022328 _____ () C:\Users\kami\Downloads\hijackthis.log
2015-04-09 10:51 - 2015-04-09 11:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\kami\Downloads\HijackThis.exe
2015-04-09 02:29 - 2015-04-09 02:29 - 00003432 _____ () C:\windows\System32\Tasks\Avira Browser Safety Updater Task
2015-04-09 02:29 - 2015-04-09 02:29 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-09 01:55 - 2015-04-19 23:16 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-04-09 01:55 - 2015-04-16 09:17 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-04-09 01:55 - 2015-04-16 09:17 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-09 01:55 - 2015-04-16 09:17 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-04-09 01:22 - 2015-04-19 10:01 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-04-09 01:13 - 2015-04-09 09:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-09 01:08 - 2015-04-09 01:44 - 00000000 ____D () C:\Users\kami\Entmister-SW
2015-04-08 23:55 - 2015-04-08 23:55 - 16502728 _____ (Malwarebytes Corp.) C:\Users\kami\Downloads\mbar-1.09.1.1004.exe
2015-04-08 22:25 - 2015-04-08 22:25 - 00002037 _____ () C:\Users\Public\Desktop\LightScribe.lnk
2015-04-08 22:25 - 2015-04-08 22:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2015-04-08 19:34 - 2015-04-13 18:20 - 00160620 _____ () C:\windows\DPINST.LOG
2015-04-08 19:32 - 2015-04-08 19:32 - 00002102 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-04-08 19:32 - 2015-04-08 19:32 - 00000000 ____D () C:\ProgramData\Sony
2015-04-08 19:31 - 2015-04-08 19:31 - 28579392 _____ (Sony Mobile Communications ) C:\Users\kami\Downloads\Sony PC Companion_Web.exe
2015-04-08 15:16 - 2015-04-08 15:21 - 00000000 ____D () C:\Users\kami\AppData\Roaming\Mozilla
2015-04-08 15:16 - 2015-04-08 15:16 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-08 15:16 - 2015-04-08 15:16 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-08 15:16 - 2015-04-08 15:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-08 12:50 - 2015-04-08 12:50 - 00243656 _____ () C:\Users\kami\Downloads\Firefox Setup Stub 37.0.1.exe
2015-04-08 11:29 - 2015-04-08 11:29 - 00116528 _____ () C:\Users\kami\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-08 11:15 - 2015-04-19 22:29 - 00003249 _____ () C:\windows\setupact.log
2015-04-08 11:15 - 2015-04-08 11:15 - 00000000 _____ () C:\windows\setuperr.log
2015-04-08 11:14 - 2015-04-19 19:00 - 00015804 _____ () C:\windows\PFRO.log
2015-04-08 11:14 - 2015-04-08 11:15 - 00439280 _____ () C:\windows\system32\FNTCACHE.DAT
2015-04-08 09:38 - 2015-04-08 09:38 - 00000000 ____D () C:\Users\kami\VirtualBox VMs
2015-04-08 09:30 - 2015-04-08 09:30 - 00003144 _____ () C:\windows\System32\Tasks\{BEE6F6BC-7E4E-4156-B456-4BC6B32E9CFC}
2015-04-08 09:27 - 2015-04-13 16:03 - 00000000 ____D () C:\Users\kami\.VirtualBox
2015-04-08 09:25 - 2015-04-08 09:29 - 00001036 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2015-04-08 09:25 - 2015-04-08 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-04-08 09:25 - 2015-03-16 17:36 - 00922704 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxDrv.sys
2015-04-08 09:24 - 2015-04-08 09:24 - 00000000 ____D () C:\Program Files\Oracle
2015-04-08 09:24 - 2015-03-16 17:35 - 00128592 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxUSBMon.sys
2015-04-08 02:22 - 2015-04-08 02:22 - 00000000 ____D () C:\Users\kami\AppData\Local\BVRP Software
2015-04-07 21:40 - 2009-06-10 23:00 - 00000824 _____ () C:\windows\system32\Drivers\etc\hosts.20150407-214026.backup
2015-04-07 21:16 - 2015-04-07 21:16 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2015-04-07 21:15 - 2015-04-19 19:00 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-07 21:15 - 2015-04-19 13:12 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-07 21:09 - 2015-04-07 21:14 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-07 21:09 - 2015-04-07 21:09 - 00002780 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2015-04-07 21:09 - 2015-04-07 21:09 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-07 21:09 - 2015-04-07 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-07 20:40 - 2015-04-07 20:40 - 00005684 _____ () C:\windows\system32\.crusader
2015-04-07 20:20 - 2015-04-07 20:41 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-06 13:21 - 2015-04-07 11:36 - 00000000 ____D () C:\windows\system32\log
2015-04-04 12:49 - 2015-04-04 12:49 - 00000000 ___SD () C:\windows\SysWOW64\GWX
2015-04-04 12:49 - 2015-04-04 12:49 - 00000000 ___SD () C:\windows\system32\GWX
2015-04-03 19:13 - 2015-04-03 19:13 - 00001373 _____ () C:\Users\kami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-03 17:22 - 2015-04-03 17:22 - 01400416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2015-04-03 17:22 - 2015-04-03 17:22 - 01400416 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2015-04-03 17:22 - 2015-04-03 17:22 - 01054720 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00905728 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00719360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00247296 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00232960 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00204800 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00185344 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00173568 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00150528 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00149504 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00138752 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00137216 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00125440 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00117248 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00110592 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2015-04-03 17:22 - 2015-04-03 17:22 - 00073728 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2015-04-03 17:22 - 2015-04-03 17:22 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00041984 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2015-04-03 03:31 - 2015-04-03 03:31 - 00000000 ____D () C:\Users\kami\AppData\Roaming\LavasoftStatistics
2015-04-03 03:31 - 2015-03-12 11:59 - 00373864 _____ (Lavasoft Limited) C:\windows\system32\LavasoftTcpService64.dll
2015-04-03 03:31 - 2015-03-12 11:58 - 00326288 _____ (Lavasoft Limited) C:\windows\SysWOW64\LavasoftTcpService.dll
2015-04-03 01:38 - 2015-04-03 01:38 - 00001381 _____ () C:\Users\kami\Desktop\Internet Explorer (64-bit).lnk
2015-04-02 22:12 - 2015-04-02 22:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-02 01:49 - 2015-04-02 17:18 - 00005632 _____ () C:\Users\kami\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-31 10:14 - 2015-03-31 10:14 - 00004387 _____ () C:\Users\kami\AppData\Roaming\HnmIsEN3HeBGjmHRcutCSbAF6p
2015-03-24 12:10 - 2015-04-19 23:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-19 23:53 - 2011-05-11 22:54 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-19 23:40 - 2014-11-14 09:48 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cfffdf66526ee7.job
2015-04-19 23:35 - 2010-11-13 17:40 - 01774234 _____ () C:\windows\WindowsUpdate.log
2015-04-19 22:40 - 2009-07-14 06:45 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-19 22:40 - 2009-07-14 06:45 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-19 22:37 - 2010-09-12 22:06 - 05535670 _____ () C:\windows\system32\perfh007.dat
2015-04-19 22:37 - 2010-09-12 22:06 - 01713162 _____ () C:\windows\system32\perfc007.dat
2015-04-19 22:37 - 2009-07-14 07:13 - 00006792 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-19 22:36 - 2014-06-11 00:04 - 00001804 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2015-04-19 22:30 - 2011-05-11 22:54 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-19 22:29 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-19 22:27 - 2013-12-30 15:56 - 00000000 ____D () C:\AdwCleaner
2015-04-19 13:35 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-19 13:30 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2015-04-19 13:01 - 2010-12-07 04:02 - 00000000 ____D () C:\Users\kami\Postfach
2015-04-18 18:19 - 2012-03-20 17:11 - 00000000 ____D () C:\Users\kami\AppData\Roaming\Notepad++
2015-04-18 17:07 - 2010-12-02 21:21 - 00000000 ____D () C:\Users\kami
2015-04-18 15:12 - 2010-12-26 11:56 - 00000000 ____D () C:\ProgramData\Lexware
2015-04-18 12:40 - 2014-08-18 17:35 - 00000000 ____D () C:\Users\kami\AppData\Roaming\Opera Software
2015-04-18 12:15 - 2014-06-05 15:36 - 00000000 ____D () C:\temp
2015-04-18 11:26 - 2013-02-17 14:56 - 00003180 _____ () C:\windows\System32\Tasks\HPCeeScheduleForkami
2015-04-18 11:26 - 2013-02-17 14:56 - 00000328 _____ () C:\windows\Tasks\HPCeeScheduleForkami.job
2015-04-18 01:49 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\AppCompat
2015-04-17 22:41 - 2010-12-03 03:23 - 00007620 _____ () C:\Users\kami\AppData\Local\Resmon.ResmonCfg
2015-04-17 22:38 - 2011-11-11 23:52 - 00000000 ____D () C:\ProgramData\Avanquest Bluetooth SDK
2015-04-17 18:16 - 2011-05-02 15:09 - 00000000 ____D () C:\Users\kami\Documents\Aktuell
2015-04-17 00:01 - 2011-03-22 23:08 - 00001644 _____ () C:\Users\kami\Desktop\FUS.txt
2015-04-16 23:51 - 2010-12-03 06:13 - 00000000 ____D () C:\windows\rescache
2015-04-16 12:37 - 2010-12-15 14:08 - 00000000 ____D () C:\Users\kami\Documents\Finanzen
2015-04-16 12:20 - 2009-07-27 17:04 - 00000000 ____D () C:\windows\Panther
2015-04-16 12:14 - 2014-12-11 10:22 - 00000000 ____D () C:\windows\system32\appraiser
2015-04-16 12:14 - 2014-07-09 13:10 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-04-16 11:40 - 2010-12-06 22:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-16 09:44 - 2013-08-15 11:37 - 00000000 ____D () C:\windows\system32\MRT
2015-04-16 09:34 - 2010-12-05 18:07 - 128913832 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-04-16 09:28 - 2013-10-22 21:00 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-16 09:27 - 2010-12-12 19:58 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-16 09:01 - 2012-10-10 23:49 - 00000000 ____D () C:\windows\Minidump
2015-04-14 12:01 - 2013-10-22 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-13 18:19 - 2013-03-26 12:05 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-13 17:36 - 2011-12-28 02:35 - 00000000 ____D () C:\Users\kami\AppData\Roaming\HpUpdate
2015-04-13 16:40 - 2010-09-12 22:37 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-04-13 16:32 - 2012-12-07 17:41 - 00002771 _____ () C:\Users\Public\Desktop\Lexware buchhalter.lnk
2015-04-13 16:32 - 2010-12-26 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2015-04-13 14:00 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2015-04-12 11:55 - 2011-06-21 00:16 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2015-04-12 11:37 - 2012-06-29 08:57 - 00000000 ____D () C:\Users\Hotel
2015-04-12 11:37 - 2012-01-11 18:12 - 00000000 ____D () C:\Users\Vais
2015-04-12 11:37 - 2011-11-20 12:17 - 00000000 ____D () C:\Users\Administrator
2015-04-12 11:37 - 2010-12-13 15:25 - 00000000 ____D () C:\Users\RF
2015-04-10 12:05 - 2011-10-13 10:12 - 00000000 ____D () C:\Users\kami\Documents\Bluetooth Exchange Folder
2015-04-10 03:00 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2015-04-10 01:56 - 2010-12-02 21:23 - 00000000 ____D () C:\Users\kami\AppData\Local\Downloaded Installations
2015-04-09 21:50 - 2014-12-11 17:04 - 00000000 ____D () C:\Program Files (x86)\Super Radio
2015-04-09 01:55 - 2014-08-19 13:20 - 00000000 ____D () C:\Users\kami\AppData\Local\Adobe
2015-04-08 23:27 - 2012-06-29 09:03 - 00000000 ____D () C:\Users\Hotel\AppData\Local\Mozilla
2015-04-08 23:25 - 2012-06-29 08:58 - 00000000 ___RD () C:\Users\Hotel\Virtual Machines
2015-04-08 23:24 - 2015-03-05 18:42 - 00001536 __RSH () C:\Users\Hotel\ntuser.pol
2015-04-08 23:02 - 2011-12-15 21:08 - 00113152 ___SH () C:\Users\kami\Documents\Thumbs.db
2015-04-08 19:34 - 2011-05-25 15:15 - 00000000 ____D () C:\Users\kami\AppData\Local\Sony
2015-04-08 19:32 - 2011-05-25 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-04-08 19:32 - 2011-05-25 15:03 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-04-08 19:32 - 2010-09-12 22:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-08 13:08 - 2013-05-29 20:35 - 00006256 _____ () C:\Users\kami\_viminfo
2015-04-08 09:29 - 2012-01-11 18:14 - 00116528 _____ () C:\windows\system32\GDIPFONTCACHEV1.DAT
2015-04-08 03:53 - 2013-07-08 13:46 - 00000000 ____D () C:\Users\kami\AppData\Roaming\DVDVideoSoft
2015-04-08 03:51 - 2013-08-27 23:00 - 00000000 ____D () C:\Program Files (x86)\IGC
2015-04-08 03:21 - 2014-07-07 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
2015-04-08 03:21 - 2013-10-22 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-04-08 03:21 - 2013-05-27 13:36 - 00000000 ____D () C:\Users\kami\Desktop\4Trading
2015-04-08 03:21 - 2013-05-27 13:33 - 00000000 ____D () C:\Users\kami\Desktop\4CAD
2015-04-08 03:21 - 2013-05-27 13:30 - 00000000 ____D () C:\Users\kami\Desktop\4Navi
2015-04-08 03:21 - 2011-11-01 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenEstate
2015-04-08 03:21 - 2010-12-03 03:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Interactive Brokers
2015-04-08 02:31 - 2013-03-26 17:30 - 00000000 ____D () C:\Users\kami\Documents\Garmin
2015-04-08 02:31 - 2012-06-02 12:42 - 00000000 ____D () C:\Users\kami\AppData\Local\Garmin
2015-04-08 02:31 - 2010-12-09 02:14 - 00000000 ____D () C:\Users\kami\AppData\Roaming\GARMIN
2015-04-08 02:31 - 2010-12-09 01:44 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-04-08 02:31 - 2010-12-08 23:11 - 00000000 ____D () C:\ProgramData\GARMIN
2015-04-08 02:31 - 2010-12-08 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-04-08 02:28 - 2013-02-28 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasternGraphics
2015-04-08 02:28 - 2011-01-29 11:56 - 00000000 ____D () C:\Program Files (x86)\EasternGraphics
2015-04-08 01:09 - 2010-12-10 01:41 - 00000000 ____D () C:\Users\kami\AppData\Roaming\Dropbox
2015-04-08 00:40 - 2010-12-10 01:43 - 00000000 ___RD () C:\Users\kami\Documents\My Dropbox
2015-04-08 00:13 - 2012-08-29 01:12 - 00000000 ____D () C:\Users\kami\Desktop\Alte Firefox-Daten
2015-04-07 21:40 - 2009-07-14 04:34 - 00450771 ____R () C:\windows\system32\Drivers\etc\hosts.20150418-115254.backup
2015-04-07 21:12 - 2011-11-02 21:22 - 00000000 ____D () C:\Users\kami\AppData\Roaming\FileZilla
2015-04-07 21:12 - 2011-08-27 21:49 - 00000000 ____D () C:\Users\kami\AppData\Roaming\Skype
2015-04-07 11:40 - 2014-11-09 19:16 - 00000000 ____D () C:\Program Files (x86)\MINEA
2015-04-07 11:18 - 2015-02-15 16:36 - 00000000 ___HD () C:\ProgramData\{5EE865C2-E8FF-4231-A2B8-0188FEFBCE3D}
2015-04-06 12:58 - 2014-12-11 17:08 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-04-06 12:06 - 2011-12-14 20:11 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-04-03 19:02 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-04-03 02:15 - 2013-12-14 12:10 - 00000000 ____D () C:\windows\PAC7311
2015-04-03 02:12 - 2011-11-17 01:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
2015-04-02 23:07 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\schemas
2015-04-02 22:24 - 2014-12-22 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\psynetic
2015-03-23 15:12 - 2011-11-01 11:58 - 00000000 ____D () C:\Program Files\Java

==================== Files in the root of some directories =======

2010-12-29 13:54 - 2011-06-15 19:55 - 0001854 _____ () C:\Users\kami\AppData\Roaming\GhostObjGAFix.xml
2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Users\kami\AppData\Roaming\HnmIsEN3HeBGjmHRcutCSbAF6p
2014-07-07 22:50 - 2014-07-07 22:50 - 0038444 _____ () C:\Users\kami\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
2014-07-07 22:46 - 2014-07-07 22:46 - 0038441 _____ () C:\Users\kami\AppData\Roaming\Microsoft Excel 97-2003.ADR
2015-04-02 01:49 - 2015-04-02 17:18 - 0005632 _____ () C:\Users\kami\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-08 22:13 - 2013-05-08 22:13 - 0004096 ____H () C:\Users\kami\AppData\Local\keyfile3.drm
2010-12-08 03:36 - 2010-12-08 03:50 - 0448206 _____ () C:\Users\kami\AppData\Local\MODup-Log.txt
2010-12-03 03:23 - 2015-04-17 22:41 - 0007620 _____ () C:\Users\kami\AppData\Local\Resmon.ResmonCfg
2012-12-20 00:05 - 2012-12-20 00:05 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-12-31 12:48 - 2010-12-31 12:48 - 0208552 ____R () C:\ProgramData\DeviceManager.xml.rc4
2010-12-04 12:11 - 2012-11-27 20:04 - 0017022 _____ () C:\ProgramData\hpzinstall.log
2013-01-18 03:59 - 2013-01-18 03:59 - 0000285 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-02-20 23:07 - 2013-02-20 23:07 - 0000115 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Files to move or delete:
====================
C:\Users\kami\REG4DigiFoto_Hilfedatei.reg


Some content of TEMP:
====================
C:\Users\kami\AppData\Local\Temp\Quarantine.exe
C:\Users\kami\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

NoMW! 19.04.2015 23:45
Nachtrag zu vorhergehendem Post:

Schritt 4_Addition.txt:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-04-2015 01
Ran by kami at 2015-04-19 23:57:08
Running from C:\Users\kami\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1&1 Office-Drive Manager (HKLM-x32\...\1&1 Office-Drive Manager) (Version: 2.0.687 - 1&1 Internet AG)
3DVIA player 5.0.0.20 (HKLM-x32\...\{F06365EC-061E-48C3-B761-E1816658D618}) (Version: 5.0.20 - 3DVIA)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
ABBYY FineReader 5.0 Sprint (HKLM-x32\...\{D1696920-9794-4BBC-8A30-7A88763DE5A2}) (Version: 5.0.0.33417 - ABBYY Software House)
ABBYY FineReader 6.0 (HKLM-x32\...\{AF600F7B-67A7-48D9-BA3B-0FF97F35F970}) (Version: 6.0.759.29421 - ABBYY Software House)
Absolute Uninstaller 5.3.1.20 (HKLM-x32\...\Absolute Uninstaller) (Version: 5.3.1.20 - Glarysoft Ltd)
ActivClient x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - )
Agent Ransack 2010 (64-bit) (HKLM\...\Agent Ransack (64-bit)_is1) (Version:  - )
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
ArcSoft PhotoImpression (HKLM-x32\...\{6C5D7191-140A-11D6-B5A0-0050DA208A93}) (Version:  - )
Avery Wizard 3.1 (HKLM-x32\...\{77077FFF-8831-470F-9627-E86F06A50CCD}) (Version: 3.1.8 - Avery)
Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{CA0D2F09-F811-48D4-843E-C87696C6A9D9}) (Version: 3.0.0.2 - Apple Inc.)
Bonjour-Druckdienste (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Broadcom 2070 Bluetooth 2.1 + EDR (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.35 - Broadcom Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
c4200_Help (x32 Version: 82.0.210.000 - Hewlett-Packard) Hidden
C4340 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
CFX Trader (HKLM-x32\...\{AC5E101F-8D42-406B-BFC0-7B906879F705}) (Version: 2.52.12.0 - CFX Broker)
CoP Outlook Plugin (HKLM-x32\...\{CBB9BD2B-C3FA-413F-9913-924EFFCE9CCC}) (Version: 4.11.1 - SMC Software Management Consulting)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Core FTP Server (HKLM-x32\...\CoreFTPServer) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Data Center 2 (HKLM-x32\...\Data Center 2) (Version:  - Sigma Elektro GmbH)
DataCenter2 (HKLM-x32\...\DataCenter2.6A52D17A1C86211F195F60E94C15876515EBE62C.1) (Version: 2.0.2 - Sigma Elektro GmbH)
DataCenter2 (x32 Version: 2.0.2 - Sigma Elektro GmbH) Hidden
DDBAC (HKLM-x32\...\{78F6AFE2-A4F3-4AE1-A710-9FD5758C2EB0}) (Version: 5.3.26 - DataDesign)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Deutsche Post E-Porto (HKLM-x32\...\{5CCF8330-F742-411A-8A04-719806D168B5}) (Version: 2.3.0 - Deutsche Post AG)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.1.9 - Hewlett-Packard)
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Doodle Outlook Connector (HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\33030675DC63B8C8D12A223C2017505053D50B01) (Version: 1.2.0.0 - Doodle AG)
Drive Encryption for HP ProtectTools (HKLM-x32\...\Drive Encryption) (Version: 5.0.6.0 - Hewlett-Packard)
Drive Encryption for HP ProtectTools (Version: 5.0.6.0 - Hewlett-Packard) Hidden
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.0.15910 - Landesfinanzdirektion Thüringen)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
EPSON Copy Utility (HKLM-x32\...\{B69CC1A5-0404-11D6-ABCB-005004C21D30}) (Version:  - )
EPSON Photo Print (HKLM-x32\...\{D379964B-685C-44D5-AE46-C953A9FEEA14}) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON Smart Panel (HKLM-x32\...\{6C11D561-620B-47DA-A693-4C597F3CDF40}) (Version:  - )
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 5.0.1.4 - Hewlett-Packard)
FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Folder Marker v 1.4 (HKLM-x32\...\Folder Marker_is1) (Version: 1.4 - ArcticLine Software)
FreeFileSync 5.6 (HKLM-x32\...\FreeFileSync) (Version: 5.6 - ZenJu)
GALILEOS Viewer 1.9 (HKLM-x32\...\{A1AD28CE-ADDF-46F1-94DC-7D7ACBC1451B}) (Version: 1.9.4368.23293 - SICAT GmbH & Co. KG)
Garmin City Navigator Europe NT 2012.30 Update (HKLM-x32\...\{71401465-5DAD-4E95-BCFC-B13DFDD9771E}) (Version: 15.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2013.30 Update (HKLM-x32\...\{BD9FCA8B-7692-42BD-9AF3-88346B436CB0}) (Version: 16.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT v9 (HKLM-x32\...\{29EA075F-2C61-472F-B01D-80E8D8F023F1}) (Version: 9.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}) (Version: 2.9.3 - Garmin Ltd or its subsidiaries)
Garmin TOPO Deutschland v3 (HKLM-x32\...\{AE255C55-E0CF-4591-AA86-CAA19AA32C53}) (Version: 3.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{CCB71FF8-DE82-469C-8641-44378F4443EB}) (Version: 2.5.4 - Garmin Ltd or its subsidiaries)
Geberit ProPlanner 2013 R2 (HKLM-x32\...\{D06C9C18-D361-486A-9E6D-DBAFF1266028}) (Version: 3.3.000 - Geberit Verwaltungs AG)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Haufe Formular-Manager (HKLM-x32\...\{CE7F2CA3-ADA3-4907-9013-8B61C370B6E4}) (Version: 11.01.03.0001 - Haufe-Lexware GmbH & Co. KG)
Haufe iDesk-Browser (HKLM-x32\...\{0F32914F-A633-4516-B531-7084C8F19F93}) (Version: 10.10.14.0000 - Haufe-Lexware GmbH & Co. KG)
Haufe iDesk-Service (HKLM-x32\...\{F3A444B0-3BF9-11E1-A2DD-005056B12123}) (Version: 12.01.11.8176 - Haufe)
HP 3D DriveGuard (HKLM\...\{299625B9-6C69-462C-9CEA-8E06D878B1C5}) (Version: 4.0.5.1 - Hewlett-Packard Company)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Connection Manager (HKLM-x32\...\{DE637160-7A1C-4F73-B1AB-4300AE2C2DDE}) (Version: 3.1.3 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Documentation (HKLM-x32\...\{4054365C-8CD6-4F08-A2F9-44CADFD7A9D0}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.6.4.1 - Hewlett-Packard Company)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{1241CE77-0B65-40A0-B893-02EA49E35332}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{14BC5667-22B0-4DC4-8205-597053BBDDC9}) (Version: 13.0 - HP)
HP Photosmart C4340 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{20B8FE13-36FB-47A8-B43C-4BD23B36ADB2}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Power Assistant (HKLM\...\{09A06482-FAF9-4DC5-9EC7-D340B394E22A}) (Version: 2.0.6.0 - Hewlett-Packard Company)
HP Power Data (HKLM\...\{5CEE98FB-1963-4662-A780-410DA4533D53}) (Version: 1.0.35.187 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP QuickLook (HKLM\...\{E6BEE2A9-04CF-42FF-B95B-BB70FAD2DC3E}) (Version: 3.3.1.4 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{7861911B-4270-498A-8F7A-FCF0570F4877}) (Version: 1.0.1.62 - DeviceVM, Inc.)
HP QuickWeb (HKLM-x32\...\{7861911B-4270-498A-8F7A-FCF0570F48E3}) (Version: 1.0.1.74 - DeviceVM, Inc.)
HP Setup (HKLM-x32\...\{96AC1B0B-02D1-4FAA-9C1E-C92ECA74921A}) (Version: 8.2.4130.3367 - Hewlett-Packard Company)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP SoftPaq Download Manager (HKLM-x32\...\{2DA697D7-FED3-4DE2-A174-92A2A12F9688}) (Version: 3.0.5.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{18F4179A-385F-40EE-AE2D-FA0E1BE62753}) (Version: 4.5.12.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{04801E42-B1A6-4C52-9F3D-CADB5A050433}) (Version: 7.0.1.6 - Hewlett-Packard Company)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP System Default Settings (HKLM-x32\...\{C4E9E8A4-EEC4-4F9E-B140-520A8B75F430}) (Version: 2.4.1.2 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.26.3 - Roxio)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50012.1 - Sonix)
HP Wireless Assistant (HKLM\...\{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}) (Version: 4.0.10.0 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6300.0 - IDT)
Image Transfer (HKLM-x32\...\{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}) (Version:  - )
ImageMixer for Sony (HKLM-x32\...\{1B4AA674-F5CA-4BB5-831A-CD37B4021959}) (Version:  - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.8 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java Card Security for HP ProtectTools (HKLM\...\{F4477CC0-7293-414A-93BC-20EE897A80F0}) (Version: 5.0.4.1 - Hewlett-Packard)
Java(TM) SE Development Kit 7 Update 1 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170010}) (Version: 1.7.0.10 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexware buchhalter 2013 (HKLM-x32\...\{6AB4E5CD-0062-48E8-96A3-E5B4486DFCB3}) (Version: 18.04.00.0021 - Haufe-Lexware GmbH Co.KG)
Lexware Elster (HKLM-x32\...\{1C227C2E-2295-4820-87B1-4B13E98E6C66}) (Version: 13.15.00.0074 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (HKLM-x32\...\{8AE7E507-BC49-4DF0-A236-26878691AB53}) (Version: 2.90.00.0009 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM-x32\...\{607D1882-6E4E-4861-BAA3-16B12FA21C73}) (Version: 20.00.00.0059 - Haufe-Lexware GmbH Co.KG)
Lexware online banking V 2.39 (HKLM-x32\...\{66017349-81C8-48C3-B0E2-704DB146D70F}) (Version:  - )
LG Bluetooth Drivers (HKLM-x32\...\{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}) (Version: 1.1 - LG Electronics)
LG PC Suite IV (HKLM-x32\...\LG PC Suite IV) (Version: 4.3.80.20121017 - LG Electronics)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics)
LG USB Modem Drivers (HKLM-x32\...\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}) (Version: 4.9.4 - LG Electronics)
LightScribe System Software (HKLM-x32\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
LTplus architektur (HKLM-x32\...\{8E93D569-667D-4845-A677-B9FC54AFE9F2}_is1) (Version:  - ArchitektenInitiative e.V.)
LTplus architektur (HKLM-x32\...\{FAA933B5-F74F-4841-AA49-9735D6DD4256}_is1) (Version:  - ArchitektenInitiative e.V.)
LTplus EnEV 2010 (HKLM-x32\...\{BF024BF3-9FE5-4417-AA04-16A5FF937931}_is1) (Version:  - ArchitektenInitiative e.V.)
LTplus SketchUP Plugin 7.1 (HKLM-x32\...\LTplus SketchUP Plugin 7.1) (Version: 7.1 - ArchitektenInitiative e.V.)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Markets-pro Trading Plattform (HKLM-x32\...\Markets-pro Trading Plattform) (Version: 1.0.0.0 - Information Internet)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Media Go (HKLM-x32\...\{0F895695-33CC-4203-9C47-25EF2AC9441C}) (Version: 1.7.254 - Sony)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{963E5FEB-1367-46B9-851D-A957F1A3747F}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office SharePoint Designer 2007 (HKLM-x32\...\SharePointDesigner) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}) (Version:  - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Tool Web Package : EXCTRLST.EXE (HKLM-x32\...\{B0650E3D-FDCA-4908-B74B-0CC1731BDB93}) (Version: 1.00.0.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{75E2C40C-4345-4DD0-B5B3-B8EB92EEECB5}) (Version: 4.0.1679 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.4 - F.J. Wechselberger)
MySQL Workbench 5.2 CE (HKLM-x32\...\{455D9FD3-2AB6-44E0-BF49-B9E13911401A}) (Version: 5.2.38 - Oracle Corporation)
NDAS-Software 3.20.1523 (64-bit Windows) (HKLM\...\{07C16B8B-AE11-4515-888F-0BD2E0A9F2AD}) (Version: 3.20.1523 - XIMETA, Inc.)
Netzwerkaufzeichnungs-Player (HKLM-x32\...\{77A9065F-823B-4CDD-B28B-F340B69B62E3}) (Version: 28.4.0.14953 - Cisco WebEx LLC)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.34 - Symantec)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.8 - )
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation)
P1670 Referenzhandbuch (HKLM-x32\...\P1670 Referenzhandbuch) (Version:  - )
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Paragon Backup and Recovery™ 2014 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
pdfforge Toolbar v6.6 (HKLM-x32\...\{65739FA2-0444-4AB2-B598-872406539EBD}) (Version: 6.6 - Spigot, Inc.) <==== ATTENTION
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 9.0 - PlotSoft LLC)
Privacy Manager for HP ProtectTools (HKLM\...\{32394B71-1E8E-4233-8958-B84F4CDC8F4D}) (Version: 5.11.814 - Hewlett-Packard Company)
PS_AIO_03_C4340_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_Software_min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Qualcomm Gobi 2000 Package for HP (HKLM-x32\...\{5A771AE0-513F-4EC5-AB09-A7D3D22A2E20}) (Version: 1.1.240 - QUALCOMM)
Quicken 2011 - ServicePack 4 (HKLM-x32\...\{9DC1A9BA-070A-455F-8AC3-62587524ADFB}) (Version: 18.04.00.0123 - Haufe-Lexware GmbH & Co KG)
Quicken DELUXE 2004 (HKLM-x32\...\InstallShield_{00F115CE-9BDD-4729-9122-2476CD02856B}) (Version: 11.00.0000 - Lexware)
Quicken DELUXE 2004 (x32 Version: 11.00.0000 - Lexware) Hidden
Quicken DELUXE Jubiläumsversion (HKLM-x32\...\{A907A713-DA24-4352-8786-96C7A6944646}) (Version: 20.36.00.0134 - Haufe-Lexware GmbH & Co.KG)
Quicken Import Export Server Jubiläumsversion (HKLM-x32\...\{7FE9F5F5-8C9B-49F2-989C-BD885BD79B8D}) (Version: 20.30.00.0099 - Haufe-Lexware GmbH & Co.KG)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Richtig_Kontieren_von_A_Z (HKLM-x32\...\{83F8B710-715B-47B6-AD4D-036280EC269B}) (Version: 16.0.0.0 - Haufe-Lexware GmbH & Co. KG)
RICOH Media Driver (HKLM-x32\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.14.00.05 - RICOH)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SDK (x32 Version: 2.26.012 - Portrait Displays, Inc.) Hidden
Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sigma Data Center 3.2 (HKLM-x32\...\Sigma Data Center3.2) (Version: 3.2 - Sigma Elektro GmbH)
Sigma Data Center 3.3 (HKLM-x32\...\Sigma Data Center3.3) (Version: 3.3 - Sigma Elektro GmbH)
SketchUp 2014 (HKLM-x32\...\{D71C0CA7-A245-4CB7-A958-7DB3377602AE}) (Version: 14.0.4900 - Trimble Navigation Limited)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartTools Publishing • Word Falz & Lochmarken-Assistent (HKLM-x32\...\SmartToolsFalz & Lochmarken-Assistentv7.00) (Version: v7.00 - SmartTools Publishing)
SmartTools Publishing • Word Sonderzeichen-Assistent (HKLM-x32\...\SmartToolsSonderzeichen-Assistentv2.00) (Version: v2.00 - SmartTools Publishing)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Softi FreeOCR (HKLM-x32\...\{ABBACAD2-4DAF-490E-932B-E330B33FCF98}) (Version: 2.6.0 - Softi Software)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 28.1.86200 - Sonos, Inc.)
Sony Ericsson Update Service (HKLM-x32\...\Update Service) (Version: 2.11.5.6 - Sony Ericsson Mobile Communications AB)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.9.201406230908 - Sony Mobile Communications AB)
Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steuer-Spar-Erklärung 2009 (HKLM-x32\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.01.0000 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2010 (HKLM-x32\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.15 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.18 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.28.138 - Akademische Arbeitsgemeinschaft)
Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version:  - )
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{4DF1691E-8012-4E7C-89CF-3F7B9146DA6E}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.12979 - TeamViewer)
Theft Recovery (HKLM-x32\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 5.1.0.21 - Hewlett-Packard)
Theft Recovery (x32 Version: 5.1.0.21 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Trader Workstation 4.0 (HKLM-x32\...\Trader Workstation 4.0) (Version:  - )
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.73 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.245 - TuneUp Software) Hidden
TZ-EasyBuch Start  (HKLM-x32\...\TZ-EasyBuch Start) (Version:  - Thomas Zeh)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Validity Fingerprint Driver (HKLM\...\{DD966CEF-5EA9-4BA2-B210-490FEBC27EA7}) (Version: 4.0.15.0 - Validity Sensors, Inc.)
VCDS PCI 11.11 (HKLM-x32\...\VCDS PCI) (Version: PCI 11.11 - PCI Diagnosetechnik GmbH & Co. KG)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Vim 7.3 (self-installing) (HKLM\...\Vim 7.3) (Version:  - )
Vodafone Mobile Broadband (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.1.108.29105 - Vodafone)
vtiger CRM Office Plug-in 5.0.4 (HKLM-x32\...\{194D92D9-8A52-4C0D-8C3F-0D12B0DE28D7}) (Version:  - )
vtiger CRM Outlook plugin 2.1 (64-bit) (HKLM\...\vtiger CRM Outlook plugin 2.1 (64-bit)) (Version:  - Vtiger)
WD Discovery (HKLM-x32\...\{A80AE043-EF68-4B64-9C6F-088405FED315}) (Version: 102.0.1.10 - Western Digital Technologies, Inc.)
WD My Cloud (HKLM\...\{8F19C800-80A5-4636-B560-39A58112D45B}) (Version: 1.0.4.37 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{BE1B25F9-5A51-4DB8-81FA-CE0CABC14D07}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{FECF90E3-FDEA-4A87-8A06-2683388C69C4}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{647175e1-9944-4a82-bac1-102c95f0a99a}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WEB.DE Club SmartFax (HKLM-x32\...\WEB.DE Club SmartFax) (Version: 2.00.235 - 1&1 Mail & Media GmbH)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wertpapieranalyse 2011 (HKLM-x32\...\{F625701A-E55C-47B4-8FC0-52B4FFE306BB}) (Version: 1.00.0003 - Haufe-Lexware GmbH & Co. KG)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\2DC0AA065FA83047D7ECD51C7000C1620D79A4C5) (Version: 02/17/2009 2.04.16 - FTDI)
Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\51A4D522DD31538335EF5736F0E7F588C70BCB12) (Version: 02/17/2009 2.04.16 - FTDI)
Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02) (HKLM\...\F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443) (Version: 06/16/2010 2.06.02 - Ross-Tech)
Windows-Treiberpaket - SIGMA Elektro GmbH (usbser) Ports  (04/27/2012 5.1.2600.5512) (HKLM\...\DCCAC4C88E429408A2DDF8C0C5BAEB9187FA5713) (Version: 04/27/2012 5.1.2600.5512 - SIGMA Elektro GmbH)
WinRAR 5.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
XAMPP 1.7.1 (HKLM-x32\...\xampp) (Version:  - )
XBRL Tool (HKLM-x32\...\{53A2399A-7ECE-4717-9CD0-1C57FD35BBCA}) (Version: 1.9.0 - ITA Systemhaus GmbH)
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
XMLmind XML Editor Personal Edition 4.6.0 (2010-05-31) (HKLM-x32\...\XMLmind XML Editor_is1) (Version: 4.6.0 - XMLmind)
XMLServiceToolV2 (HKLM-x32\...\{0F72FEF7-6E87-49C5-AB0E-FBAFD0E00EF2}) (Version: 2.0.0 - Bundesanzeiger)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

12-04-2015 13:47:51 Removed PDF Architect
13-04-2015 11:48:42 Windows-Sicherung
13-04-2015 16:55:42 Removed WD My Cloud
13-04-2015 18:12:30 Installed WD Discovery
13-04-2015 18:19:39 WD SmartWare Installer
16-04-2015 09:15:07 Windows Update
16-04-2015 09:45:53 Installed Sonos Controller.
16-04-2015 11:31:08 Windows Update
19-04-2015 10:21:53 Windows Update
19-04-2015 15:43:56 Windows Update
19-04-2015 19:13:11 Windows-Sicherung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-04-19 13:30 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {001933A8-3016-4963-8B69-09B00BD41833} - \Plus-HD-3.8-codedownloader No Task File <==== ATTENTION
Task: {06283FF5-567C-4E7B-902F-4E7A84945D32} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {08498D11-C830-45A6-80E4-B08EC8116490} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {1900BDE0-6E60-458D-9BBD-788CDBC6BE8A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {1BF7F865-DFC4-4BB9-84D0-95A54C4FDCD3} - System32\Tasks\{405953F1-54EC-4820-B1B7-CB52898624C4} => pcalua.exe -a C:\Users\kami\Downloads\USBDrivers_23.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {1CDAC75A-A1BB-4D04-9630-64A18F451B58} - System32\Tasks\GoogleUpdateTaskMachineUA1cfffdf66526ee7 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {1D3A14F6-6594-4D40-A055-303C7DBB67DE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {41DDAF3D-7352-4F37-8E87-8CB214F157FC} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {47811B2F-2343-4CB2-9140-C3E42AD7C1FE} - \Plus-HD-3.8-firefoxinstaller No Task File <==== ATTENTION
Task: {4872684A-CC41-4E96-90EE-23B6B7C308FE} - System32\Tasks\{F6F71C2E-4C20-44B7-9DDD-C0E18F922370} => pcalua.exe -a C:\Users\kami\Downloads\jxpiinstall.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {499D170C-5FEB-4231-8DEE-23C591D5D5D8} - \Plus-HD-3.8-chromeinstaller No Task File <==== ATTENTION
Task: {529BD07D-ACE0-4638-AA71-CA5A93B28ED8} - System32\Tasks\{4E98F3FB-7896-4058-BD13-823D6945B38F} => pcalua.exe -a "C:\Users\kami\Documents\My Projects\Zyste\Kiefer-CT\DV31\DE_DE\SETUPW2K.EXE" -d "C:\Users\kami\Documents\My Projects\Zyste\Kiefer-CT\DV31\DE_DE"
Task: {53BD8261-DF20-4254-A0A5-09F7295623AB} - System32\Tasks\{A20C8E88-8BEE-43D1-80E4-CCA6A63FD689} => pcalua.exe -a C:\Users\kami\Downloads\zumo550_440.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {575A5CCE-D922-435E-8CE5-6B9A47BBA28B} - System32\Tasks\{7EE4D7BA-9010-475C-AD3D-4149B76B04A0} => pcalua.exe -a "C:\Program Files (x86)\ElsterFormular\bin\installationsverwaltung.exe" -d "C:\Program Files (x86)\ElsterFormular\bin" -c --zeigeDlg
Task: {60AEE8DF-D87A-424E-8D37-F357C03B19B1} - System32\Tasks\{BEE6F6BC-7E4E-4156-B456-4BC6B32E9CFC} => pcalua.exe -a C:\Users\kami\Downloads\VirtualBox-4.3.26-98988-Win.exe -d C:\Users\kami\Desktop
Task: {64EE2590-8AD0-4CF8-9776-19F80B91032C} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2011-05-10] (Hewlett-Packard)
Task: {73646A09-01DF-4BEC-8410-7A6AE7C76317} - \Plus-HD-3.8-updater No Task File <==== ATTENTION
Task: {768DF770-0874-4AAD-901E-3FEA36209A02} - System32\Tasks\{3FB10DA3-D217-4D1D-A771-73D471FA49B1} => pcalua.exe -a G:\BMW-Diagnose\LuPeDi-CD\VMware-player-4.0.1-528992.exe -d G:\BMW-Diagnose\LuPeDi-CD
Task: {76A33DD5-687B-4858-B2A4-EF9C08D5F959} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {7B8CFA59-807A-4655-9875-EEDEC70E3777} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {7F761247-E1AF-4456-9207-4A11B453F630} - System32\Tasks\{287FC240-3430-4628-A791-173374ACA4CF} => pcalua.exe -a "C:\VAIS GmbH\Equipment\Nikon Coolpix P500\F-P500-V11W.exe" -d "C:\VAIS GmbH\Equipment\Nikon Coolpix P500"
Task: {88A4FA0C-9E4A-4A24-977F-CE990BA1AA65} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8CF46AA4-9CC9-4A74-A0F9-0F9E299AA524} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A57C7A01-277D-4D15-A4BA-CA7D721817C4} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2011-07-31] (Haufe-Lexware GmbH & Co. KG)
Task: {A7218D38-69E6-4613-A538-20DD7105C023} - System32\Tasks\{046986FD-9DB1-4173-A375-483BF9D48683} => pcalua.exe -a C:\Users\kami\Downloads\HijackThis.exe -d C:\Users\kami\Desktop
Task: {B0A3A30D-AB38-4825-B792-0C4C23D2141D} - System32\Tasks\{8DD31CD2-8F7C-4809-A0DC-3D78AE6D2EBA} => pcalua.exe -a C:\Users\kami\Downloads\jxpiinstall(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {B6886E16-78D2-4BA2-80D7-69A8EB0BF45A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {B6C8C5F6-F6C7-45BA-9BFC-AF612B65BE58} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-10] (Oracle Corporation)
Task: {B7DBF47E-DC3B-42B5-ADB6-B3864C826B0B} - System32\Tasks\{D977A8D3-C6B2-4D0E-8DEA-C673B3B19161} => pcalua.exe -a C:\Users\kami\Downloads\F-P500-V11W.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {B8D3B2D9-07A9-4875-AE6E-5C18921CDCAE} - System32\Tasks\{05045DF5-9001-44CA-A8E1-54E8DB85B6F1} => pcalua.exe -a C:\Users\kami\Downloads\wrdszch.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {B8EE803A-E92F-43C6-A773-8374447A3E11} - System32\Tasks\{0F2BF6C1-C062-480F-84CD-9A531DDBA372} => pcalua.exe -a C:\LTplusCAD\LTplus.exe -d C:\LTplusCAD -c /B ltsetup.scr
Task: {BCC46F08-5CD5-42CC-9378-327BA4284D62} - System32\Tasks\{5061C3C4-0A3A-474E-918E-D32C552B168C} => pcalua.exe -a C:\Users\kami\Downloads\sp54177.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {C2FBB3EE-F010-4B3C-A201-A91F236DA2EC} - \Plus-HD-3.8-enabler No Task File <==== ATTENTION
Task: {C4A17781-6F9D-4116-8E58-1B051E5EAF86} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {C58C3221-9713-4F19-923F-50E5674D7145} - System32\Tasks\{74EF2365-0D63-4583-9BCC-2FD89228B725} => pcalua.exe -a C:\Users\kami\Downloads\LTplus_SketchUP.exe -d C:\Users\kami\Downloads
Task: {C720A7E1-77FD-4AEF-9B54-2E57F75F3D47} - System32\Tasks\{CBD9BC13-72E0-4024-900F-DB43F8C2D5BF} => C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
Task: {CFFFD4B8-026B-46E1-967C-E0B39FB0F775} - System32\Tasks\{1543AE92-FCE4-4364-A7D8-1EA7D9234B81} => pcalua.exe -a C:\Users\kami\Downloads\LTplus_SketchUP(1).exe -d C:\Users\kami\Downloads
Task: {E027C661-49DA-4A77-9278-0DBAA1B3D060} - System32\Tasks\{DE6BC2ED-4D34-4602-AE3C-3357C8C96680} => pcalua.exe -a D:\setup_vmc_lite.exe -d D:\ -c /checkApplicationPresence
Task: {E9651246-1E99-43D6-9CC2-835C1554CE73} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated)
Task: {E9BD553D-0254-4BBF-9838-026B9A4DD3D6} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG)
Task: {ED2C4FF2-1097-4757-B28C-B590AB00AB0F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {F1174B2C-0522-44F4-ACB9-C9A13ED06D3B} - System32\Tasks\HPCeeScheduleForkami => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {F75C495F-1484-4C60-AF41-CB80528A9C41} - System32\Tasks\{AD831500-7CCF-4C8A-B6EE-42468807CDEE} => pcalua.exe -a C:\Users\kami\Downloads\sp57708.exe -d C:\Users\kami\Downloads
Task: {F769D86F-0104-4FE3-9AE9-F4C5A98E43B5} - System32\Tasks\Trader Workstation Update => C:\Jts\WiseUpdt.exe [2006-11-08] ()
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1cfffdf66526ee7.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForkami.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-07-18 23:04 - 2011-07-18 23:04 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2015-03-13 15:54 - 2015-03-13 15:54 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2013-08-23 00:29 - 2006-02-23 11:35 - 00020480 _____ () C:\windows\System32\FritzColorPort64.dll
2013-08-23 00:29 - 2006-02-22 10:39 - 00020480 _____ () C:\windows\System32\FritzPort64.dll
2012-07-03 11:51 - 2011-04-02 16:05 - 00290304 _____ () C:\windows\System32\HP1100LM.DLL
2012-07-03 11:53 - 2011-04-02 16:04 - 00074240 _____ () C:\windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\kami\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken 2004 Zahlungserinnerung.lnk => C:\windows\pss\Quicken 2004 Zahlungserinnerung.lnk.CommonStartup
MSCONFIG\startupreg: Iminent => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
MSCONFIG\startupreg: IminentMessenger => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background

==================== Accounts: =============================

Administrator (S-1-5-21-2479338598-3314396831-1710804073-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-2479338598-3314396831-1710804073-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2479338598-3314396831-1710804073-1004 - Limited - Enabled)
Hotel (S-1-5-21-2479338598-3314396831-1710804073-1007 - Limited - Enabled) => C:\Users\Hotel
kami (S-1-5-21-2479338598-3314396831-1710804073-1003 - Administrator - Enabled) => C:\Users\kami
RF (S-1-5-21-2479338598-3314396831-1710804073-1005 - Limited - Enabled) => C:\Users\RF
Sonos (S-1-5-21-2479338598-3314396831-1710804073-1016 - Limited - Enabled)
Vais (S-1-5-21-2479338598-3314396831-1710804073-1006 - Administrator - Enabled) => C:\Users\Vais

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/19/2015 10:37:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (04/19/2015 10:37:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (04/19/2015 10:37:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (04/19/2015 07:32:34 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Auf diesem Laufwerk ist nicht genügend Speicherplatz zum Speichern der Sicherung verfügbar. Löschen Sie ältere Sicherungen und nicht benötigte Daten, um Speicherplatz freizugeben, oder ändern Sie die Sicherungseinstellungen. (0x81000005)"

Error: (04/19/2015 07:08:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (04/19/2015 07:08:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (04/19/2015 07:08:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (04/19/2015 07:02:49 PM) (Source: VmbService) (EventID: 0) (User: )
Description: GetLoggedOnUser

Error: (04/19/2015 11:20:54 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (04/19/2015 10:11:25 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.


System errors:
=============
Error: (04/19/2015 11:35:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126

Error: (04/19/2015 11:34:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/19/2015 11:34:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management & Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/19/2015 11:34:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HP Support Assistant Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/19/2015 11:34:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Power Assistant Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/19/2015 11:34:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/19/2015 11:34:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Software Framework Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/19/2015 11:34:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Connection Manager Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/19/2015 11:34:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "WD Backup" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/19/2015 11:34:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Vodafone-Mobile-Broadband-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================

M-K-D-B 20.04.2015 14:04
Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
CloseProcesses:
Task: {001933A8-3016-4963-8B69-09B00BD41833} - \Plus-HD-3.8-codedownloader No Task File <==== ATTENTION
Task: {47811B2F-2343-4CB2-9140-C3E42AD7C1FE} - \Plus-HD-3.8-firefoxinstaller No Task File <==== ATTENTION
Task: {499D170C-5FEB-4231-8DEE-23C591D5D5D8} - \Plus-HD-3.8-chromeinstaller No Task File <==== ATTENTION
Task: {73646A09-01DF-4BEC-8410-7A6AE7C76317} - \Plus-HD-3.8-updater No Task File <==== ATTENTION
Task: {C2FBB3EE-F010-4B3C-A201-A91F236DA2EC} - \Plus-HD-3.8-enabler No Task File <==== ATTENTION
Task: {BCC46F08-5CD5-42CC-9378-327BA4284D62} - System32\Tasks\{5061C3C4-0A3A-474E-918E-D32C552B168C} => pcalua.exe -a C:\Users\kami\Downloads\sp54177.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {B8D3B2D9-07A9-4875-AE6E-5C18921CDCAE} - System32\Tasks\{05045DF5-9001-44CA-A8E1-54E8DB85B6F1} => pcalua.exe -a C:\Users\kami\Downloads\wrdszch.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {B7DBF47E-DC3B-42B5-ADB6-B3864C826B0B} - System32\Tasks\{D977A8D3-C6B2-4D0E-8DEA-C673B3B19161} => pcalua.exe -a C:\Users\kami\Downloads\F-P500-V11W.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {B0A3A30D-AB38-4825-B792-0C4C23D2141D} - System32\Tasks\{8DD31CD2-8F7C-4809-A0DC-3D78AE6D2EBA} => pcalua.exe -a C:\Users\kami\Downloads\jxpiinstall(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A7218D38-69E6-4613-A538-20DD7105C023} - System32\Tasks\{046986FD-9DB1-4173-A375-483BF9D48683} => pcalua.exe -a C:\Users\kami\Downloads\HijackThis.exe -d C:\Users\kami\Desktop
Task: {B0A3A30D-AB38-4825-B792-0C4C23D2141D} - System32\Tasks\{8DD31CD2-8F7C-4809-A0DC-3D78AE6D2EBA} => pcalua.exe -a C:\Users\kami\Downloads\jxpiinstall(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
RemoveProxy:
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    :regfind
    Spigot
    Cain
    yellow cabs
    Elex-tech
    Elex tech
    iSafe
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.







Schritt 3
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.




Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von SystemLook,
  • die beiden neuen Logdateien von FRST.

NoMW! 20.04.2015 18:19
Hallo Matthias,

ein großer Erfolg hat sich bereits eingestellt: die nervenden Werbefenster poppen nicht mehr hoch. :daumenhoc
Meine Stimmung ist wieder im positiven Bereich.

Der Neustart beim Schritt 1 ist beim Willkommen-Fenster hängen geblieben. Erzwungener nochmaliger Neustart war dann erfolgreich.

Schritt 1:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-04-2015 01
Ran by kami at 2015-04-20 18:42:15 Run:1
Running from C:\Users\kami\Desktop
Loaded Profiles: kami (Available profiles: kami & RF & Vais & Hotel & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
Task: {001933A8-3016-4963-8B69-09B00BD41833} - \Plus-HD-3.8-codedownloader No Task File <==== ATTENTION
Task: {47811B2F-2343-4CB2-9140-C3E42AD7C1FE} - \Plus-HD-3.8-firefoxinstaller No Task File <==== ATTENTION
Task: {499D170C-5FEB-4231-8DEE-23C591D5D5D8} - \Plus-HD-3.8-chromeinstaller No Task File <==== ATTENTION
Task: {73646A09-01DF-4BEC-8410-7A6AE7C76317} - \Plus-HD-3.8-updater No Task File <==== ATTENTION
Task: {C2FBB3EE-F010-4B3C-A201-A91F236DA2EC} - \Plus-HD-3.8-enabler No Task File <==== ATTENTION
Task: {BCC46F08-5CD5-42CC-9378-327BA4284D62} - System32\Tasks\{5061C3C4-0A3A-474E-918E-D32C552B168C} => pcalua.exe -a C:\Users\kami\Downloads\sp54177.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {B8D3B2D9-07A9-4875-AE6E-5C18921CDCAE} - System32\Tasks\{05045DF5-9001-44CA-A8E1-54E8DB85B6F1} => pcalua.exe -a C:\Users\kami\Downloads\wrdszch.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {B7DBF47E-DC3B-42B5-ADB6-B3864C826B0B} - System32\Tasks\{D977A8D3-C6B2-4D0E-8DEA-C673B3B19161} => pcalua.exe -a C:\Users\kami\Downloads\F-P500-V11W.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {B0A3A30D-AB38-4825-B792-0C4C23D2141D} - System32\Tasks\{8DD31CD2-8F7C-4809-A0DC-3D78AE6D2EBA} => pcalua.exe -a C:\Users\kami\Downloads\jxpiinstall(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A7218D38-69E6-4613-A538-20DD7105C023} - System32\Tasks\{046986FD-9DB1-4173-A375-483BF9D48683} => pcalua.exe -a C:\Users\kami\Downloads\HijackThis.exe -d C:\Users\kami\Desktop
Task: {B0A3A30D-AB38-4825-B792-0C4C23D2141D} - System32\Tasks\{8DD31CD2-8F7C-4809-A0DC-3D78AE6D2EBA} => pcalua.exe -a C:\Users\kami\Downloads\jxpiinstall(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
RemoveProxy:
EmptyTemp:
end
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{001933A8-3016-4963-8B69-09B00BD41833}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{001933A8-3016-4963-8B69-09B00BD41833}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-codedownloader" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{47811B2F-2343-4CB2-9140-C3E42AD7C1FE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47811B2F-2343-4CB2-9140-C3E42AD7C1FE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-firefoxinstaller" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{499D170C-5FEB-4231-8DEE-23C591D5D5D8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{499D170C-5FEB-4231-8DEE-23C591D5D5D8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-chromeinstaller" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{73646A09-01DF-4BEC-8410-7A6AE7C76317}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73646A09-01DF-4BEC-8410-7A6AE7C76317}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C2FBB3EE-F010-4B3C-A201-A91F236DA2EC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2FBB3EE-F010-4B3C-A201-A91F236DA2EC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-enabler" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BCC46F08-5CD5-42CC-9378-327BA4284D62}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCC46F08-5CD5-42CC-9378-327BA4284D62}" => Key deleted successfully.
C:\Windows\System32\Tasks\{5061C3C4-0A3A-474E-918E-D32C552B168C} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5061C3C4-0A3A-474E-918E-D32C552B168C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8D3B2D9-07A9-4875-AE6E-5C18921CDCAE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8D3B2D9-07A9-4875-AE6E-5C18921CDCAE}" => Key deleted successfully.
C:\Windows\System32\Tasks\{05045DF5-9001-44CA-A8E1-54E8DB85B6F1} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{05045DF5-9001-44CA-A8E1-54E8DB85B6F1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7DBF47E-DC3B-42B5-ADB6-B3864C826B0B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7DBF47E-DC3B-42B5-ADB6-B3864C826B0B}" => Key deleted successfully.
C:\Windows\System32\Tasks\{D977A8D3-C6B2-4D0E-8DEA-C673B3B19161} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D977A8D3-C6B2-4D0E-8DEA-C673B3B19161}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0A3A30D-AB38-4825-B792-0C4C23D2141D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0A3A30D-AB38-4825-B792-0C4C23D2141D}" => Key deleted successfully.
C:\Windows\System32\Tasks\{8DD31CD2-8F7C-4809-A0DC-3D78AE6D2EBA} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8DD31CD2-8F7C-4809-A0DC-3D78AE6D2EBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7218D38-69E6-4613-A538-20DD7105C023}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7218D38-69E6-4613-A538-20DD7105C023}" => Key deleted successfully.
C:\Windows\System32\Tasks\{046986FD-9DB1-4173-A375-483BF9D48683} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{046986FD-9DB1-4173-A375-483BF9D48683}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0A3A30D-AB38-4825-B792-0C4C23D2141D} => Key not found.
C:\Windows\System32\Tasks\{8DD31CD2-8F7C-4809-A0DC-3D78AE6D2EBA} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8DD31CD2-8F7C-4809-A0DC-3D78AE6D2EBA} => Key not found.

========= RemoveProxy: =========

"HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.


========= End of RemoveProxy: =========

EmptyTemp: => Removed 550.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog 18:45:00 ====
Schritt 2:

Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 19:05 on 20/04/2015 by kami
Administrator - Elevation successful

========== regfind ==========

Searching for "Spigot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\06946EE3856F0BA47BA1B7663EB31F8A]
"2AF9375644402BA45B8978426035E9DB"="C:\Program Files (x86)\Common Files\Spigot\wtxpcom\chrome\content\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\11668D9C06DD0A64689920C3E9AA8BF6]
"2AF9375644402BA45B8978426035E9DB"="C?\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5BB8B2DE8E6BEBB47BBC322B82D20DF9]
"2AF9375644402BA45B8978426035E9DB"="C:\Program Files (x86)\Common Files\Spigot\wtxpcom\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3157AA407841454BB0C9BE8D1982BC9]
"2AF9375644402BA45B8978426035E9DB"="C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AF9375644402BA45B8978426035E9DB\InstallProperties]
"Publisher"="Spigot, Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{65739FA2-0444-4AB2-B598-872406539EBD}]
"Publisher"="Spigot, Inc."

Searching for "Cain"
[HKEY_CURRENT_USER\Software\Cain]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList]
"f"="Cain.exe"
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.1.7601.17592 (win7sp1_gdr.110408-1631)\ComponentFamilies\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_none_bf993fad7a9f1adb\f256!wicainventory.exe]
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Cain]
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList]
"f"="Cain.exe"

Searching for "yellow cabs"
No data found.

Searching for "Elex-tech"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\iSafeRKScan]
"Icon"="C:\Program Files (x86)\Elex-tech\YAC\iStart.exe,-109"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\iSafeRKScan\command]
@=""C:\Program Files (x86)\Elex-tech\YAC\iStart.exe" -iSafeRightKeyShell -isafeRKShell_opt=isafeRKShell_opt_deepclean -isafeRKShell_executorPath="C:\Program Files (x86)\Elex-tech\YAC\iSafe.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\iSafeKrnlBoot]
"ProgramPath"="C:\Program Files (x86)\Elex-tech\YAC"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\iSafeKrnlBoot]
"ProgramPath"="C:\Program Files (x86)\Elex-tech\YAC"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot]
"ProgramPath"="C:\Program Files (x86)\Elex-tech\YAC"

Searching for "Elex tech"
No data found.

Searching for "iSafe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\isafeantivir.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\isafeantivir.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\iSafeRKScan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\iSafeRKScan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\iSafeRKScan\command]
@=""C:\Program Files (x86)\Elex-tech\YAC\iStart.exe" -iSafeRightKeyShell -isafeRKShell_opt=isafeRKShell_opt_deepclean -isafeRKShell_executorPath="C:\Program Files (x86)\Elex-tech\YAC\iSafe.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\iSafeRKScan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\iSafeRKScan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{03C3860D-86B7-4F36-924C-3B1AD93B4C79}]
@="ISafeReportItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0A95BE2D-1543-46BE-AD6D-18653034BF87}]
@="ISafeMailItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3120A5E4-552D-4EDF-8C48-70C5D5FF22D2}]
@="ISafeContactItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{31CE2164-4D5C-4508-BCA7-B10E11D08E6B}]
@="ISafeMAPIFolder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35EFAD55-134A-47BF-912A-44A9D9FD556F}]
@="ISafeAppointmentItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C61669E-F0CE-4126-B365-316588E6228F}]
@="ISafeRecipient"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6A5D680A-8F9F-4752-A056-2C0273F60B4E}]
@="ISafePostItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E4C6020-2932-4DDD-BDA8-998AE4CDF50D}]
@="ISafeInspector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CACB61E0-AEEA-404D-88E1-7F3BCA8B8726}]
@="ISafeRecipients"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CD5B9523-6EAF-4D63-8FE8-C081C51D1673}]
@="ISafeTable"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D7E6FB7C-A22F-4A9D-A89D-653D1AA37324}]
@="ISafeCurrentUser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D80AC53D-E102-4A55-A265-529A626515E5}]
@="ISafeItems"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DBCAD616-BFD4-4C72-8D87-C5926921D378}]
@="_ISafeItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3EC74BB-5522-462D-A00F-2728C53FCA04}]
@="ISafeJournalItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EBB4EBA9-D546-4C85-A05A-167BF875FB83}]
@="ISafeDistList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F7919641-3978-4668-8388-7310329C800E}]
@="ISafeMeetingItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F961CE9D-AE2B-4CFB-887C-3A055FF685C9}]
@="ISafeTaskItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\iSafeRKScan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{03C3860D-86B7-4F36-924C-3B1AD93B4C79}]
@="ISafeReportItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0A95BE2D-1543-46BE-AD6D-18653034BF87}]
@="ISafeMailItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3120A5E4-552D-4EDF-8C48-70C5D5FF22D2}]
@="ISafeContactItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31CE2164-4D5C-4508-BCA7-B10E11D08E6B}]
@="ISafeMAPIFolder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{35EFAD55-134A-47BF-912A-44A9D9FD556F}]
@="ISafeAppointmentItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5C61669E-F0CE-4126-B365-316588E6228F}]
@="ISafeRecipient"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6A5D680A-8F9F-4752-A056-2C0273F60B4E}]
@="ISafePostItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6E4C6020-2932-4DDD-BDA8-998AE4CDF50D}]
@="ISafeInspector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CACB61E0-AEEA-404D-88E1-7F3BCA8B8726}]
@="ISafeRecipients"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CD5B9523-6EAF-4D63-8FE8-C081C51D1673}]
@="ISafeTable"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D7E6FB7C-A22F-4A9D-A89D-653D1AA37324}]
@="ISafeCurrentUser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D80AC53D-E102-4A55-A265-529A626515E5}]
@="ISafeItems"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DBCAD616-BFD4-4C72-8D87-C5926921D378}]
@="_ISafeItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3EC74BB-5522-462D-A00F-2728C53FCA04}]
@="ISafeJournalItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EBB4EBA9-D546-4C85-A05A-167BF875FB83}]
@="ISafeDistList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F7919641-3978-4668-8388-7310329C800E}]
@="ISafeMeetingItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F961CE9D-AE2B-4CFB-887C-3A055FF685C9}]
@="ISafeTaskItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\isafeantivir.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\isafeantivir.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\isafeantivir.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\isafeantivir.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{03C3860D-86B7-4F36-924C-3B1AD93B4C79}]
@="ISafeReportItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{0A95BE2D-1543-46BE-AD6D-18653034BF87}]
@="ISafeMailItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{3120A5E4-552D-4EDF-8C48-70C5D5FF22D2}]
@="ISafeContactItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{31CE2164-4D5C-4508-BCA7-B10E11D08E6B}]
@="ISafeMAPIFolder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{35EFAD55-134A-47BF-912A-44A9D9FD556F}]
@="ISafeAppointmentItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{5C61669E-F0CE-4126-B365-316588E6228F}]
@="ISafeRecipient"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{6A5D680A-8F9F-4752-A056-2C0273F60B4E}]
@="ISafePostItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{6E4C6020-2932-4DDD-BDA8-998AE4CDF50D}]
@="ISafeInspector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{CACB61E0-AEEA-404D-88E1-7F3BCA8B8726}]
@="ISafeRecipients"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{CD5B9523-6EAF-4D63-8FE8-C081C51D1673}]
@="ISafeTable"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{D7E6FB7C-A22F-4A9D-A89D-653D1AA37324}]
@="ISafeCurrentUser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{D80AC53D-E102-4A55-A265-529A626515E5}]
@="ISafeItems"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{DBCAD616-BFD4-4C72-8D87-C5926921D378}]
@="_ISafeItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{E3EC74BB-5522-462D-A00F-2728C53FCA04}]
@="ISafeJournalItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{EBB4EBA9-D546-4C85-A05A-167BF875FB83}]
@="ISafeDistList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{F7919641-3978-4668-8388-7310329C800E}]
@="ISafeMeetingItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{F961CE9D-AE2B-4CFB-887C-3A055FF685C9}]
@="ISafeTaskItem"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\iSafeKrnlBoot]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\iSafeKrnlBoot]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\isafeantivir.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\isafeantivir.com]
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\isafeantivir.com]
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\isafeantivir.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\isafeantivir.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\isafeantivir.com]

Searching for "        "
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1323]
"Name"="&Linien          => Polylinie"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1389]
"Name"="        &Koordinatensystem drehen"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1392]
"Name"="        &Objekt-Fang (digitalisieren)"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1394]
"Name"="        &Automatische Schraffur"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1649]
"Name"="50        1/200"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1650]
"Name"="25        1/100"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1652]
"Name"="10        1/20"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1653]
"Name"="5          1/10"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1655]
"Name"="1          1/2"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1938]
"Name"="  Objekt          => BKS"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1939]
"Name"="  Ansicht        => BKS"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-2279]
"Name"="  &Polare            @ d < w"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-2399]
"Name"="        &Koordinatensystem drehen"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-2402]
"Name"="        &Objekt-Fang (digitalisieren)"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-2404]
"Name"="        &Automatische Schraffur"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-2544]
"Name"="&Abbruch          ^C"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-79]
"Name"="  &Polare            @ d < w"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Softonic\Softonic\iestrg]
"irh_settings"="{"ID":50,"PROGRAM_NAME":"Softonic new widget","Domain":"softonic                                          ","MERCHANTS_MARKETPLACE":2,"SHOW_STRIPS":1,"ALERT_MESSAGES":1,"WELCOME_PAGE":1,"UI_JS_URL":"hxxp://cdn.donation-tools.org/Strip/1_irobinhoodscript_V21.js","LANDING_URL":"hxxp://softonic.donation-tools.org/landing/SoftonicShop.aspx","SHORT_MENU":1,"HOMEPAGE_URL":"hxxp://softonic.donation-tools.org/landing/SoftonicIndex.aspx","CAUSE_STATS_URL":null,"MY_STATS_URL":null,"HOW_IT_WORKS_URL":"hxxp://softonic.donation-tools.org/landing/SoftonicHowItWorks.aspx","INVITE_URL":"hxxp://softonic.donation-tools.org/landing/SoftonicInvite.aspx","CHARITY_URL":"hxxp://softonic.donation-tools.org/landing/CharityList.aspx","SHOP_URL":"hxxp://softonic.donation-tools.org/landing/SoftonicShop.aspx","COMM_FACTOR":0.5,"AMAZON_US":"irh-p007-20","A
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\kami\Desktop\IZArc2Go4.1.6[1].exe"="IZArc2Go 4.1.6 Setup                                        "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\kami\Downloads\Sony PC Companion_Web.exe"="                                                            "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\kami\Desktop\IZArc2Go4.1.6.exe"="IZArc2Go 4.1.6 Setup                                        "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="            <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                <InitializationParameters>                    <Param Name="PSVersion" Value="2.0"/>                </InitializationParameters>                <Resources>                    <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                        <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                        <Capability Type="Shell"/>                    </Resource>                </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{41290DB4-0C21-46ad-9A12-C40FD90E1B0B}]
"Wireless.GlobalChanged"="<?xml version="1.0"?>
<WirelessGlobalDeviceInfoOutput xmlns="schemas-hp-com.casl">
  <Output>
    <Data>
      <Capabilities>
      <NumberOfPowerSources>3</NumberOfPowerSources>
        <GlobalFeatures>
          <WWANAntenna>true</WWANAntenna>
          <GPSIncluded>true</GPSIncluded>
        </GlobalFeatures>
      </Capabilities>
      <Devices>
        <Device>
          <TechnologyType>WWAN</TechnologyType>
          <BusType>USB</BusType>
          <VendorID>03F0</VendorID>
          <DeviceID>251D</DeviceID>
          <SubVendorID>0000</SubVendorID>
          <SubSystemID>0000</SubSystemID>
          <PowerSource>2</PowerSource>
          <CurrentState>off</CurrentState>
          <LastRequestedState>
            <WMI Changed="false">on</WMI>
            <F10 Changed="false">on</F10>
            <HardwareButton Changed="false">off</Hardw
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" >                        <InitializationParameters>                            <Param Name="PSVersion" Value="2.0"/>                        </InitializationParameters>                        <Resources>                            <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                               
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Hewlett-Packard\HP Software Framework\{41290DB4-0C21-46ad-9A12-C40FD90E1B0B}]
"Wireless.GlobalChanged"="<?xml version="1.0"?>
<WirelessGlobalDeviceInfoOutput xmlns="schemas-hp-com.casl">
  <Output>
    <Data>
      <Capabilities>
      <NumberOfPowerSources>3</NumberOfPowerSources>
        <GlobalFeatures>
          <WWANAntenna>true</WWANAntenna>
          <GPSIncluded>true</GPSIncluded>
        </GlobalFeatures>
      </Capabilities>
      <Devices>
        <Device>
          <TechnologyType>WWAN</TechnologyType>
          <BusType>USB</BusType>
          <VendorID>03F0</VendorID>
          <DeviceID>251D</DeviceID>
          <SubVendorID>0000</SubVendorID>
          <SubSystemID>0000</SubSystemID>
          <PowerSource>2</PowerSource>
          <CurrentState>off</CurrentState>
          <LastRequestedState>
            <WMI Changed="false">on</WMI>
            <F10 Changed="false">on</F10>
            <HardwareButton Changed="false
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_LGE&PROD_MOBILE&REV_1.0#355850045276614&1#]
"DeviceDesc"="mobile          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_PMAP#FC0051A33343B893&0#]
"DeviceDesc"="Cruzer          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0404\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0404\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0404\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0404\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0404\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0404\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0404\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0404\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0404\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0404\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0404\White_Balance_Mode]
"00000000"="                «Ç¤º"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0404\White_Balance_Mode]
"01000001"="                «Ç¥~"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0404\White_Balance_Mode]
"02000002"="              ¿Ã¥ú¿O"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0404\White_Balance_Mode]
"03010000"="¬õ                                                ÂÅ"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0407\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0407\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0407\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0407\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0407\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0407\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0407\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0407\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0407\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0407\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0407\White_Balance_Mode]
"03010000"="Rot                                              Blau"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0409\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0409\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0409\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0409\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0409\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0409\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0409\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0409\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0409\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0409\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0409\White_Balance_Mode]
"03010000"="Red                                              Blue"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\040c\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\040c\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\040c\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\040c\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\040c\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\040c\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\040c\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\040c\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\040c\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\040c\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\040c\White_Balance_Mode]
"03010000"="Rouge                                              Bleu"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0411\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0411\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0411\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0411\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0411\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0411\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0411\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0411\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0411\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0411\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0411\White_Balance_Mode]
"03010000"="Ô                                              Â"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0804\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0804\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0804\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0804\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0804\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0804\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0804\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0804\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0804\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0804\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0804\White_Balance_Mode]
"03010000"="ºì                                              À¶"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_LGE&PROD_MOBILE&REV_1.0#355850045276614&1#]
"DeviceDesc"="mobile          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_PMAP#FC0051A33343B893&0#]
"DeviceDesc"="Cruzer          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0404\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0404\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0404\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0404\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0404\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0404\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0404\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0404\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0404\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0404\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0404\White_Balance_Mode]
"00000000"="                «Ç¤º"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0404\White_Balance_Mode]
"01000001"="                «Ç¥~"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0404\White_Balance_Mode]
"02000002"="              ¿Ã¥ú¿O"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0404\White_Balance_Mode]
"03010000"="¬õ                                                ÂÅ"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0407\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0407\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0407\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0407\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0407\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0407\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0407\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0407\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0407\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0407\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0407\White_Balance_Mode]
"03010000"="Rot                                              Blau"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0409\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0409\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0409\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0409\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0409\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0409\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0409\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0409\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0409\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0409\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0409\White_Balance_Mode]
"03010000"="Red                                              Blue"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\040c\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\040c\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\040c\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\040c\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\040c\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\040c\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\040c\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\040c\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\040c\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\040c\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\040c\White_Balance_Mode]
"03010000"="Rouge                                              Bleu"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0411\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0411\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0411\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0411\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0411\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0411\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0411\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0411\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0411\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0411\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0411\White_Balance_Mode]
"03010000"="Ô                                              Â"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0804\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0804\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0804\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0804\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0804\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0804\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0804\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0804\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0804\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0804\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0804\White_Balance_Mode]
"03010000"="ºì                                              À¶"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_LGE&PROD_MOBILE&REV_1.0#355850045276614&1#]
"DeviceDesc"="mobile          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_PMAP#FC0051A33343B893&0#]
"DeviceDesc"="Cruzer          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0404\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0404\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0404\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0404\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0404\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0404\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0404\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0404\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0404\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0404\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0404\White_Balance_Mode]
"00000000"="                «Ç¤º"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0404\White_Balance_Mode]
"01000001"="                «Ç¥~"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0404\White_Balance_Mode]
"02000002"="              ¿Ã¥ú¿O"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0404\White_Balance_Mode]
"03010000"="¬õ                                                ÂÅ"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0407\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0407\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0407\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0407\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0407\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0407\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0407\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0407\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0407\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0407\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0407\White_Balance_Mode]
"03010000"="Rot                                              Blau"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0409\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0409\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0409\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0409\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0409\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0409\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0409\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0409\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0409\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0409\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0409\White_Balance_Mode]
"03010000"="Red                                              Blue"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\040c\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\040c\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\040c\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\040c\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\040c\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\040c\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\040c\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\040c\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\040c\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\040c\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\040c\White_Balance_Mode]
"03010000"="Rouge                                              Bleu"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0411\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0411\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0411\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0411\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0411\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0411\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0411\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0411\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0411\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0411\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0411\White_Balance_Mode]
"03010000"="Ô                                              Â"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0804\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0804\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0804\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0804\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0804\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0804\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0804\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0804\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0804\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0804\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0804\White_Balance_Mode]
"03010000"="ºì                                              À¶"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1323]
"Name"="&Linien          => Polylinie"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1389]
"Name"="        &Koordinatensystem drehen"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1392]
"Name"="        &Objekt-Fang (digitalisieren)"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1394]
"Name"="        &Automatische Schraffur"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1649]
"Name"="50        1/200"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1650]
"Name"="25        1/100"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1652]
"Name"="10        1/20"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1653]
"Name"="5          1/10"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1655]
"Name"="1          1/2"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1938]
"Name"="  Objekt          => BKS"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1939]
"Name"="  Ansicht        => BKS"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-2279]
"Name"="  &Polare            @ d < w"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-2399]
"Name"="        &Koordinatensystem drehen"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-2402]
"Name"="        &Objekt-Fang (digitalisieren)"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-2404]
"Name"="        &Automatische Schraffur"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-2544]
"Name"="&Abbruch          ^C"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-79]
"Name"="  &Polare            @ d < w"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Softonic\Softonic\iestrg]
"irh_settings"="{"ID":50,"PROGRAM_NAME":"Softonic new widget","Domain":"softonic                                          ","MERCHANTS_MARKETPLACE":2,"SHOW_STRIPS":1,"ALERT_MESSAGES":1,"WELCOME_PAGE":1,"UI_JS_URL":"hxxp://cdn.donation-tools.org/Strip/1_irobinhoodscript_V21.js","LANDING_URL":"hxxp://softonic.donation-tools.org/landing/SoftonicShop.aspx","SHORT_MENU":1,"HOMEPAGE_URL":"hxxp://softonic.donation-tools.org/landing/SoftonicIndex.aspx","CAUSE_STATS_URL":null,"MY_STATS_URL":null,"HOW_IT_WORKS_URL":"hxxp://softonic.donation-tools.org/landing/SoftonicHowItWorks.aspx","INVITE_URL":"hxxp://softonic.donation-tools.org/landing/SoftonicInvite.aspx","CHARITY_URL":"hxxp://softonic.donation-tools.org/landing/CharityList.aspx","SHOP_URL":"hxxp://softonic.donation-tools.org/landing/SoftonicShop.aspx","COMM_
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\kami\Desktop\IZArc2Go4.1.6[1].exe"="IZArc2Go 4.1.6 Setup                                        "
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\kami\Downloads\Sony PC Companion_Web.exe"="                                                            "
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\kami\Desktop\IZArc2Go4.1.6.exe"="IZArc2Go 4.1.6 Setup                                        "
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\kami\Desktop\IZArc2Go4.1.6[1].exe"="IZArc2Go 4.1.6 Setup                                        "
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\kami\Downloads\Sony PC Companion_Web.exe"="                                                            "
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\kami\Desktop\IZArc2Go4.1.6.exe"="IZArc2Go 4.1.6 Setup                                        "

-= EOF =-

NoMW! 20.04.2015 18:32
Schritt 3 FRST.txt:

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by kami (administrator) on BETA on 20-04-2015 19:21:03
Running from C:\Users\kami\Desktop
Loaded Profiles: kami (Available profiles: kami & RF & Vais & Hotel & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(C-Dilla Ltd) C:\Windows\SysWOW64\drivers\CDAC11BA.EXE
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(HP) C:\Windows\System32\HPSIsvc.exe
() C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskservice.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Haufe Mediengruppe) C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskpython.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\xampp\mysql\bin\mysqld.exe
(XIMETA, Inc.) C:\Program Files\NDAS\System\ndassvc.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Apache Software Foundation) C:\Program Files (x86)\vtigercrm-5.3.0\apache\bin\Apache.exe
() C:\Program Files (x86)\vtigercrm-5.3.0\mysql\bin\mysqld-nt.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Apache Software Foundation) C:\Program Files (x86)\vtigercrm-5.3.0\apache\bin\Apache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Smith Micro Software, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(sw4you, Siegfried Weckmann) C:\Program Files (x86)\Hardcopy\hardcopy.exe
() C:\Program Files (x86)\Sony Corporation\Image Transfer\SonyTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Program Files (x86)\Hardcopy\hcdll2_ex.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Smith Micro Software, Inc) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
() C:\Users\kami\Desktop\SystemLook_x64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3196272 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [HP Connection Manager.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe [1119048 2010-03-13] (Smith Micro Software, Inc)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-10] ()
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [1&1_1&1 Office-Drive Manager] => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE [993392 2012-09-24] (1&1 Internet AG)
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] => C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90120000-0017-0000-0000-0000000FF1CE}] => C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK [2011-02-03]
ShortcutTarget: Hardcopy.LNK -> C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Image Transfer.lnk [2011-03-29]
ShortcutTarget: Image Transfer.lnk -> C:\Program Files (x86)\Sony Corporation\Image Transfer\SonyTray.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-02-13]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Jubiläumsversion Zahlungserinnerung.lnk [2012-07-11]
ShortcutTarget: Quicken Jubiläumsversion Zahlungserinnerung.lnk -> C:\Windows\Installer\{A907A713-DA24-4352-8786-96C7A6944646}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation)
ShellIconOverlayIdentifiers: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS64.DLL [2012-09-24] (1&1 Internet AG)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS.DLL [2012-09-24] (1&1 Internet AG)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM-x32 - (No Name) - {32361cec-8645-4eea-a02e-406794b05835} - No File
SearchScopes: HKLM -> {72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2479338598-3314396831-1710804073-1003 -> {0BCB17D6-B352-4483-809A-DE0B5CD02F8F} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE0&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2479338598-3314396831-1710804073-1003 -> {72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D} URL =
SearchScopes: HKU\S-1-5-21-2479338598-3314396831-1710804073-1003 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.de/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2010-05-06] (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation)
Handler: haufereader - No CLSID Value
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{49B937D5-91CB-4C63-A626-90511A9E92EA}: [NameServer] 192.168.178.1
Tcpip\..\Interfaces\{704C1AD4-1DA1-4F83-B0A1-F0CFB199FA80}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{8951B8BC-2E91-404E-88AE-F86E28012953}: [NameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\c625zout.default
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2011-06-25] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2010-10-28] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2011-06-25] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-12-13] (Nullsoft, Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2010-12-10] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @virtools.com/3DviaPlayer -> C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll [2012-04-05] (Dassault Systèmes)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll [2010-11-01] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-10-22] (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-24]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-09-12]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-15]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon [2011-04-09]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-07-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-06-11]
FF HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\kami\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SiteAdvisor) - C:\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-08-27]
CHR Extension: (Google Wallet) - C:\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-05]
CHR HKLM-x32\...\Chrome\Extension: [jgfpelakfkbbkkdchaaaknckhoadkcbo] - C:\Program Files (x86)\Mein Gutscheincode Finder\Chrome\chrome-extension.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-04] (ActivIdentity)
R2 Apache2.2; c:\xampp\apache\bin\httpd.exe [24636 2008-12-10] (Apache Software Foundation) [File not signed]
R2 C-DillaCdaC11BA; C:\windows\SysWOW64\drivers\CDAC11BA.EXE [39936 2010-12-14] (C-Dilla Ltd) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2010-02-02] (McAfee, Inc.) [File not signed]
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-12-07] (Hewlett-Packard Ltd)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [90112 2010-06-14] (Hewlett-Packard Company) [File not signed]
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2010-02-02] (McAfee, Inc.)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [298496 2010-05-06] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HRService; C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe [71024 2012-01-11] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 McAPExe; C:\PROGRAM FILES\MCAFEE\MSC\MCAPEXE.EXE [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-10-08] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mysql; c:\xampp\mysql\bin\mysqld.exe [6562432 2009-03-16] ()
R2 ndassvc; C:\Program Files\NDAS\System\ndassvc.exe [376808 2007-06-29] (XIMETA, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 QDLService2kHP; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe [1687360 2011-04-29] (QUALCOMM, Inc.)
R2 SMManager; C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe [82760 2010-03-13] (Smith Micro Software, Inc.)
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9216 2010-12-31] (Vodafone) [File not signed]
R2 vtigercrmApache530; C:\Program Files (x86)\vtigercrm-5.3.0\apache\bin\Apache.exe [20541 2009-05-08] (Apache Software Foundation) [File not signed]
R2 vtigercrmMysql530; C:\Program Files (x86)\vtigercrm-5.3.0\mysql\my.ini [2994 2012-02-14] () [File not signed]
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-02-12] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 XAMPP; c:\xampp\service.exe [60928 2007-12-21] () [File not signed]
S2 HPSLPSVC; C:\Users\kami\AppData\Local\Temp\7zS03A3\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\lgandadb.sys [31744 2010-08-01] (Google Inc)
S3 BioNTDrv; C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\BioNTDrv.SYS [18696 2014-05-19] (Paragon Software Group)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2011-04-09] (Bytemobile, Inc.) [File not signed]
S2 CdaC15BA; C:\windows\SysWOW64\drivers\CDAC15BA.SYS [8864 2012-01-05] () [File not signed]
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [419840 2010-12-31] (Huawei Technologies Co., Ltd.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 lfsfilt; C:\Windows\System32\DRIVERS\lfsfilt.sys [339944 2007-06-29] (XIMETA, Inc.)
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.)
R0 lpx; C:\Windows\System32\DRIVERS\lpx.sys [97256 2007-06-29] (XIMETA, Inc.)
R1 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [107736 2015-03-17] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-19] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
S3 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-04] (Marvell Semiconductor, Inc.)
R3 ndasbus; C:\Windows\System32\DRIVERS\ndasbus.sys [108520 2007-06-29] (XIMETA, Inc.)
R1 ndasfat; C:\windows\system32\DRIVERS\ndasfat.sys [537064 2007-06-29] (XIMETA, Inc.)
S3 ndasscsi; C:\Windows\System32\DRIVERS\ndasscsi.sys [235496 2007-06-29] (XIMETA, Inc.)
S3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [602112 2006-11-08] (PixArt Imaging Inc.)
S3 qcfilterhp2k; C:\Windows\System32\DRIVERS\qcfilterhp2k.sys [6400 2011-04-29] (QUALCOMM Incorporated)
S3 qcombushp; C:\Windows\System32\DRIVERS\qcombushp.sys [160328 2011-04-29] (MCCI)
S3 qcusbnethp2k; C:\Windows\System32\DRIVERS\qcusbnethp2k.sys [444416 2011-04-29] (QUALCOMM Incorporated)
S3 qcusbserhp2k; C:\Windows\System32\DRIVERS\qcusbserhp2k.sys [230784 2011-04-29] (QUALCOMM Incorporated)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2010-02-02] (McAfee, Inc.)
R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2010-02-02] (McAfee, Inc.)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2010-02-02] ()
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2010-02-02] (McAfee, Inc.)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2010-02-02] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2010-02-02] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2010-02-02] (McAfee, Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-01-19] ()
R1 tcpipBM; C:\windows\system32\drivers\tcpipBM.sys [39552 2011-04-09] (Bytemobile, Inc.) [File not signed]
R1 ui11drdr; C:\Windows\System32\DRIVERS\ui11drdr.sys [201072 2012-09-24] (1&1 Internet AG)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-05-19] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-05-19] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700296 2014-05-19] ()
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-19] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-19] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-19] (LG Electronics Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 vmci; system32\DRIVERS\vmci.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-20 19:05 - 2015-04-20 19:12 - 00103906 _____ () C:\Users\kami\Desktop\SystemLook.txt
2015-04-20 19:05 - 2015-04-20 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-04-20 18:40 - 2015-04-20 18:40 - 00165376 _____ () C:\Users\kami\Desktop\SystemLook_x64.exe
2015-04-20 00:22 - 2015-04-20 00:23 - 00151030 _____ () C:\Users\kami\Desktop\Neues Textdokument.txt
2015-04-19 23:54 - 2015-04-19 23:54 - 00001866 _____ () C:\Users\kami\Desktop\JRT_1.txt
2015-04-19 23:37 - 2015-04-19 23:37 - 00001866 _____ () C:\Users\kami\Desktop\JRT.txt
2015-04-19 23:34 - 2015-04-19 23:34 - 00000207 _____ () C:\windows\tweaking.com-regbackup-BETA-Windows-7-Professional-(64-bit).dat
2015-04-19 23:34 - 2015-04-19 23:34 - 00000000 ____D () C:\RegBackup
2015-04-19 23:32 - 2015-04-19 23:32 - 00001206 _____ () C:\Users\kami\Desktop\mbam.txt
2015-04-19 22:40 - 2015-04-19 22:40 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-19 22:40 - 2015-04-19 22:40 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-19 22:40 - 2015-04-19 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-19 22:40 - 2015-04-19 22:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-19 22:40 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-04-19 22:40 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-04-19 22:40 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-04-19 22:37 - 2015-04-19 22:38 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\kami\Desktop\mbam-setup-2.1.4.1018.exe
2015-04-19 22:32 - 2015-04-19 22:32 - 00002421 _____ () C:\Users\kami\Desktop\AdwCleaner[S4].txt
2015-04-19 21:55 - 2015-04-19 21:55 - 02686254 _____ (Thisisu) C:\Users\kami\Desktop\JRT.exe
2015-04-19 19:04 - 2015-04-19 19:04 - 00000000 ____D () C:\Users\kami\AppData\Roaming\1&1
2015-04-19 19:04 - 2015-04-19 19:04 - 00000000 ____D () C:\ProgramData\1&1
2015-04-19 13:35 - 2015-04-19 13:35 - 00052136 _____ () C:\ComboFix.txt
2015-04-19 13:12 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2015-04-19 13:12 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2015-04-19 13:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-04-19 13:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-04-19 13:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-04-19 13:12 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2015-04-19 13:12 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2015-04-19 13:12 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2015-04-19 13:08 - 2015-04-19 13:36 - 00000000 ____D () C:\Qoobox
2015-04-19 13:07 - 2015-04-19 13:32 - 00000000 ____D () C:\windows\erdnt
2015-04-19 10:45 - 2015-04-19 10:45 - 02217984 _____ () C:\Users\kami\Desktop\AdwCleaner_4.201.exe
2015-04-18 18:51 - 2015-04-18 18:51 - 00000000 ____D () C:\Users\kami\Documents\ProcAlyzer Dumps
2015-04-18 18:41 - 2015-04-18 18:41 - 00059728 _____ () C:\Users\kami\Desktop\Gmer.txt
2015-04-18 18:05 - 2015-04-18 18:05 - 00092155 _____ () C:\Users\kami\Desktop\FRST_a.txt
2015-04-18 18:00 - 2015-04-20 19:20 - 00000000 ____D () C:\Users\kami\Desktop\FRST-OlderVersion
2015-04-18 17:23 - 2015-04-18 17:23 - 00380416 _____ () C:\Users\kami\Desktop\Gmer-19357.exe
2015-04-18 17:11 - 2015-04-19 23:57 - 00058080 _____ () C:\Users\kami\Desktop\Addition_1.txt
2015-04-18 17:09 - 2015-04-20 19:23 - 00034109 _____ () C:\Users\kami\Desktop\FRST.txt
2015-04-18 17:09 - 2015-04-20 19:21 - 00000000 ____D () C:\FRST
2015-04-18 17:07 - 2015-04-18 17:08 - 00000470 _____ () C:\Users\kami\Desktop\defogger_disable.log
2015-04-18 17:07 - 2015-04-18 17:07 - 00000000 _____ () C:\Users\kami\defogger_reenable
2015-04-18 17:05 - 2015-04-18 17:05 - 00050477 _____ () C:\Users\kami\Downloads\Defogger.exe
2015-04-18 12:24 - 2015-04-18 11:52 - 00450771 ____R () C:\windows\system32\Drivers\etc\hosts.20150418-122415.backup
2015-04-17 18:03 - 2015-04-17 18:03 - 00050477 _____ () C:\Users\kami\Desktop\Defogger.exe
2015-04-17 13:03 - 2015-04-20 19:20 - 02099712 _____ (Farbar) C:\Users\kami\Desktop\FRST64.exe
2015-04-17 11:08 - 2015-04-18 11:49 - 00001983 _____ () C:\Users\kami\Desktop\Malware@firefox.txt
2015-04-16 12:20 - 2015-04-20 18:59 - 00008192 _____ () C:\windows\SysWOW64\WDPABKP.dat
2015-04-16 09:47 - 2015-04-16 09:47 - 00001947 _____ () C:\Users\Public\Desktop\Sonos.lnk
2015-04-16 09:47 - 2015-04-16 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonos
2015-04-16 09:47 - 2015-04-16 09:47 - 00000000 ____D () C:\Program Files (x86)\Sonos
2015-04-16 09:34 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-04-16 09:34 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-04-16 09:34 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-04-16 09:34 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-04-16 09:34 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-04-16 09:34 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-04-16 09:34 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-04-16 09:34 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-04-16 09:34 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-04-16 09:34 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-04-16 09:34 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-04-16 09:34 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-04-16 09:34 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-04-16 09:34 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-04-16 09:34 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-04-16 09:34 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-04-16 09:34 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-04-16 09:33 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-04-16 09:33 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-04-16 09:33 - 2015-03-10 07:29 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-04-16 09:33 - 2015-03-10 07:28 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-04-16 09:33 - 2015-03-10 07:28 - 01409024 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-04-16 09:33 - 2015-03-10 07:28 - 00600576 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 19292672 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 15409152 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 02656256 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-04-16 09:33 - 2015-03-10 07:26 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-04-16 09:33 - 2015-03-10 07:26 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-04-16 09:33 - 2015-03-10 07:26 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 14373376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 02864640 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 01763328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 13767680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-04-16 09:33 - 2015-03-10 05:48 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-04-16 09:33 - 2015-03-10 05:32 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-04-16 09:33 - 2015-03-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-04-16 09:33 - 2015-03-10 05:07 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-04-16 09:33 - 2015-03-10 04:42 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2015-04-16 09:33 - 2015-03-10 04:39 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-04-16 09:33 - 2015-03-10 04:16 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2015-04-16 09:33 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2015-04-16 09:33 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2015-04-16 09:33 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\clfsw32.dll
2015-04-16 09:32 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-04-16 09:32 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-04-16 09:32 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-04-16 09:32 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-04-16 09:32 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-04-16 09:32 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-04-16 09:32 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-04-16 09:32 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-04-16 09:32 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-04-16 09:32 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-04-16 09:32 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-04-16 09:32 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-04-16 09:32 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-04-16 09:32 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-04-16 09:32 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-04-16 09:32 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-04-16 09:32 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-04-16 09:32 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-04-16 09:32 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-04-16 09:32 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-04-16 09:32 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-04-16 09:32 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-04-16 09:32 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-04-16 09:32 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-04-16 09:32 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-04-16 09:32 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-04-16 09:32 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-16 09:31 - 2015-04-18 10:46 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2015-04-16 09:30 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-04-16 09:30 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-04-16 09:30 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-04-16 09:30 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-04-16 09:29 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2015-04-16 09:01 - 2015-04-16 09:02 - 00995568 _____ () C:\windows\Minidump\041615-50325-01.dmp
2015-04-16 09:00 - 2015-04-16 09:00 - 876794833 _____ () C:\windows\MEMORY.DMP
2015-04-14 12:15 - 2015-04-14 12:15 - 00001153 _____ () C:\Users\Public\Desktop\WD My Cloud.lnk
2015-04-14 12:15 - 2015-04-14 12:15 - 00000000 ____D () C:\Users\kami\AppData\Roaming\com.wd.WDMyCloud
2015-04-14 12:14 - 2015-04-14 12:14 - 00000158 _____ () C:\Users\kami\Desktop\WD My Cloud – Öffentliche Freigabe (WCC4E2EJRERE).url
2015-04-14 12:14 - 2015-04-14 12:14 - 00000154 _____ () C:\Users\kami\Desktop\WD My Cloud-Dashboard (WCC4E2EJRERE).url
2015-04-14 12:03 - 2015-04-14 12:03 - 00000000 ____D () C:\Users\kami\AppData\Roaming\WDC
2015-04-14 12:02 - 2015-04-16 09:17 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-14 11:58 - 2015-04-14 12:00 - 00560552 _____ (Oracle Corporation) C:\Users\kami\Downloads\JavaSetup8u40.exe
2015-04-13 22:52 - 2015-04-13 22:52 - 00000000 ____D () C:\ProgramData\launcher
2015-04-13 22:21 - 2015-04-13 22:21 - 00000000 ____D () C:\ProgramData\rmbwizard
2015-04-13 19:37 - 2015-04-13 19:38 - 71601392 _____ () C:\Users\kami\Downloads\mc_windows_setup.exe
2015-04-13 19:08 - 2015-04-13 19:08 - 00000473 _____ () C:\Users\kami\Downloads\WDMyCloud-20150413-1908.conf
2015-04-13 18:29 - 2015-04-13 19:32 - 00000000 ____D () C:\Users\kami\AppData\Local\Western_Digital_Technolog
2015-04-13 18:21 - 2015-04-13 18:24 - 247429605 _____ () C:\Users\kami\Downloads\MyNetViewFull_1_0_12_0.zip
2015-04-13 18:20 - 2015-04-13 18:20 - 00000000 ____D () C:\Program Files\Western Digital
2015-04-13 18:20 - 2015-04-13 18:20 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2015-04-13 18:13 - 2015-04-14 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-04-13 18:13 - 2015-04-14 12:15 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2015-04-13 18:13 - 2015-04-13 18:13 - 00001186 _____ () C:\Users\Public\Desktop\WD Discovery.lnk
2015-04-13 16:53 - 2015-04-13 17:00 - 71601392 _____ () C:\Users\kami\Downloads\mc_windows_setup (1).exe
2015-04-13 16:12 - 2015-04-13 16:12 - 00001083 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2015-04-13 16:12 - 2015-04-13 16:12 - 00001063 _____ () C:\Users\Public\Desktop\PDF24 Fax.lnk
2015-04-13 16:12 - 2015-04-13 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-04-13 12:24 - 2015-04-13 16:12 - 00000000 ____D () C:\Program Files (x86)\PDF24
2015-04-13 11:59 - 2015-04-13 11:59 - 00001274 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk
2015-04-13 11:59 - 2015-04-13 11:59 - 00001262 _____ () C:\Users\Public\Desktop\Absolute Uninstaller.lnk
2015-04-13 11:59 - 2015-04-13 11:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2015-04-13 11:58 - 2015-04-13 11:58 - 04737952 _____ () C:\Users\kami\Downloads\ausetup5.3.1.20.exe
2015-04-13 11:58 - 2015-04-13 11:58 - 00000000 ____D () C:\Program Files (x86)\Glarysoft
2015-04-13 11:46 - 2015-04-13 11:46 - 16342352 _____ (Geek Software GmbH ) C:\Users\kami\Downloads\pdf24-creator-6.9.2 (1).exe
2015-04-12 11:34 - 2015-04-12 11:34 - 16342352 _____ (Geek Software GmbH ) C:\Users\kami\Downloads\pdf24-creator-6.9.2.exe
2015-04-11 20:08 - 2015-04-11 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour-Druckdienste
2015-04-11 20:08 - 2015-04-11 20:08 - 00000000 ____D () C:\Program Files\Bonjour Print Services
2015-04-11 20:02 - 2015-04-14 12:14 - 00000204 _____ () C:\Users\kami\Desktop\Lerncenter WD My Cloud.url
2015-04-11 20:02 - 2015-04-13 18:20 - 00000000 ____D () C:\ProgramData\Western Digital
2015-04-11 20:02 - 2015-04-11 20:02 - 00000158 _____ () C:\Users\kami\Desktop\WD My Cloud – Öffentliche Freigabe.url
2015-04-11 20:02 - 2015-04-11 20:02 - 00000154 _____ () C:\Users\kami\Desktop\WD My Cloud-Dashboard.url
2015-04-11 19:33 - 2015-04-13 18:29 - 00000000 ____D () C:\Users\kami\AppData\Local\Western Digital
2015-04-10 11:35 - 2015-04-10 11:35 - 00000000 ____D () C:\Users\kami\Neuer Ordner
2015-04-10 02:00 - 2015-04-10 02:00 - 00002331 _____ () C:\Users\Public\Desktop\Paragon Backup and Recovery™ 2014 Free.lnk
2015-04-10 02:00 - 2015-04-10 02:00 - 00002163 _____ () C:\Users\Public\Desktop\Paragon Recovery Media Builder™.lnk
2015-04-10 02:00 - 2015-04-10 02:00 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_blockmounter_01_09_00.Wdf
2015-04-10 02:00 - 2015-04-10 02:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup and Recovery™ 2014 Free
2015-04-10 01:59 - 2015-04-10 01:59 - 00000000 ____D () C:\Program Files\Paragon Software
2015-04-10 01:54 - 2015-04-10 01:54 - 00000000 ____D () C:\ProgramData\explauncher
2015-04-10 01:32 - 2015-04-10 01:52 - 417659040 _____ () C:\Users\kami\Downloads\br2014Free101.exe
2015-04-09 21:03 - 2015-04-09 21:03 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-04-09 11:46 - 2015-04-09 11:46 - 00022328 _____ () C:\Users\kami\Downloads\hijackthis.log
2015-04-09 10:51 - 2015-04-09 11:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\kami\Downloads\HijackThis.exe
2015-04-09 02:29 - 2015-04-09 02:29 - 00003432 _____ () C:\windows\System32\Tasks\Avira Browser Safety Updater Task
2015-04-09 02:29 - 2015-04-09 02:29 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-09 01:55 - 2015-04-20 19:16 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-04-09 01:55 - 2015-04-16 09:17 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-04-09 01:55 - 2015-04-16 09:17 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-09 01:55 - 2015-04-16 09:17 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-04-09 01:22 - 2015-04-19 10:01 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-04-09 01:13 - 2015-04-09 09:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-09 01:08 - 2015-04-09 01:44 - 00000000 ____D () C:\Users\kami\Entmister-SW
2015-04-08 23:55 - 2015-04-08 23:55 - 16502728 _____ (Malwarebytes Corp.) C:\Users\kami\Downloads\mbar-1.09.1.1004.exe
2015-04-08 22:25 - 2015-04-08 22:25 - 00002037 _____ () C:\Users\Public\Desktop\LightScribe.lnk
2015-04-08 22:25 - 2015-04-08 22:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2015-04-08 19:34 - 2015-04-13 18:20 - 00160620 _____ () C:\windows\DPINST.LOG
2015-04-08 19:32 - 2015-04-08 19:32 - 00002102 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-04-08 19:32 - 2015-04-08 19:32 - 00000000 ____D () C:\ProgramData\Sony
2015-04-08 19:31 - 2015-04-08 19:31 - 28579392 _____ (Sony Mobile Communications ) C:\Users\kami\Downloads\Sony PC Companion_Web.exe
2015-04-08 15:16 - 2015-04-08 15:21 - 00000000 ____D () C:\Users\kami\AppData\Roaming\Mozilla
2015-04-08 15:16 - 2015-04-08 15:16 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-08 15:16 - 2015-04-08 15:16 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-08 15:16 - 2015-04-08 15:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-08 12:50 - 2015-04-08 12:50 - 00243656 _____ () C:\Users\kami\Downloads\Firefox Setup Stub 37.0.1.exe
2015-04-08 11:29 - 2015-04-08 11:29 - 00116528 _____ () C:\Users\kami\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-08 11:15 - 2015-04-20 18:58 - 00003417 _____ () C:\windows\setupact.log
2015-04-08 11:15 - 2015-04-08 11:15 - 00000000 _____ () C:\windows\setuperr.log
2015-04-08 11:14 - 2015-04-20 09:33 - 00016172 _____ () C:\windows\PFRO.log
2015-04-08 11:14 - 2015-04-08 11:15 - 00439280 _____ () C:\windows\system32\FNTCACHE.DAT
2015-04-08 09:38 - 2015-04-08 09:38 - 00000000 ____D () C:\Users\kami\VirtualBox VMs
2015-04-08 09:30 - 2015-04-08 09:30 - 00003144 _____ () C:\windows\System32\Tasks\{BEE6F6BC-7E4E-4156-B456-4BC6B32E9CFC}
2015-04-08 09:27 - 2015-04-13 16:03 - 00000000 ____D () C:\Users\kami\.VirtualBox
2015-04-08 09:25 - 2015-04-08 09:29 - 00001036 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2015-04-08 09:25 - 2015-04-08 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-04-08 09:25 - 2015-03-16 17:36 - 00922704 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxDrv.sys
2015-04-08 09:24 - 2015-04-08 09:24 - 00000000 ____D () C:\Program Files\Oracle
2015-04-08 09:24 - 2015-03-16 17:35 - 00128592 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxUSBMon.sys
2015-04-08 02:22 - 2015-04-08 02:22 - 00000000 ____D () C:\Users\kami\AppData\Local\BVRP Software
2015-04-07 21:40 - 2009-06-10 23:00 - 00000824 _____ () C:\windows\system32\Drivers\etc\hosts.20150407-214026.backup
2015-04-07 21:16 - 2015-04-07 21:16 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2015-04-07 21:15 - 2015-04-19 19:00 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-07 21:15 - 2015-04-19 13:12 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-07 21:09 - 2015-04-07 21:14 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-07 21:09 - 2015-04-07 21:09 - 00002780 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2015-04-07 21:09 - 2015-04-07 21:09 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-07 21:09 - 2015-04-07 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-07 20:40 - 2015-04-07 20:40 - 00005684 _____ () C:\windows\system32\.crusader
2015-04-07 20:20 - 2015-04-07 20:41 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-06 13:21 - 2015-04-07 11:36 - 00000000 ____D () C:\windows\system32\log
2015-04-04 12:49 - 2015-04-04 12:49 - 00000000 ___SD () C:\windows\SysWOW64\GWX
2015-04-04 12:49 - 2015-04-04 12:49 - 00000000 ___SD () C:\windows\system32\GWX
2015-04-03 19:13 - 2015-04-03 19:13 - 00001373 _____ () C:\Users\kami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-03 17:22 - 2015-04-03 17:22 - 01400416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2015-04-03 17:22 - 2015-04-03 17:22 - 01400416 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2015-04-03 17:22 - 2015-04-03 17:22 - 01054720 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00905728 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00719360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00247296 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00232960 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00204800 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00185344 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00173568 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00150528 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00149504 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00138752 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00137216 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00125440 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00117248 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00110592 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2015-04-03 17:22 - 2015-04-03 17:22 - 00073728 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2015-04-03 17:22 - 2015-04-03 17:22 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00041984 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2015-04-03 03:31 - 2015-04-03 03:31 - 00000000 ____D () C:\Users\kami\AppData\Roaming\LavasoftStatistics
2015-04-03 03:31 - 2015-03-12 11:59 - 00373864 _____ (Lavasoft Limited) C:\windows\system32\LavasoftTcpService64.dll
2015-04-03 03:31 - 2015-03-12 11:58 - 00326288 _____ (Lavasoft Limited) C:\windows\SysWOW64\LavasoftTcpService.dll
2015-04-03 01:38 - 2015-04-03 01:38 - 00001381 _____ () C:\Users\kami\Desktop\Internet Explorer (64-bit).lnk
2015-04-02 22:12 - 2015-04-02 22:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-02 01:49 - 2015-04-02 17:18 - 00005632 _____ () C:\Users\kami\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-31 10:14 - 2015-03-31 10:14 - 00004387 _____ () C:\Users\kami\AppData\Roaming\HnmIsEN3HeBGjmHRcutCSbAF6p
2015-03-24 12:10 - 2015-04-19 23:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-20 19:08 - 2009-07-14 06:45 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-20 19:08 - 2009-07-14 06:45 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-20 19:05 - 2014-06-11 00:04 - 00001804 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2015-04-20 19:04 - 2010-11-13 17:40 - 01830054 _____ () C:\windows\WindowsUpdate.log
2015-04-20 18:59 - 2011-05-11 22:54 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-20 18:58 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-20 18:40 - 2014-11-14 09:48 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cfffdf66526ee7.job
2015-04-20 18:38 - 2010-12-07 04:02 - 00000000 ____D () C:\Users\kami\Postfach
2015-04-20 18:33 - 2011-05-11 22:54 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-19 22:37 - 2010-09-12 22:06 - 05535670 _____ () C:\windows\system32\perfh007.dat
2015-04-19 22:37 - 2010-09-12 22:06 - 01713162 _____ () C:\windows\system32\perfc007.dat
2015-04-19 22:37 - 2009-07-14 07:13 - 00006792 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-19 22:27 - 2013-12-30 15:56 - 00000000 ____D () C:\AdwCleaner
2015-04-19 13:35 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-19 13:30 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2015-04-18 18:19 - 2012-03-20 17:11 - 00000000 ____D () C:\Users\kami\AppData\Roaming\Notepad++
2015-04-18 17:07 - 2010-12-02 21:21 - 00000000 ____D () C:\Users\kami
2015-04-18 15:12 - 2010-12-26 11:56 - 00000000 ____D () C:\ProgramData\Lexware
2015-04-18 12:40 - 2014-08-18 17:35 - 00000000 ____D () C:\Users\kami\AppData\Roaming\Opera Software
2015-04-18 12:15 - 2014-06-05 15:36 - 00000000 ____D () C:\temp
2015-04-18 11:26 - 2013-02-17 14:56 - 00003180 _____ () C:\windows\System32\Tasks\HPCeeScheduleForkami
2015-04-18 11:26 - 2013-02-17 14:56 - 00000328 _____ () C:\windows\Tasks\HPCeeScheduleForkami.job
2015-04-18 01:49 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\AppCompat
2015-04-17 22:41 - 2010-12-03 03:23 - 00007620 _____ () C:\Users\kami\AppData\Local\Resmon.ResmonCfg
2015-04-17 22:38 - 2011-11-11 23:52 - 00000000 ____D () C:\ProgramData\Avanquest Bluetooth SDK
2015-04-17 18:16 - 2011-05-02 15:09 - 00000000 ____D () C:\Users\kami\Documents\Aktuell
2015-04-17 00:01 - 2011-03-22 23:08 - 00001644 _____ () C:\Users\kami\Desktop\FUS.txt
2015-04-16 23:51 - 2010-12-03 06:13 - 00000000 ____D () C:\windows\rescache
2015-04-16 12:37 - 2010-12-15 14:08 - 00000000 ____D () C:\Users\kami\Documents\Finanzen
2015-04-16 12:20 - 2009-07-27 17:04 - 00000000 ____D () C:\windows\Panther
2015-04-16 12:14 - 2014-12-11 10:22 - 00000000 ____D () C:\windows\system32\appraiser
2015-04-16 12:14 - 2014-07-09 13:10 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-04-16 11:40 - 2010-12-06 22:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-16 09:44 - 2013-08-15 11:37 - 00000000 ____D () C:\windows\system32\MRT
2015-04-16 09:34 - 2010-12-05 18:07 - 128913832 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-04-16 09:28 - 2013-10-22 21:00 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-16 09:27 - 2010-12-12 19:58 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-16 09:01 - 2012-10-10 23:49 - 00000000 ____D () C:\windows\Minidump
2015-04-14 12:01 - 2013-10-22 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-13 18:19 - 2013-03-26 12:05 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-13 17:36 - 2011-12-28 02:35 - 00000000 ____D () C:\Users\kami\AppData\Roaming\HpUpdate
2015-04-13 16:40 - 2010-09-12 22:37 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-04-13 16:32 - 2012-12-07 17:41 - 00002771 _____ () C:\Users\Public\Desktop\Lexware buchhalter.lnk
2015-04-13 16:32 - 2010-12-26 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2015-04-13 14:00 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2015-04-12 11:55 - 2011-06-21 00:16 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2015-04-12 11:37 - 2012-06-29 08:57 - 00000000 ____D () C:\Users\Hotel
2015-04-12 11:37 - 2012-01-11 18:12 - 00000000 ____D () C:\Users\Vais
2015-04-12 11:37 - 2011-11-20 12:17 - 00000000 ____D () C:\Users\Administrator
2015-04-12 11:37 - 2010-12-13 15:25 - 00000000 ____D () C:\Users\RF
2015-04-10 12:05 - 2011-10-13 10:12 - 00000000 ____D () C:\Users\kami\Documents\Bluetooth Exchange Folder
2015-04-10 03:00 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2015-04-10 01:56 - 2010-12-02 21:23 - 00000000 ____D () C:\Users\kami\AppData\Local\Downloaded Installations
2015-04-09 21:50 - 2014-12-11 17:04 - 00000000 ____D () C:\Program Files (x86)\Super Radio
2015-04-09 01:55 - 2014-08-19 13:20 - 00000000 ____D () C:\Users\kami\AppData\Local\Adobe
2015-04-08 23:27 - 2012-06-29 09:03 - 00000000 ____D () C:\Users\Hotel\AppData\Local\Mozilla
2015-04-08 23:25 - 2012-06-29 08:58 - 00000000 ___RD () C:\Users\Hotel\Virtual Machines
2015-04-08 23:24 - 2015-03-05 18:42 - 00001536 __RSH () C:\Users\Hotel\ntuser.pol
2015-04-08 23:02 - 2011-12-15 21:08 - 00113152 ___SH () C:\Users\kami\Documents\Thumbs.db
2015-04-08 19:34 - 2011-05-25 15:15 - 00000000 ____D () C:\Users\kami\AppData\Local\Sony
2015-04-08 19:32 - 2011-05-25 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-04-08 19:32 - 2011-05-25 15:03 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-04-08 19:32 - 2010-09-12 22:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-08 13:08 - 2013-05-29 20:35 - 00006256 _____ () C:\Users\kami\_viminfo
2015-04-08 09:29 - 2012-01-11 18:14 - 00116528 _____ () C:\windows\system32\GDIPFONTCACHEV1.DAT
2015-04-08 03:53 - 2013-07-08 13:46 - 00000000 ____D () C:\Users\kami\AppData\Roaming\DVDVideoSoft
2015-04-08 03:51 - 2013-08-27 23:00 - 00000000 ____D () C:\Program Files (x86)\IGC
2015-04-08 03:21 - 2014-07-07 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
2015-04-08 03:21 - 2013-10-22 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-04-08 03:21 - 2013-05-27 13:36 - 00000000 ____D () C:\Users\kami\Desktop\4Trading
2015-04-08 03:21 - 2013-05-27 13:33 - 00000000 ____D () C:\Users\kami\Desktop\4CAD
2015-04-08 03:21 - 2013-05-27 13:30 - 00000000 ____D () C:\Users\kami\Desktop\4Navi
2015-04-08 03:21 - 2011-11-01 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenEstate
2015-04-08 03:21 - 2010-12-03 03:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Interactive Brokers
2015-04-08 02:31 - 2013-03-26 17:30 - 00000000 ____D () C:\Users\kami\Documents\Garmin
2015-04-08 02:31 - 2012-06-02 12:42 - 00000000 ____D () C:\Users\kami\AppData\Local\Garmin
2015-04-08 02:31 - 2010-12-09 02:14 - 00000000 ____D () C:\Users\kami\AppData\Roaming\GARMIN
2015-04-08 02:31 - 2010-12-09 01:44 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-04-08 02:31 - 2010-12-08 23:11 - 00000000 ____D () C:\ProgramData\GARMIN
2015-04-08 02:31 - 2010-12-08 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-04-08 02:28 - 2013-02-28 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasternGraphics
2015-04-08 02:28 - 2011-01-29 11:56 - 00000000 ____D () C:\Program Files (x86)\EasternGraphics
2015-04-08 01:09 - 2010-12-10 01:41 - 00000000 ____D () C:\Users\kami\AppData\Roaming\Dropbox
2015-04-08 00:40 - 2010-12-10 01:43 - 00000000 ___RD () C:\Users\kami\Documents\My Dropbox
2015-04-08 00:13 - 2012-08-29 01:12 - 00000000 ____D () C:\Users\kami\Desktop\Alte Firefox-Daten
2015-04-07 21:40 - 2009-07-14 04:34 - 00450771 ____R () C:\windows\system32\Drivers\etc\hosts.20150418-115254.backup
2015-04-07 21:12 - 2011-11-02 21:22 - 00000000 ____D () C:\Users\kami\AppData\Roaming\FileZilla
2015-04-07 21:12 - 2011-08-27 21:49 - 00000000 ____D () C:\Users\kami\AppData\Roaming\Skype
2015-04-07 11:40 - 2014-11-09 19:16 - 00000000 ____D () C:\Program Files (x86)\MINEA
2015-04-07 11:18 - 2015-02-15 16:36 - 00000000 ___HD () C:\ProgramData\{5EE865C2-E8FF-4231-A2B8-0188FEFBCE3D}
2015-04-06 12:58 - 2014-12-11 17:08 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-04-06 12:06 - 2011-12-14 20:11 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-04-03 19:02 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-04-03 02:15 - 2013-12-14 12:10 - 00000000 ____D () C:\windows\PAC7311
2015-04-03 02:12 - 2011-11-17 01:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
2015-04-02 23:07 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\schemas
2015-04-02 22:24 - 2014-12-22 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\psynetic
2015-03-23 15:12 - 2011-11-01 11:58 - 00000000 ____D () C:\Program Files\Java

==================== Files in the root of some directories =======

2010-12-29 13:54 - 2011-06-15 19:55 - 0001854 _____ () C:\Users\kami\AppData\Roaming\GhostObjGAFix.xml
2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Users\kami\AppData\Roaming\HnmIsEN3HeBGjmHRcutCSbAF6p
2014-07-07 22:50 - 2014-07-07 22:50 - 0038444 _____ () C:\Users\kami\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
2014-07-07 22:46 - 2014-07-07 22:46 - 0038441 _____ () C:\Users\kami\AppData\Roaming\Microsoft Excel 97-2003.ADR
2015-04-02 01:49 - 2015-04-02 17:18 - 0005632 _____ () C:\Users\kami\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-08 22:13 - 2013-05-08 22:13 - 0004096 ____H () C:\Users\kami\AppData\Local\keyfile3.drm
2010-12-08 03:36 - 2010-12-08 03:50 - 0448206 _____ () C:\Users\kami\AppData\Local\MODup-Log.txt
2010-12-03 03:23 - 2015-04-17 22:41 - 0007620 _____ () C:\Users\kami\AppData\Local\Resmon.ResmonCfg
2012-12-20 00:05 - 2012-12-20 00:05 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-12-31 12:48 - 2010-12-31 12:48 - 0208552 ____R () C:\ProgramData\DeviceManager.xml.rc4
2010-12-04 12:11 - 2012-11-27 20:04 - 0017022 _____ () C:\ProgramData\hpzinstall.log
2013-01-18 03:59 - 2013-01-18 03:59 - 0000285 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-02-20 23:07 - 2013-02-20 23:07 - 0000115 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Files to move or delete:
====================
C:\Users\kami\REG4DigiFoto_Hilfedatei.reg


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

NoMW! 20.04.2015 18:33
Schritt 3 Addition.txt:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2015
Ran by kami at 2015-04-20 19:24:05
Running from C:\Users\kami\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1&1 Office-Drive Manager (HKLM-x32\...\1&1 Office-Drive Manager) (Version: 2.0.687 - 1&1 Internet AG)
3DVIA player 5.0.0.20 (HKLM-x32\...\{F06365EC-061E-48C3-B761-E1816658D618}) (Version: 5.0.20 - 3DVIA)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
ABBYY FineReader 5.0 Sprint (HKLM-x32\...\{D1696920-9794-4BBC-8A30-7A88763DE5A2}) (Version: 5.0.0.33417 - ABBYY Software House)
ABBYY FineReader 6.0 (HKLM-x32\...\{AF600F7B-67A7-48D9-BA3B-0FF97F35F970}) (Version: 6.0.759.29421 - ABBYY Software House)
Absolute Uninstaller 5.3.1.20 (HKLM-x32\...\Absolute Uninstaller) (Version: 5.3.1.20 - Glarysoft Ltd)
ActivClient x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - )
Agent Ransack 2010 (64-bit) (HKLM\...\Agent Ransack (64-bit)_is1) (Version:  - )
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
ArcSoft PhotoImpression (HKLM-x32\...\{6C5D7191-140A-11D6-B5A0-0050DA208A93}) (Version:  - )
Avery Wizard 3.1 (HKLM-x32\...\{77077FFF-8831-470F-9627-E86F06A50CCD}) (Version: 3.1.8 - Avery)
Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{CA0D2F09-F811-48D4-843E-C87696C6A9D9}) (Version: 3.0.0.2 - Apple Inc.)
Bonjour-Druckdienste (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Broadcom 2070 Bluetooth 2.1 + EDR (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.35 - Broadcom Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
c4200_Help (x32 Version: 82.0.210.000 - Hewlett-Packard) Hidden
C4340 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
CFX Trader (HKLM-x32\...\{AC5E101F-8D42-406B-BFC0-7B906879F705}) (Version: 2.52.12.0 - CFX Broker)
CoP Outlook Plugin (HKLM-x32\...\{CBB9BD2B-C3FA-413F-9913-924EFFCE9CCC}) (Version: 4.11.1 - SMC Software Management Consulting)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Core FTP Server (HKLM-x32\...\CoreFTPServer) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Data Center 2 (HKLM-x32\...\Data Center 2) (Version:  - Sigma Elektro GmbH)
DataCenter2 (HKLM-x32\...\DataCenter2.6A52D17A1C86211F195F60E94C15876515EBE62C.1) (Version: 2.0.2 - Sigma Elektro GmbH)
DataCenter2 (x32 Version: 2.0.2 - Sigma Elektro GmbH) Hidden
DDBAC (HKLM-x32\...\{78F6AFE2-A4F3-4AE1-A710-9FD5758C2EB0}) (Version: 5.3.26 - DataDesign)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Deutsche Post E-Porto (HKLM-x32\...\{5CCF8330-F742-411A-8A04-719806D168B5}) (Version: 2.3.0 - Deutsche Post AG)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.1.9 - Hewlett-Packard)
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Doodle Outlook Connector (HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\33030675DC63B8C8D12A223C2017505053D50B01) (Version: 1.2.0.0 - Doodle AG)
Drive Encryption for HP ProtectTools (HKLM-x32\...\Drive Encryption) (Version: 5.0.6.0 - Hewlett-Packard)
Drive Encryption for HP ProtectTools (Version: 5.0.6.0 - Hewlett-Packard) Hidden
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.0.15910 - Landesfinanzdirektion Thüringen)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
EPSON Copy Utility (HKLM-x32\...\{B69CC1A5-0404-11D6-ABCB-005004C21D30}) (Version:  - )
EPSON Photo Print (HKLM-x32\...\{D379964B-685C-44D5-AE46-C953A9FEEA14}) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON Smart Panel (HKLM-x32\...\{6C11D561-620B-47DA-A693-4C597F3CDF40}) (Version:  - )
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 5.0.1.4 - Hewlett-Packard)
FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Folder Marker v 1.4 (HKLM-x32\...\Folder Marker_is1) (Version: 1.4 - ArcticLine Software)
FreeFileSync 5.6 (HKLM-x32\...\FreeFileSync) (Version: 5.6 - ZenJu)
GALILEOS Viewer 1.9 (HKLM-x32\...\{A1AD28CE-ADDF-46F1-94DC-7D7ACBC1451B}) (Version: 1.9.4368.23293 - SICAT GmbH & Co. KG)
Garmin City Navigator Europe NT 2012.30 Update (HKLM-x32\...\{71401465-5DAD-4E95-BCFC-B13DFDD9771E}) (Version: 15.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2013.30 Update (HKLM-x32\...\{BD9FCA8B-7692-42BD-9AF3-88346B436CB0}) (Version: 16.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT v9 (HKLM-x32\...\{29EA075F-2C61-472F-B01D-80E8D8F023F1}) (Version: 9.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}) (Version: 2.9.3 - Garmin Ltd or its subsidiaries)
Garmin TOPO Deutschland v3 (HKLM-x32\...\{AE255C55-E0CF-4591-AA86-CAA19AA32C53}) (Version: 3.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{CCB71FF8-DE82-469C-8641-44378F4443EB}) (Version: 2.5.4 - Garmin Ltd or its subsidiaries)
Geberit ProPlanner 2013 R2 (HKLM-x32\...\{D06C9C18-D361-486A-9E6D-DBAFF1266028}) (Version: 3.3.000 - Geberit Verwaltungs AG)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Haufe Formular-Manager (HKLM-x32\...\{CE7F2CA3-ADA3-4907-9013-8B61C370B6E4}) (Version: 11.01.03.0001 - Haufe-Lexware GmbH & Co. KG)
Haufe iDesk-Browser (HKLM-x32\...\{0F32914F-A633-4516-B531-7084C8F19F93}) (Version: 10.10.14.0000 - Haufe-Lexware GmbH & Co. KG)
Haufe iDesk-Service (HKLM-x32\...\{F3A444B0-3BF9-11E1-A2DD-005056B12123}) (Version: 12.01.11.8176 - Haufe)
HP 3D DriveGuard (HKLM\...\{299625B9-6C69-462C-9CEA-8E06D878B1C5}) (Version: 4.0.5.1 - Hewlett-Packard Company)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Connection Manager (HKLM-x32\...\{DE637160-7A1C-4F73-B1AB-4300AE2C2DDE}) (Version: 3.1.3 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Documentation (HKLM-x32\...\{4054365C-8CD6-4F08-A2F9-44CADFD7A9D0}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.6.4.1 - Hewlett-Packard Company)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{1241CE77-0B65-40A0-B893-02EA49E35332}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{14BC5667-22B0-4DC4-8205-597053BBDDC9}) (Version: 13.0 - HP)
HP Photosmart C4340 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{20B8FE13-36FB-47A8-B43C-4BD23B36ADB2}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Power Assistant (HKLM\...\{09A06482-FAF9-4DC5-9EC7-D340B394E22A}) (Version: 2.0.6.0 - Hewlett-Packard Company)
HP Power Data (HKLM\...\{5CEE98FB-1963-4662-A780-410DA4533D53}) (Version: 1.0.35.187 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP QuickLook (HKLM\...\{E6BEE2A9-04CF-42FF-B95B-BB70FAD2DC3E}) (Version: 3.3.1.4 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{7861911B-4270-498A-8F7A-FCF0570F4877}) (Version: 1.0.1.62 - DeviceVM, Inc.)
HP QuickWeb (HKLM-x32\...\{7861911B-4270-498A-8F7A-FCF0570F48E3}) (Version: 1.0.1.74 - DeviceVM, Inc.)
HP Setup (HKLM-x32\...\{96AC1B0B-02D1-4FAA-9C1E-C92ECA74921A}) (Version: 8.2.4130.3367 - Hewlett-Packard Company)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP SoftPaq Download Manager (HKLM-x32\...\{2DA697D7-FED3-4DE2-A174-92A2A12F9688}) (Version: 3.0.5.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{18F4179A-385F-40EE-AE2D-FA0E1BE62753}) (Version: 4.5.12.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{04801E42-B1A6-4C52-9F3D-CADB5A050433}) (Version: 7.0.1.6 - Hewlett-Packard Company)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP System Default Settings (HKLM-x32\...\{C4E9E8A4-EEC4-4F9E-B140-520A8B75F430}) (Version: 2.4.1.2 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.26.3 - Roxio)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50012.1 - Sonix)
HP Wireless Assistant (HKLM\...\{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}) (Version: 4.0.10.0 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6300.0 - IDT)
Image Transfer (HKLM-x32\...\{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}) (Version:  - )
ImageMixer for Sony (HKLM-x32\...\{1B4AA674-F5CA-4BB5-831A-CD37B4021959}) (Version:  - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.8 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java Card Security for HP ProtectTools (HKLM\...\{F4477CC0-7293-414A-93BC-20EE897A80F0}) (Version: 5.0.4.1 - Hewlett-Packard)
Java(TM) SE Development Kit 7 Update 1 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170010}) (Version: 1.7.0.10 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexware buchhalter 2013 (HKLM-x32\...\{6AB4E5CD-0062-48E8-96A3-E5B4486DFCB3}) (Version: 18.04.00.0021 - Haufe-Lexware GmbH Co.KG)
Lexware Elster (HKLM-x32\...\{1C227C2E-2295-4820-87B1-4B13E98E6C66}) (Version: 13.15.00.0074 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (HKLM-x32\...\{8AE7E507-BC49-4DF0-A236-26878691AB53}) (Version: 2.90.00.0009 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM-x32\...\{607D1882-6E4E-4861-BAA3-16B12FA21C73}) (Version: 20.00.00.0059 - Haufe-Lexware GmbH Co.KG)
Lexware online banking V 2.39 (HKLM-x32\...\{66017349-81C8-48C3-B0E2-704DB146D70F}) (Version:  - )
LG Bluetooth Drivers (HKLM-x32\...\{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}) (Version: 1.1 - LG Electronics)
LG PC Suite IV (HKLM-x32\...\LG PC Suite IV) (Version: 4.3.80.20121017 - LG Electronics)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics)
LG USB Modem Drivers (HKLM-x32\...\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}) (Version: 4.9.4 - LG Electronics)
LightScribe System Software (HKLM-x32\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
LTplus architektur (HKLM-x32\...\{8E93D569-667D-4845-A677-B9FC54AFE9F2}_is1) (Version:  - ArchitektenInitiative e.V.)
LTplus architektur (HKLM-x32\...\{FAA933B5-F74F-4841-AA49-9735D6DD4256}_is1) (Version:  - ArchitektenInitiative e.V.)
LTplus EnEV 2010 (HKLM-x32\...\{BF024BF3-9FE5-4417-AA04-16A5FF937931}_is1) (Version:  - ArchitektenInitiative e.V.)
LTplus SketchUP Plugin 7.1 (HKLM-x32\...\LTplus SketchUP Plugin 7.1) (Version: 7.1 - ArchitektenInitiative e.V.)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Markets-pro Trading Plattform (HKLM-x32\...\Markets-pro Trading Plattform) (Version: 1.0.0.0 - Information Internet)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Media Go (HKLM-x32\...\{0F895695-33CC-4203-9C47-25EF2AC9441C}) (Version: 1.7.254 - Sony)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{963E5FEB-1367-46B9-851D-A957F1A3747F}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office SharePoint Designer 2007 (HKLM-x32\...\SharePointDesigner) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}) (Version:  - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Tool Web Package : EXCTRLST.EXE (HKLM-x32\...\{B0650E3D-FDCA-4908-B74B-0CC1731BDB93}) (Version: 1.00.0.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{75E2C40C-4345-4DD0-B5B3-B8EB92EEECB5}) (Version: 4.0.1679 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.4 - F.J. Wechselberger)
MySQL Workbench 5.2 CE (HKLM-x32\...\{455D9FD3-2AB6-44E0-BF49-B9E13911401A}) (Version: 5.2.38 - Oracle Corporation)
NDAS-Software 3.20.1523 (64-bit Windows) (HKLM\...\{07C16B8B-AE11-4515-888F-0BD2E0A9F2AD}) (Version: 3.20.1523 - XIMETA, Inc.)
Netzwerkaufzeichnungs-Player (HKLM-x32\...\{77A9065F-823B-4CDD-B28B-F340B69B62E3}) (Version: 28.4.0.14953 - Cisco WebEx LLC)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.34 - Symantec)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.8 - )
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation)
P1670 Referenzhandbuch (HKLM-x32\...\P1670 Referenzhandbuch) (Version:  - )
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Paragon Backup and Recovery™ 2014 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
pdfforge Toolbar v6.6 (HKLM-x32\...\{65739FA2-0444-4AB2-B598-872406539EBD}) (Version: 6.6 - Spigot, Inc.) <==== ATTENTION
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 9.0 - PlotSoft LLC)
Privacy Manager for HP ProtectTools (HKLM\...\{32394B71-1E8E-4233-8958-B84F4CDC8F4D}) (Version: 5.11.814 - Hewlett-Packard Company)
PS_AIO_03_C4340_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_Software_min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Qualcomm Gobi 2000 Package for HP (HKLM-x32\...\{5A771AE0-513F-4EC5-AB09-A7D3D22A2E20}) (Version: 1.1.240 - QUALCOMM)
Quicken 2011 - ServicePack 4 (HKLM-x32\...\{9DC1A9BA-070A-455F-8AC3-62587524ADFB}) (Version: 18.04.00.0123 - Haufe-Lexware GmbH & Co KG)
Quicken DELUXE 2004 (HKLM-x32\...\InstallShield_{00F115CE-9BDD-4729-9122-2476CD02856B}) (Version: 11.00.0000 - Lexware)
Quicken DELUXE 2004 (x32 Version: 11.00.0000 - Lexware) Hidden
Quicken DELUXE Jubiläumsversion (HKLM-x32\...\{A907A713-DA24-4352-8786-96C7A6944646}) (Version: 20.36.00.0134 - Haufe-Lexware GmbH & Co.KG)
Quicken Import Export Server Jubiläumsversion (HKLM-x32\...\{7FE9F5F5-8C9B-49F2-989C-BD885BD79B8D}) (Version: 20.30.00.0099 - Haufe-Lexware GmbH & Co.KG)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Richtig_Kontieren_von_A_Z (HKLM-x32\...\{83F8B710-715B-47B6-AD4D-036280EC269B}) (Version: 16.0.0.0 - Haufe-Lexware GmbH & Co. KG)
RICOH Media Driver (HKLM-x32\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.14.00.05 - RICOH)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SDK (x32 Version: 2.26.012 - Portrait Displays, Inc.) Hidden
Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sigma Data Center 3.2 (HKLM-x32\...\Sigma Data Center3.2) (Version: 3.2 - Sigma Elektro GmbH)
Sigma Data Center 3.3 (HKLM-x32\...\Sigma Data Center3.3) (Version: 3.3 - Sigma Elektro GmbH)
SketchUp 2014 (HKLM-x32\...\{D71C0CA7-A245-4CB7-A958-7DB3377602AE}) (Version: 14.0.4900 - Trimble Navigation Limited)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartTools Publishing • Word Falz & Lochmarken-Assistent (HKLM-x32\...\SmartToolsFalz & Lochmarken-Assistentv7.00) (Version: v7.00 - SmartTools Publishing)
SmartTools Publishing • Word Sonderzeichen-Assistent (HKLM-x32\...\SmartToolsSonderzeichen-Assistentv2.00) (Version: v2.00 - SmartTools Publishing)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Softi FreeOCR (HKLM-x32\...\{ABBACAD2-4DAF-490E-932B-E330B33FCF98}) (Version: 2.6.0 - Softi Software)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 28.1.86200 - Sonos, Inc.)
Sony Ericsson Update Service (HKLM-x32\...\Update Service) (Version: 2.11.5.6 - Sony Ericsson Mobile Communications AB)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.9.201406230908 - Sony Mobile Communications AB)
Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steuer-Spar-Erklärung 2009 (HKLM-x32\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.01.0000 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2010 (HKLM-x32\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.15 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.18 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.28.138 - Akademische Arbeitsgemeinschaft)
Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version:  - )
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{4DF1691E-8012-4E7C-89CF-3F7B9146DA6E}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.12979 - TeamViewer)
Theft Recovery (HKLM-x32\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 5.1.0.21 - Hewlett-Packard)
Theft Recovery (x32 Version: 5.1.0.21 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Trader Workstation 4.0 (HKLM-x32\...\Trader Workstation 4.0) (Version:  - )
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.73 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.245 - TuneUp Software) Hidden
TZ-EasyBuch Start  (HKLM-x32\...\TZ-EasyBuch Start) (Version:  - Thomas Zeh)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Validity Fingerprint Driver (HKLM\...\{DD966CEF-5EA9-4BA2-B210-490FEBC27EA7}) (Version: 4.0.15.0 - Validity Sensors, Inc.)
VCDS PCI 11.11 (HKLM-x32\...\VCDS PCI) (Version: PCI 11.11 - PCI Diagnosetechnik GmbH & Co. KG)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Vim 7.3 (self-installing) (HKLM\...\Vim 7.3) (Version:  - )
Vodafone Mobile Broadband (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.1.108.29105 - Vodafone)
vtiger CRM Office Plug-in 5.0.4 (HKLM-x32\...\{194D92D9-8A52-4C0D-8C3F-0D12B0DE28D7}) (Version:  - )
vtiger CRM Outlook plugin 2.1 (64-bit) (HKLM\...\vtiger CRM Outlook plugin 2.1 (64-bit)) (Version:  - Vtiger)
WD Discovery (HKLM-x32\...\{A80AE043-EF68-4B64-9C6F-088405FED315}) (Version: 102.0.1.10 - Western Digital Technologies, Inc.)
WD My Cloud (HKLM\...\{8F19C800-80A5-4636-B560-39A58112D45B}) (Version: 1.0.4.37 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{BE1B25F9-5A51-4DB8-81FA-CE0CABC14D07}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{FECF90E3-FDEA-4A87-8A06-2683388C69C4}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{647175e1-9944-4a82-bac1-102c95f0a99a}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WEB.DE Club SmartFax (HKLM-x32\...\WEB.DE Club SmartFax) (Version: 2.00.235 - 1&1 Mail & Media GmbH)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wertpapieranalyse 2011 (HKLM-x32\...\{F625701A-E55C-47B4-8FC0-52B4FFE306BB}) (Version: 1.00.0003 - Haufe-Lexware GmbH & Co. KG)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\2DC0AA065FA83047D7ECD51C7000C1620D79A4C5) (Version: 02/17/2009 2.04.16 - FTDI)
Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\51A4D522DD31538335EF5736F0E7F588C70BCB12) (Version: 02/17/2009 2.04.16 - FTDI)
Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02) (HKLM\...\F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443) (Version: 06/16/2010 2.06.02 - Ross-Tech)
Windows-Treiberpaket - SIGMA Elektro GmbH (usbser) Ports  (04/27/2012 5.1.2600.5512) (HKLM\...\DCCAC4C88E429408A2DDF8C0C5BAEB9187FA5713) (Version: 04/27/2012 5.1.2600.5512 - SIGMA Elektro GmbH)
WinRAR 5.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
XAMPP 1.7.1 (HKLM-x32\...\xampp) (Version:  - )
XBRL Tool (HKLM-x32\...\{53A2399A-7ECE-4717-9CD0-1C57FD35BBCA}) (Version: 1.9.0 - ITA Systemhaus GmbH)
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
XMLmind XML Editor Personal Edition 4.6.0 (2010-05-31) (HKLM-x32\...\XMLmind XML Editor_is1) (Version: 4.6.0 - XMLmind)
XMLServiceToolV2 (HKLM-x32\...\{0F72FEF7-6E87-49C5-AB0E-FBAFD0E00EF2}) (Version: 2.0.0 - Bundesanzeiger)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

12-04-2015 13:47:51 Removed PDF Architect
13-04-2015 11:48:42 Windows-Sicherung
13-04-2015 16:55:42 Removed WD My Cloud
13-04-2015 18:12:30 Installed WD Discovery
13-04-2015 18:19:39 WD SmartWare Installer
16-04-2015 09:15:07 Windows Update
16-04-2015 09:45:53 Installed Sonos Controller.
16-04-2015 11:31:08 Windows Update
19-04-2015 10:21:53 Windows Update
19-04-2015 15:43:56 Windows Update
19-04-2015 19:13:11 Windows-Sicherung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-04-19 13:30 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06283FF5-567C-4E7B-902F-4E7A84945D32} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {08498D11-C830-45A6-80E4-B08EC8116490} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {1900BDE0-6E60-458D-9BBD-788CDBC6BE8A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {1BF7F865-DFC4-4BB9-84D0-95A54C4FDCD3} - System32\Tasks\{405953F1-54EC-4820-B1B7-CB52898624C4} => pcalua.exe -a C:\Users\kami\Downloads\USBDrivers_23.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {1CDAC75A-A1BB-4D04-9630-64A18F451B58} - System32\Tasks\GoogleUpdateTaskMachineUA1cfffdf66526ee7 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {1D3A14F6-6594-4D40-A055-303C7DBB67DE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {41DDAF3D-7352-4F37-8E87-8CB214F157FC} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {4872684A-CC41-4E96-90EE-23B6B7C308FE} - System32\Tasks\{F6F71C2E-4C20-44B7-9DDD-C0E18F922370} => pcalua.exe -a C:\Users\kami\Downloads\jxpiinstall.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {529BD07D-ACE0-4638-AA71-CA5A93B28ED8} - System32\Tasks\{4E98F3FB-7896-4058-BD13-823D6945B38F} => pcalua.exe -a "C:\Users\kami\Documents\My Projects\Zyste\Kiefer-CT\DV31\DE_DE\SETUPW2K.EXE" -d "C:\Users\kami\Documents\My Projects\Zyste\Kiefer-CT\DV31\DE_DE"
Task: {53BD8261-DF20-4254-A0A5-09F7295623AB} - System32\Tasks\{A20C8E88-8BEE-43D1-80E4-CCA6A63FD689} => pcalua.exe -a C:\Users\kami\Downloads\zumo550_440.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {575A5CCE-D922-435E-8CE5-6B9A47BBA28B} - System32\Tasks\{7EE4D7BA-9010-475C-AD3D-4149B76B04A0} => pcalua.exe -a "C:\Program Files (x86)\ElsterFormular\bin\installationsverwaltung.exe" -d "C:\Program Files (x86)\ElsterFormular\bin" -c --zeigeDlg
Task: {60AEE8DF-D87A-424E-8D37-F357C03B19B1} - System32\Tasks\{BEE6F6BC-7E4E-4156-B456-4BC6B32E9CFC} => pcalua.exe -a C:\Users\kami\Downloads\VirtualBox-4.3.26-98988-Win.exe -d C:\Users\kami\Desktop
Task: {64EE2590-8AD0-4CF8-9776-19F80B91032C} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2011-05-10] (Hewlett-Packard)
Task: {768DF770-0874-4AAD-901E-3FEA36209A02} - System32\Tasks\{3FB10DA3-D217-4D1D-A771-73D471FA49B1} => pcalua.exe -a G:\BMW-Diagnose\LuPeDi-CD\VMware-player-4.0.1-528992.exe -d G:\BMW-Diagnose\LuPeDi-CD
Task: {76A33DD5-687B-4858-B2A4-EF9C08D5F959} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {7B8CFA59-807A-4655-9875-EEDEC70E3777} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {7F761247-E1AF-4456-9207-4A11B453F630} - System32\Tasks\{287FC240-3430-4628-A791-173374ACA4CF} => pcalua.exe -a "C:\VAIS GmbH\Equipment\Nikon Coolpix P500\F-P500-V11W.exe" -d "C:\VAIS GmbH\Equipment\Nikon Coolpix P500"
Task: {88A4FA0C-9E4A-4A24-977F-CE990BA1AA65} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8CF46AA4-9CC9-4A74-A0F9-0F9E299AA524} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A57C7A01-277D-4D15-A4BA-CA7D721817C4} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2011-07-31] (Haufe-Lexware GmbH & Co. KG)
Task: {B6886E16-78D2-4BA2-80D7-69A8EB0BF45A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {B6C8C5F6-F6C7-45BA-9BFC-AF612B65BE58} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-10] (Oracle Corporation)
Task: {B8EE803A-E92F-43C6-A773-8374447A3E11} - System32\Tasks\{0F2BF6C1-C062-480F-84CD-9A531DDBA372} => pcalua.exe -a C:\LTplusCAD\LTplus.exe -d C:\LTplusCAD -c /B ltsetup.scr
Task: {C4A17781-6F9D-4116-8E58-1B051E5EAF86} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {C58C3221-9713-4F19-923F-50E5674D7145} - System32\Tasks\{74EF2365-0D63-4583-9BCC-2FD89228B725} => pcalua.exe -a C:\Users\kami\Downloads\LTplus_SketchUP.exe -d C:\Users\kami\Downloads
Task: {C720A7E1-77FD-4AEF-9B54-2E57F75F3D47} - System32\Tasks\{CBD9BC13-72E0-4024-900F-DB43F8C2D5BF} => C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
Task: {CFFFD4B8-026B-46E1-967C-E0B39FB0F775} - System32\Tasks\{1543AE92-FCE4-4364-A7D8-1EA7D9234B81} => pcalua.exe -a C:\Users\kami\Downloads\LTplus_SketchUP(1).exe -d C:\Users\kami\Downloads
Task: {E027C661-49DA-4A77-9278-0DBAA1B3D060} - System32\Tasks\{DE6BC2ED-4D34-4602-AE3C-3357C8C96680} => pcalua.exe -a D:\setup_vmc_lite.exe -d D:\ -c /checkApplicationPresence
Task: {E9651246-1E99-43D6-9CC2-835C1554CE73} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated)
Task: {E9BD553D-0254-4BBF-9838-026B9A4DD3D6} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG)
Task: {ED2C4FF2-1097-4757-B28C-B590AB00AB0F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {F1174B2C-0522-44F4-ACB9-C9A13ED06D3B} - System32\Tasks\HPCeeScheduleForkami => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {F75C495F-1484-4C60-AF41-CB80528A9C41} - System32\Tasks\{AD831500-7CCF-4C8A-B6EE-42468807CDEE} => pcalua.exe -a C:\Users\kami\Downloads\sp57708.exe -d C:\Users\kami\Downloads
Task: {F769D86F-0104-4FE3-9AE9-F4C5A98E43B5} - System32\Tasks\Trader Workstation Update => C:\Jts\WiseUpdt.exe [2006-11-08] ()
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1cfffdf66526ee7.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForkami.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2013-08-23 00:29 - 2006-02-23 11:35 - 00020480 _____ () C:\windows\System32\FritzColorPort64.dll
2013-08-23 00:29 - 2006-02-22 10:39 - 00020480 _____ () C:\windows\System32\FritzPort64.dll
2012-07-03 11:51 - 2011-04-02 16:05 - 00290304 _____ () C:\windows\System32\HP1100LM.DLL
2012-07-03 11:53 - 2011-04-02 16:04 - 00074240 _____ () C:\windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2012-01-11 02:05 - 2012-01-11 02:05 - 00071024 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe
2009-03-16 13:29 - 2009-03-16 13:29 - 06562432 _____ () c:\xampp\mysql\bin\mysqld.exe
2009-05-08 16:41 - 2009-05-08 16:41 - 05750784 _____ () C:\Program Files (x86)\vtigercrm-5.3.0\mysql\bin\mysqld-nt.exe
2011-02-03 22:39 - 2010-04-21 10:59 - 00058880 _____ () C:\Program Files (x86)\Hardcopy\HcDLL2_30_x64.dll
2011-07-18 23:04 - 2011-07-18 23:04 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2011-03-29 21:58 - 2002-10-16 20:20 - 00073728 _____ () C:\Program Files (x86)\Sony Corporation\Image Transfer\SonyTray.exe
2011-02-04 00:36 - 2008-12-02 14:21 - 00041984 _____ () C:\Program Files (x86)\Hardcopy\HcDLL2_ex.exe
2015-03-13 15:54 - 2015-03-13 15:54 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-04-08 19:32 - 2014-06-23 08:07 - 00113376 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2011-09-12 18:02 - 2011-09-12 18:02 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2015-04-20 18:40 - 2015-04-20 18:40 - 00165376 _____ () C:\Users\kami\Desktop\SystemLook_x64.exe
2008-01-18 01:17 - 2008-01-18 01:17 - 00073782 _____ () c:\xampp\apache\bin\zlib1.dll
2007-02-04 11:14 - 2007-02-04 11:14 - 00020687 _____ () C:\xampp\php\zendOptimizer\lib\ZendExtensionManager.dll
2009-02-25 16:54 - 2009-02-25 16:54 - 00166912 _____ () c:\xampp\apache\bin\libmcrypt.dll
2009-02-25 16:54 - 2009-02-25 16:54 - 02076672 _____ () c:\xampp\apache\bin\LIBMYSQL.dll
2009-02-25 16:54 - 2009-02-25 16:54 - 00464172 _____ () c:\xampp\apache\bin\LIBPQ.dll
2007-10-25 10:34 - 2007-10-25 10:34 - 00163840 _____ () c:\xampp\apache\bin\pslib.dll
2007-10-30 14:28 - 2007-10-30 14:28 - 00086016 _____ () c:\xampp\apache\bin\pxlib.dll
2008-01-07 17:47 - 2008-01-07 17:47 - 00721095 _____ () C:\xampp\php\zendOptimizer\lib\Optimizer\php-5.2.x\ZendOptimizer.dll
2012-01-11 02:05 - 2012-01-11 02:05 - 00103792 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\pywintypes24.dll
2012-01-11 01:57 - 2012-01-11 01:57 - 00071024 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\zlib.pyd
2012-01-11 02:05 - 2012-01-11 02:05 - 00032112 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32process.pyd
2012-01-11 02:05 - 2012-01-11 02:05 - 00019312 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32event.pyd
2012-01-11 01:57 - 2012-01-11 01:57 - 00054640 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\_socket.pyd
2012-01-11 01:57 - 2012-01-11 01:57 - 00017264 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\_ssl.pyd
2012-01-11 01:50 - 2012-01-11 01:50 - 00832880 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\LIBEAY32.dll
2012-01-11 01:50 - 2012-01-11 01:50 - 00161136 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\SSLEAY32.dll
2012-01-11 02:05 - 2012-01-11 02:05 - 00075120 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32api.pyd
2012-01-11 02:05 - 2012-01-11 02:05 - 00019312 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32evtlog.pyd
2012-01-11 02:05 - 2012-01-11 02:05 - 00029552 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\servicemanager.pyd
2012-01-11 02:05 - 2012-01-11 02:05 - 00083312 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32file.pyd
2012-01-11 02:05 - 2012-01-11 02:05 - 00021360 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32pipe.pyd
2012-01-11 02:05 - 2012-01-11 02:05 - 00107888 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32security.pyd
2012-01-11 02:05 - 2012-01-11 02:05 - 00037744 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32service.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00021360 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\persistent.cPersistence.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00014192 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\persistent.TimeStamp.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00020848 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\persistent.cPickleCache.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00026480 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Acquisition._Acquisition.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00020848 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\ExtensionClass._ExtensionClass.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00010608 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\ComputedAttribute._ComputedAttribute.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00026992 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\AccessControl.cAccessControl.pyd
2012-01-11 04:08 - 2012-01-11 04:08 - 00013168 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Record._Record.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00020336 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\DocumentTemplate.cDocumentTemplate.pyd
2012-01-11 01:57 - 2012-01-11 01:57 - 00140656 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\pyexpat.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00058736 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._OOBTree.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00062832 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._OIBTree.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00062832 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._IOBTree.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00062832 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._IIBTree.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00011120 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Persistence._Persistence.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00010096 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\MethodObject._MethodObject.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00011120 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Missing._Missing.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00011632 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\MultiMapping._MultiMapping.pyd
2012-01-11 01:57 - 2012-01-11 01:57 - 00013680 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\select.pyd
2012-01-11 04:08 - 2012-01-11 04:08 - 00010096 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\ZODB.winlock.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00010096 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Products.ZCTextIndex.stopper.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00010096 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Products.ZCTextIndex.okascore.pyd
2012-01-11 04:08 - 2012-01-11 04:08 - 00341360 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\_jpype.pyd
2012-01-11 04:08 - 2012-01-11 04:08 - 00013168 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\TextIndexNG2\normalizer.pyd
2012-01-11 04:08 - 2012-01-11 04:08 - 00012656 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\TextIndexNG2\indexsupport.pyd
2010-10-14 06:38 - 2010-10-14 06:38 - 00583168 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\OSR32V10.dll
2012-01-11 04:07 - 2012-01-11 04:07 - 00062832 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._fsBTree.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00271728 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\M2Crypto.__m2crypto.pyd
2008-01-18 01:17 - 2008-01-18 01:17 - 00073782 _____ () C:\xampp\apache\bin\zlib1.dll
2009-02-25 16:54 - 2009-02-25 16:54 - 00166912 _____ () C:\xampp\apache\bin\libmcrypt.dll
2009-02-25 16:54 - 2009-02-25 16:54 - 02076672 _____ () C:\xampp\apache\bin\LIBMYSQL.dll
2009-02-25 16:54 - 2009-02-25 16:54 - 00464172 _____ () C:\xampp\apache\bin\LIBPQ.dll
2007-10-25 10:34 - 2007-10-25 10:34 - 00163840 _____ () C:\xampp\apache\bin\pslib.dll
2007-10-30 14:28 - 2007-10-30 14:28 - 00086016 _____ () C:\xampp\apache\bin\pxlib.dll
2009-05-08 16:41 - 2009-05-08 16:41 - 02076672 _____ () C:\Program Files (x86)\vtigercrm-5.3.0\apache\bin\LIBMYSQL.dll
2010-03-13 05:27 - 2010-03-13 05:27 - 00168280 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMBIOSController.dll
2015-04-08 19:32 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2011-02-03 22:39 - 2010-04-21 11:00 - 00058368 _____ () C:\Program Files (x86)\Hardcopy\HcDLL2_30_Win32.dll
2015-04-08 19:32 - 2014-12-04 14:18 - 00241152 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2013-06-11 09:31 - 2013-06-11 09:31 - 00090112 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CalEngine.dll
2012-04-04 14:33 - 2012-04-04 14:33 - 00139776 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CAgdLNotes.dll
2013-01-08 17:02 - 2013-01-08 17:02 - 00163840 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CAgdOutlook.dll
2012-07-26 11:51 - 2012-07-26 11:51 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VistaCalendar.dll
2015-04-08 19:32 - 2010-01-11 15:44 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
2011-01-05 15:01 - 2011-01-05 15:01 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PimNotes.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2011-02-04 00:36 - 2010-11-19 06:49 - 00781312 _____ () C:\Program Files (x86)\Hardcopy\HcDllS.dll
2011-02-04 00:36 - 2010-09-30 10:14 - 00055296 _____ () C:\Program Files (x86)\Hardcopy\hardcopy_03.dll
2011-03-29 21:58 - 2002-10-16 20:20 - 00012288 _____ () C:\Program Files (x86)\Sony Corporation\Image Transfer\SonyTray.dll
2010-03-13 05:25 - 2010-03-13 05:25 - 00602624 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.UI.ViewModel.dll
2010-03-13 05:25 - 2010-03-13 05:25 - 00355328 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Application.dll
2010-03-13 05:24 - 2010-03-13 05:24 - 00130048 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP.ShinyNoire.UI.dll
2010-03-13 05:27 - 2010-03-13 05:27 - 00136040 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.SharedUI.WPF.dll
2010-03-13 05:24 - 2010-03-13 05:24 - 00015360 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Resources.WPF.dll
2010-03-13 05:24 - 2010-03-13 05:24 - 00014848 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.Resources.WPF.resources.dll
2010-03-13 05:24 - 2010-03-13 05:24 - 01601536 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\en-US\HP.ShinyNoire.UI.resources.dll
2010-03-13 05:26 - 2010-03-13 05:26 - 00311296 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.SharedUI.WPF.resources.dll
2010-03-13 05:24 - 2010-03-13 05:24 - 00483328 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\en-US\SmithMicro.Resources.WPF.resources.dll
2010-03-13 05:25 - 2010-03-13 05:25 - 00059904 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.UI.Models.dll
2010-03-13 05:26 - 2010-03-13 05:26 - 00195584 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.WwanDiagnostics.dll
2010-03-13 05:24 - 2010-03-13 05:24 - 00573440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Message.XmlSerializers.dll
2010-03-13 05:25 - 2010-03-13 05:25 - 00045056 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Application.XmlSerializers.dll
2010-03-13 05:25 - 2010-03-13 05:25 - 00005120 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.Application.resources.dll
2010-03-13 05:25 - 2010-03-13 05:25 - 00015872 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.UI.ViewModel.resources.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\kami\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken 2004 Zahlungserinnerung.lnk => C:\windows\pss\Quicken 2004 Zahlungserinnerung.lnk.CommonStartup
MSCONFIG\startupreg: Iminent => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
MSCONFIG\startupreg: IminentMessenger => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background

==================== Accounts: =============================

Administrator (S-1-5-21-2479338598-3314396831-1710804073-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-2479338598-3314396831-1710804073-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2479338598-3314396831-1710804073-1004 - Limited - Enabled)
Hotel (S-1-5-21-2479338598-3314396831-1710804073-1007 - Limited - Enabled) => C:\Users\Hotel
kami (S-1-5-21-2479338598-3314396831-1710804073-1003 - Administrator - Enabled) => C:\Users\kami
RF (S-1-5-21-2479338598-3314396831-1710804073-1005 - Limited - Enabled) => C:\Users\RF
Sonos (S-1-5-21-2479338598-3314396831-1710804073-1016 - Limited - Enabled)
Vais (S-1-5-21-2479338598-3314396831-1710804073-1006 - Administrator - Enabled) => C:\Users\Vais

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/20/2015 06:34:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (04/20/2015 06:34:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (04/20/2015 10:39:19 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (04/20/2015 09:34:57 AM) (Source: VmbService) (EventID: 0) (User: )
Description: GetLoggedOnUser

Error: (04/20/2015 09:34:55 AM) (Source: VmbService) (EventID: 0) (User: )
Description: GetLoggedOnUser

Error: (04/20/2015 09:33:52 AM) (Source: VmbService) (EventID: 0) (User: )
Description: GetLoggedOnUser

Error: (04/20/2015 09:33:48 AM) (Source: VmbService) (EventID: 0) (User: )
Description: GetLoggedOnUser

Error: (04/19/2015 10:37:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (04/19/2015 10:37:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (04/19/2015 10:37:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.


System errors:
=============
Error: (04/20/2015 07:02:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Wireless Assistant Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/20/2015 07:02:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126

Error: (04/20/2015 06:59:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126

Error: (04/20/2015 06:59:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (04/20/2015 06:59:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126

Error: (04/20/2015 06:58:46 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{a9fc5730-ef3b-11df-8de1-806e6f6e6963}" können nicht gelesen werden.

Error: (04/20/2015 06:58:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CdaC15BA" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error: (04/20/2015 06:58:30 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\windows\SysWow64\drivers\CDAC15BA.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (04/20/2015 06:58:26 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎20.‎04.‎2015 um 18:48:12 unerwartet heruntergefahren.

Error: (04/20/2015 06:45:18 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\windows\System32\bcmihvsrv64.dll


Microsoft Office Sessions:
=========================

M-K-D-B 21.04.2015 13:15
Gut gemacht! :applaus:




Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
CloseProcesses:
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{65739FA2-0444-4AB2-B598-872406539EBD}
DeleteKey: HKEY_CURRENT_USER\Software\Cain
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\iSafeRKScan
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\iSafeRKScan
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\iSafeRKScan
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\iSafeRKScan
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\iSafeRKScan
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot
URLSearchHook: HKLM-x32 - (No Name) - {32361cec-8645-4eea-a02e-406794b05835} - No File
SearchScopes: HKU\S-1-5-21-2479338598-3314396831-1710804073-1003 -> {0BCB17D6-B352-4483-809A-DE0B5CD02F8F} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE0&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2479338598-3314396831-1710804073-1003 -> {72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D} URL =
SearchScopes: HKU\S-1-5-21-2479338598-3314396831-1710804073-1003 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.de/search?q={searchTerms}
Task: {F75C495F-1484-4C60-AF41-CB80528A9C41} - System32\Tasks\{AD831500-7CCF-4C8A-B6EE-42468807CDEE} => pcalua.exe -a C:\Users\kami\Downloads\sp57708.exe -d C:\Users\kami\Downloads
Task: {E027C661-49DA-4A77-9278-0DBAA1B3D060} - System32\Tasks\{DE6BC2ED-4D34-4602-AE3C-3357C8C96680} => pcalua.exe -a D:\setup_vmc_lite.exe -d D:\ -c /checkApplicationPresence
Task: {CFFFD4B8-026B-46E1-967C-E0B39FB0F775} - System32\Tasks\{1543AE92-FCE4-4364-A7D8-1EA7D9234B81} => pcalua.exe -a C:\Users\kami\Downloads\LTplus_SketchUP(1).exe -d C:\Users\kami\Downloads
Task: {C58C3221-9713-4F19-923F-50E5674D7145} - System32\Tasks\{74EF2365-0D63-4583-9BCC-2FD89228B725} => pcalua.exe -a C:\Users\kami\Downloads\LTplus_SketchUP.exe -d C:\Users\kami\Downloads
Task: {B8EE803A-E92F-43C6-A773-8374447A3E11} - System32\Tasks\{0F2BF6C1-C062-480F-84CD-9A531DDBA372} => pcalua.exe -a C:\LTplusCAD\LTplus.exe -d C:\LTplusCAD -c /B ltsetup.scr
Task: {53BD8261-DF20-4254-A0A5-09F7295623AB} - System32\Tasks\{A20C8E88-8BEE-43D1-80E4-CCA6A63FD689} => pcalua.exe -a C:\Users\kami\Downloads\zumo550_440.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {1BF7F865-DFC4-4BB9-84D0-95A54C4FDCD3} - System32\Tasks\{405953F1-54EC-4820-B1B7-CB52898624C4} => pcalua.exe -a C:\Users\kami\Downloads\USBDrivers_23.exe -d "C:\Program Files (x86)\Mozilla Firefox"
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 






Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von HitmanPro,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

NoMW! 22.04.2015 18:42
Hallo Matthias,

ein :dankeschoen: auch mal zwischendurch für deine tolle Unterstützung. Ihr hier beim Trojaner-Board scheint das Rote Kreuz für PCs zu sein, mit angeschlossener Reha. Das Trojaner-Board sollte - wenn es noch nicht ist - genauso als gemeinnützig anerkannt werden. Unabhängig davon: Eine Spende meinerseits ist euch sicher.

Das mit ESET hat bei mir elend lang gedauert, weil ich noch eine unaufgeräumte größere USB 2.0 Platte mit einigen Sicherungen dran hatte.

Gruß
Karl

Schritt 1:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by kami at 2015-04-21 14:45:55 Run:2
Running from C:\Users\kami\Desktop
Loaded Profiles: kami (Available profiles: kami & RF & Vais & Hotel & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{65739FA2-0444-4AB2-B598-872406539EBD}
DeleteKey: HKEY_CURRENT_USER\Software\Cain
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\iSafeRKScan
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\iSafeRKScan
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\iSafeRKScan
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\iSafeRKScan
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\iSafeRKScan
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot
URLSearchHook: HKLM-x32 - (No Name) - {32361cec-8645-4eea-a02e-406794b05835} - No File
SearchScopes: HKU\S-1-5-21-2479338598-3314396831-1710804073-1003 -> {0BCB17D6-B352-4483-809A-DE0B5CD02F8F} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE0&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2479338598-3314396831-1710804073-1003 -> {72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D} URL =
SearchScopes: HKU\S-1-5-21-2479338598-3314396831-1710804073-1003 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.de/search?q={searchTerms}
Task: {F75C495F-1484-4C60-AF41-CB80528A9C41} - System32\Tasks\{AD831500-7CCF-4C8A-B6EE-42468807CDEE} => pcalua.exe -a C:\Users\kami\Downloads\sp57708.exe -d C:\Users\kami\Downloads
Task: {E027C661-49DA-4A77-9278-0DBAA1B3D060} - System32\Tasks\{DE6BC2ED-4D34-4602-AE3C-3357C8C96680} => pcalua.exe -a D:\setup_vmc_lite.exe -d D:\ -c /checkApplicationPresence
Task: {CFFFD4B8-026B-46E1-967C-E0B39FB0F775} - System32\Tasks\{1543AE92-FCE4-4364-A7D8-1EA7D9234B81} => pcalua.exe -a C:\Users\kami\Downloads\LTplus_SketchUP(1).exe -d C:\Users\kami\Downloads
Task: {C58C3221-9713-4F19-923F-50E5674D7145} - System32\Tasks\{74EF2365-0D63-4583-9BCC-2FD89228B725} => pcalua.exe -a C:\Users\kami\Downloads\LTplus_SketchUP.exe -d C:\Users\kami\Downloads
Task: {B8EE803A-E92F-43C6-A773-8374447A3E11} - System32\Tasks\{0F2BF6C1-C062-480F-84CD-9A531DDBA372} => pcalua.exe -a C:\LTplusCAD\LTplus.exe -d C:\LTplusCAD -c /B ltsetup.scr
Task: {53BD8261-DF20-4254-A0A5-09F7295623AB} - System32\Tasks\{A20C8E88-8BEE-43D1-80E4-CCA6A63FD689} => pcalua.exe -a C:\Users\kami\Downloads\zumo550_440.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {1BF7F865-DFC4-4BB9-84D0-95A54C4FDCD3} - System32\Tasks\{405953F1-54EC-4820-B1B7-CB52898624C4} => pcalua.exe -a C:\Users\kami\Downloads\USBDrivers_23.exe -d "C:\Program Files (x86)\Mozilla Firefox"
EmptyTemp:
end
*****************

Processes closed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{65739FA2-0444-4AB2-B598-872406539EBD} => Key Deleted successfully.
HKEY_CURRENT_USER\Software\Cain => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_CURRENT_USER\Software\Cain => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\iSafeRKScan => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\iSafeRKScan => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\iSafeRKScan => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\iSafeRKScan => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\iSafeRKScan => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\iSafeRKScan => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot => Key Deleted Successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{32361cec-8645-4eea-a02e-406794b05835} => value deleted successfully.
"HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BCB17D6-B352-4483-809A-DE0B5CD02F8F}" => Key deleted successfully.
HKCR\CLSID\{0BCB17D6-B352-4483-809A-DE0B5CD02F8F} => Key not found.
"HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D}" => Key deleted successfully.
HKCR\CLSID\{72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D} => Key not found.
"HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{85A60A59-D3D8-468F-B598-FB4393789EF4}" => Key deleted successfully.
HKCR\CLSID\{85A60A59-D3D8-468F-B598-FB4393789EF4} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F75C495F-1484-4C60-AF41-CB80528A9C41}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F75C495F-1484-4C60-AF41-CB80528A9C41}" => Key deleted successfully.
C:\Windows\System32\Tasks\{AD831500-7CCF-4C8A-B6EE-42468807CDEE} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AD831500-7CCF-4C8A-B6EE-42468807CDEE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E027C661-49DA-4A77-9278-0DBAA1B3D060}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E027C661-49DA-4A77-9278-0DBAA1B3D060}" => Key deleted successfully.
C:\Windows\System32\Tasks\{DE6BC2ED-4D34-4602-AE3C-3357C8C96680} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DE6BC2ED-4D34-4602-AE3C-3357C8C96680}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFFFD4B8-026B-46E1-967C-E0B39FB0F775}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFFFD4B8-026B-46E1-967C-E0B39FB0F775}" => Key deleted successfully.
C:\Windows\System32\Tasks\{1543AE92-FCE4-4364-A7D8-1EA7D9234B81} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1543AE92-FCE4-4364-A7D8-1EA7D9234B81}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C58C3221-9713-4F19-923F-50E5674D7145}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C58C3221-9713-4F19-923F-50E5674D7145}" => Key deleted successfully.
C:\Windows\System32\Tasks\{74EF2365-0D63-4583-9BCC-2FD89228B725} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{74EF2365-0D63-4583-9BCC-2FD89228B725}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8EE803A-E92F-43C6-A773-8374447A3E11}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8EE803A-E92F-43C6-A773-8374447A3E11}" => Key deleted successfully.
C:\Windows\System32\Tasks\{0F2BF6C1-C062-480F-84CD-9A531DDBA372} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0F2BF6C1-C062-480F-84CD-9A531DDBA372}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53BD8261-DF20-4254-A0A5-09F7295623AB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53BD8261-DF20-4254-A0A5-09F7295623AB}" => Key deleted successfully.
C:\Windows\System32\Tasks\{A20C8E88-8BEE-43D1-80E4-CCA6A63FD689} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A20C8E88-8BEE-43D1-80E4-CCA6A63FD689}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1BF7F865-DFC4-4BB9-84D0-95A54C4FDCD3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BF7F865-DFC4-4BB9-84D0-95A54C4FDCD3}" => Key deleted successfully.
C:\Windows\System32\Tasks\{405953F1-54EC-4820-B1B7-CB52898624C4} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{405953F1-54EC-4820-B1B7-CB52898624C4}" => Key deleted successfully.
EmptyTemp: => Removed 57.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog 14:46:14 ====
Schritt 2:

Code:

       
Code:

       
HitmanPro 3.7.9.240
www.hitmanpro.com

   Computer name . . . . : BETA
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Beta\kami
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (16 days left)

   Scan date . . . . . . : 2015-04-21 15:13:29
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 10m 57s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 4

   Objects scanned . . . : 3.481.259
   Files scanned . . . . : 142.147
   Remnants scanned  . . : 797.011 files / 2.542.101 keys

Suspicious files ____________________________________________________________

   C:\Users\kami\Desktop\FRST-OlderVersion\FRST64.exe -> Deleted
      Size . . . . . . . : 2.098.176 bytes
      Age  . . . . . . . : 4.1 days (2015-04-17 13:03:50)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 4C4C9D8553A42A06AE56771FEDC72909028A0F98B3CB94C7159406D408831E81
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\kami\Desktop\FRST64.exe -> Deleted
      Size . . . . . . . : 2.099.712 bytes
      Age  . . . . . . . : 0.8 days (2015-04-20 19:20:48)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 7E78DC8EBC5FDD3AFB5AE900C97DD6B12F4E9F3DA0A8129136B1CF6A4B2F4258
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\kami\Desktop\FRST64.exe

   C:\windows\PEV.exe -> Deleted
      Size . . . . . . . : 256.000 bytes
      Age  . . . . . . . : 2.1 days (2015-04-19 13:12:52)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : AE0F5CC54E4B133DF66A54572A7CE52FAFF11F8FD0CAEAB088AAD3699D6EC924
      Fuzzy  . . . . . . : 22.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The .rsrc (resources) section in this program is set to executable. This is an indication of malware infection.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
         -0.0s C:\Windows\SWXCACLS.exe
         -0.0s C:\Windows\SWSC.exe
         -0.0s C:\Windows\sed.exe
         -0.0s C:\Windows\grep.exe
          0.0s C:\Windows\zip.exe
          0.0s C:\Windows\SWREG.exe
          0.0s C:\Windows\PEV.exe
          0.0s C:\Windows\NIRCMD.exe
          0.0s C:\Windows\MBR.exe

Schritt 3:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=117593ae8aec31418ebb5f7ed8b566e2
# engine=23489
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-22 04:54:28
# local_time=2015-04-22 06:54:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 10823907 181351518 0 0
# scanned=915185
# found=303
# cleaned=0
# scan_time=11135
sh=D827374F0C4DF83C94B7CD4EF1ECE1AC0C54D2D0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Backup\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\prefs_30_12_2013_15_02_47.js"
sh=7BB20AC45D08CB5C55227E135926BF6A8E24CCD1 ft=1 fh=c71c0011ab9c36b1 vn="Variante von Win32/Toolbar.Widgi.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Application Updater\ApplicationUpdater.exe.vir"
sh=0A6E10101490CEEE36675A126B1D174B598B3DD7 ft=1 fh=e1e90acff543cf54 vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe.vir"
sh=D695024CA664875D76FF113227F5E02CDA3DA5CA ft=1 fh=3ff7987e266f0095 vn="Variante von Win32/Toolbar.Widgi.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\Search Settings\wth156.dll.vir"
sh=01C53FBC0030066FE9032FEC431D9EA26B5811CC ft=1 fh=af8c82510ee8e748 vn="Win32/AlteredSoftware.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe.vir"
sh=0E7CC420B0BE38296EF8516DC3786361119F1F5F ft=1 fh=02f58beb2edcfbd2 vn="Win32/AlteredSoftware.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe.vir"
sh=01C53FBC0030066FE9032FEC431D9EA26B5811CC ft=1 fh=af8c82510ee8e748 vn="Win32/AlteredSoftware.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe.vir"
sh=A565AA91F7873179776579995E9F4D2B2894AE5A ft=1 fh=22e3a81795d8fb05 vn="Variante von Win32/AlteredSoftware.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe.vir"
sh=F1A0D0D29F924A24AF0F0521CF6F9A9150A10ECC ft=1 fh=22e3a817befc6b5a vn="Variante von Win32/AlteredSoftware.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe.vir"
sh=7FA369CC6AF80F935BF91646DCC78E5F746C2CE4 ft=1 fh=c71c001192caf50d vn="Variante von Win32/AlteredSoftware.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll.vir"
sh=B6DA5C749731CC1EFE7B2BB44BDD7903633FF7B8 ft=1 fh=d9cdf1c8ff17595a vn="Variante von Win32/AlteredSoftware.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll.vir"
sh=E66ACE4EECF64CCE06DAB2D2AC00AA48774C4B1E ft=1 fh=c71c0011fea7552e vn="Variante von Win32/AlteredSoftware.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll.vir"
sh=EDB4A6C7E75E18ACB805418EFFD78267BB2F37C4 ft=1 fh=c71c001126306ac8 vn="Variante von Win32/AlteredSoftware.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll.vir"
sh=399CE73FBD27EABB303FD899656E3C66C55B3F29 ft=1 fh=c71c001160921a34 vn="Variante von Win32/AlteredSoftware.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll.vir"
sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js.vir"
sh=0DE5228B403818F458B529030DB7AF8A8061B51B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\39030.crx.vir"
sh=FF6BC3677CA016DC8FB14A2C55E7467D3A3F7786 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\39030.xpi.vir"
sh=6CD41058A3412560E84C538C949495B62B8519D2 ft=1 fh=b1a9056766617585 vn="Variante von Win32/Toolbar.CrossRider.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-buttonutil.dll.vir"
sh=CEC310EAC0609E14C9B7A401C43CC4E83EB8E895 ft=1 fh=909e3c95a9618581 vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-buttonutil64.dll.vir"
sh=ACF792CD728AD82E0485D34C1AEDDC671B890F0B ft=1 fh=e3f99c88359ee627 vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-buttonutil64.exe.vir"
sh=8A8D2570688B54F723940B3F25F062E7E7D6E5EE ft=1 fh=1abb1776bde34dfc vn="Variante von Win32/Toolbar.CrossRider.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-helper.exe.vir"
sh=B1AF27E2E23D79BA3FB64CE7AC9C857958D55EFE ft=1 fh=d91bac5411f30a30 vn="Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.8.11\escortShld.dll.vir"
sh=F3C7D5B97CB26BF522F3CE206F33D797FFA8C260 ft=1 fh=2661696cb9f56ecd vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.8.11\SoftonicApp.dll.vir"
sh=89EB24013DCF2133275255BB2F81F98B03550EF7 ft=1 fh=4a4a0a9bf83f3203 vn="Variante von Win32/Toolbar.Montiera.U evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.8.11\SoftonicEng.dll.vir"
sh=D62E233A07592656A3D079F0645BD78066885EE6 ft=1 fh=585b888d0e42175d vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.8.11\Softonicsrv.exe.vir"
sh=382781AA3BFCD3CACBDFF7AC79B49B478ED8F305 ft=1 fh=fe145f1b467e9f4a vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.8.11\SoftonicTlbr.dll.vir"
sh=BBEE924F127750C4EE2523ED51ADE2FEC6C6CE6D ft=1 fh=1780d52cf6676734 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.8.11\uninstall.exe.vir"
sh=4DDC84FD53C9FCF4A44F5CE98F378A4139DCEE5D ft=1 fh=c32dd10fa312e8d9 vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.8.11\bh\Softonic.dll.vir"
sh=5FB95D21BE8CF2753FD8A42398ADD26E2B21409F ft=1 fh=0f2c5f177050d203 vn="Variante von Win32/Toolbar.Conduit.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\IE\CT3311336\UninstallerUI.exe.vir"
sh=5FB95D21BE8CF2753FD8A42398ADD26E2B21409F ft=1 fh=0f2c5f177050d203 vn="Variante von Win32/Toolbar.Conduit.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3311336\UninstallerUI.exe.vir"
sh=F50A3CB8382FD15DB7527261B9E9D7D24A032876 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\e1uuzfq8.default\Extensions\webbooster@iminent.com.xpi.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Hotel\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir"
sh=F50A3CB8382FD15DB7527261B9E9D7D24A032876 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Hotel\AppData\Roaming\Mozilla\Firefox\Profiles\ztvea2do.default\Extensions\webbooster@iminent.com.xpi.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\102_dealply_m.js.vir"
sh=91A6607DBD508E202138D84D346DE82921F06C9B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\107_coupish_m.js.vir"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\108_icm_m.js.vir"
sh=5C5A008E55F177D6F69D40492574390E4EADCF7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=2CAA8A9B9F1D7D41CAD7CD1DE9C253EF4411A15E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\120_luck_m.js.vir"
sh=4E356A3537E9A4B3814169EBE549D1C2AB3EC78F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\125_arcadi2_m.js.vir"
sh=E254E0BD5C202A441B4F7415C762F7D537A79E24 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=5B79E1012732BA64F2D1FDF7DBF44CAD28FE7CDD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\142_intext_fa_m.js.vir"
sh=786B0C8D3A9F6EFBCDB103B0FA7F9460D38C5D7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=CB95B247FABF95831A2974B87B334DBE4597CEB2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\92_superfish_m.js.vir"
sh=9200578E0A1027E0EE00111B9545601BC953C1A7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=CCE2C38E8E351E54EF7624D60D5C8E8943A8C1D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.23.19_0\js\lib\crossriderAPI.js.vir"
sh=BB1A5AE5206E9995C35E517ECBA291C30CE4F7B7 ft=1 fh=34cca54ca63a6441 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Local\NativeMessaging\CT3311336\1_0_0_6\TBMessagingHost.exe.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir"
sh=E0814D0F17EE1122F6D3507DC676030F8E1CC133 ft=1 fh=0e0f46db8e6ee8c4 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=671E3E4E9E4C9A039D9AD1479A0C91E670AF18E3 ft=1 fh=d643e79c9fb8f862 vn="Win32/Toolbar.Babylon.AE evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\BabSolution\Shared\BUSolution.dll.vir"
sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\102_dealply_m.js.vir"
sh=464E61CE0A166C746C8BE32F8BD662B0EDF79938 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=8BFBBD749FDAA46297DA7F28A30E29C55FD72880 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=0B21E41A47E579081215969619861996F43524B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\105_corticas_m.js.vir"
sh=7F7359D9F0900191297BFDF5B85D5CDF588CD9EA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=FE3704EEF2BFB9DCA552518E7AEC9D6AFC1ED15C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\119_similar_web_m.js.vir"
sh=35CE3B76158991DDEA79CAF0C1F826A7EE18A820 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\120_luck_m.js.vir"
sh=E106EF12FBA54AD37717391E3A2A8B7416B0A30E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\123_intext_adv_m.js.vir"
sh=D295E3F253D0942BD3114F61DEF5D78DD0FC5BFB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\125_arcadi2_m.js.vir"
sh=3CFE90E3825BB08EB9B4222552FAC05360188207 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=031F6CD140ED363E0F137E627AE1FE4DED5714E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\127_revizer_p_m.js.vir"
sh=97C406784CD0DEA751BE4E02EB82633F1F88CA1F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=BB2946641B9FEB2F76D281220A52220336E454E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\135_arcadi3_m.js.vir"
sh=8BD506BDCB470B73FE581B4DA1769AD9FBCAF0D8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\142_intext_fa_m.js.vir"
sh=AE2D5CE395EE9CD2595F77F616E574F4794B1152 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=0CEB1A073B87956FD1F21F8425B8F76015B1BCD8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=441E98540BDEC21B7E534C2B317AE91925F6CEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=C8B01A1511A63AEC3D40B1D045034D76B1E85EFD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=078C314715CCC0DE7547172AD4B810FD754115C6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir"
sh=220B01F705C009D135199A26C85EB536B16C9D6E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\175_coolmirage_m.js.vir"
sh=CFFCA6A4EE3A0DF2319440491BB297ADEC6EEF37 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir"
sh=ADB54DE323736C99B4191A45B478B70DF1B7B945 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\179_revizer_p_dynamic_m.js.vir"
sh=C9A8D5AE55FA65E00EE75767C5D2E9B56041858D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\180_bpo_serp_m.js.vir"
sh=24E6E5A06D24A5CC24C0B705FDB089FD4FEC70AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\184_noproblemppc_m.js.vir"
sh=8D569DDCE3A3E2CB97D920A1744F1AE16C2CE3B3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\189_active_sanity.js.vir"
sh=6B3C17F9D4BD40BFCF87831196C40DBA3C4DB14C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\190_pops_5_m.js.vir"
sh=9F07ACC96BC246F25975479E9382CDF88E7D8711 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\191_ciuvo_m.js.vir"
sh=F913C9EE03B4CCE8680961DBF505FA17BAC140F0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js.vir"
sh=28F70DF1D28964084CCA8382AE4ADA97EF0C4C0A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js.vir"
sh=73E3DE6407B972684132A0542884E6109B387FFE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\194_retargeting_bi_m.js.js.vir"
sh=015610EAC64BCDD618DFF268CFFD98B0AF5AC528 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\195_icm_convertmedia_m.js.vir"
sh=0A113BDC19C5B96609992E6C9D972B814B918109 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\197_kreapixel_pops_m.js.vir"
sh=FBB7D706F207407D497E9D92FFAEB182CCDEECC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\1_base.js.vir"
sh=61DB672F16D1D9053F6B8D591E51C53BA3165770 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\200_foxydeal_m.js.vir"
sh=392B3EB529AF22E57C2AC4076E7702176010694C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\204_pricedetect_m.js.vir"
sh=5902FC10054355A5B8B9CC41620445BAA0F1D0AB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\21_debug.js.vir"
sh=57F2136CD86B69E88017E3346CF16BE0C2A51A2B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\28_initializer.js.vir"
sh=81ECD53ECC5EB6E17063A90F3EB31526347E730F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\uyv395xs.default-1346195518540\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=CC41CADBBD6BA6ED0BFDD17798B4C9F94D7955E0 ft=1 fh=e26a6656a404b558 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\OpenCandy\079071788496476F978234229E30DFC3\DeltaTB.exe.vir"
sh=92962813AB03375D06DEEC70F8B145DFD7444489 ft=1 fh=be60b5ebbf004ae2 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\OpenCandy\2F12D016F97C4271BDEF51D3DE7A6470\speedupmypcDE.exe.vir"
sh=0E1262C60A4DB2AE629F292A6F8002A5E6F4CC0B ft=1 fh=e7d8d7353d9a3d98 vn="Variante von MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\OpenCandy\614B47566FA6428BB8D35751D99C067D\LinkuryInstaller_p1v16.exe.vir"
sh=7D78D025C1375B3B8F20EF9B4F3366F533F79FBE ft=1 fh=02b5d1a3a7849f5e vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\OpenCandy\CD39BE4F3D0A436AA924F9D634B4AB4A\LinkuryYAHOO_RBCB_p3v9.exe.vir"
sh=E035DE874BDBD35FE0EDD96302B2C980255C1498 ft=1 fh=a6e973434b7a08bb vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kami\AppData\Roaming\RHEng\DAE14C63A15B41BF8BC3211003B6ADCC\setupS_p2v0.exe.vir"
sh=F50A3CB8382FD15DB7527261B9E9D7D24A032876 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\RF\AppData\Roaming\Mozilla\Firefox\Profiles\w15ahy2w.default\Extensions\webbooster@iminent.com.xpi.vir"
sh=0FD7F3F732BFBD0956BB319E25F361E2AE6D8F12 ft=1 fh=a33b31cb5f52c3c7 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\System32\roboot64.exe.vir"
sh=326DDCDC1D34295C49B4D2FF70218852D3DE8285 ft=1 fh=47f60d3b054efe7a vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\System32\drivers\iSafeKrnlBoot.sys.vir"
sh=BB81439EA817953E9DBE7B7039F29456D4DC64D7 ft=1 fh=3e21a739fcfccdc1 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\System32\drivers\iSafeNetFilter.sys.vir"
sh=8B67C4946B050285FE89EFE36AB6DC2F7B3E2D2F ft=1 fh=d91722da20002316 vn="Variante von Win64/Riskware.NetFilter.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\System32\drivers\netfilter64.sys.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Hotel\AppData\LocalLow\Winload\tbWinl.dll"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\kami\AppData\LocalLow\Winload\tbWinl.dll"
sh=171D0DFAD4ABC8BFCFC3DE6AD9EB03DBA9CB60AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\kami\AppData\Roaming\HnmIsEN3HeBGjmHRcutCSbAF6p"
sh=6C80AC03C05EE6951308BCCF4A4E5CE6B1DA950B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\prefs-1.js"
sh=50CCCAC1245B5A771D2C7402A0ED3A9EE8260C57 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\prefs.js"
sh=B6416189314997F40D8AFACBEE26FDAF2E1BFBF5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\extensions\18c3bc7a-b2aa-43c1-885a-665d2f25cf89@d6802e59-3519-4428-bef7-bce888d550bb.com\extensionData\plugins\1.js"
sh=D88BC1DC06D849820DF1C3783159BE2E5424E5F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\extensions\18c3bc7a-b2aa-43c1-885a-665d2f25cf89@d6802e59-3519-4428-bef7-bce888d550bb.com\extensionData\plugins\190.js"
sh=3D8FEB274B1F910633E0EE3966A82AE9DCBD406A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\extensions\18c3bc7a-b2aa-43c1-885a-665d2f25cf89@d6802e59-3519-4428-bef7-bce888d550bb.com\extensionData\plugins\21.js"
sh=A61F2AB2BDA3DF4EA26FB96BFA4BAA4BEFA99E6A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\extensions\18c3bc7a-b2aa-43c1-885a-665d2f25cf89@d6802e59-3519-4428-bef7-bce888d550bb.com\extensionData\plugins\28.js"
sh=50734BE26157FCF2996922F76B9AF0A0088EFD2A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\extensions\18c3bc7a-b2aa-43c1-885a-665d2f25cf89@d6802e59-3519-4428-bef7-bce888d550bb.com\extensionData\plugins\91.js"
sh=3C26CA142E5A92936611842EE4E474BAD4D94693 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\kami\Documents\Immobilien\Projekte\Dheim_Hh7\OG-Büro\Elektro-Ausrüstung\RJ45-Kabel\Telefonkabel und Netzwerkkabel  Wellenwiderstand (Impedanz) der Doppeladern-Dateien\default_adapter.js"
sh=66F4780CB3ECD9E5A7B57C5E232BAE3BF3D05BBE ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\kami\Documents\Immobilien\Projekte\Dheim_Hh7\OG-Büro\Elektro-Ausrüstung\RJ45-Kabel\Telefonkabel und Netzwerkkabel  Wellenwiderstand (Impedanz) der Doppeladern-Dateien\minibar.js"
sh=B2FAD413E2E26181EFA3E9DF32FE87A4265D5F87 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\kami\Documents\Immobilien\Projekte\Dheim_Hh7\OG-Büro\Elektro-Ausrüstung\RJ45-Kabel\Telefonkabel und Netzwerkkabel  Wellenwiderstand (Impedanz) der Doppeladern-Dateien\minibar_002.js"
sh=829853158C9D1F1212D39CE6056E8C7DD16F4E36 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\kami\Documents\Immobilien\Projekte\Dheim_Hh7\OG-Büro\Elektro-Ausrüstung\RJ45-Kabel\Telefonkabel und Netzwerkkabel  Wellenwiderstand (Impedanz) der Doppeladern-Dateien\minibar_003.js"
sh=3C26CA142E5A92936611842EE4E474BAD4D94693 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\kami\Documents\Immobilien\Projekte\Dheim_Hh7\OG-Büro\Elektro-Ausrüstung\RJ45-Kabel\Telefonkabel – Wikipedia-Dateien\default_adapter.js"
sh=66F4780CB3ECD9E5A7B57C5E232BAE3BF3D05BBE ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\kami\Documents\Immobilien\Projekte\Dheim_Hh7\OG-Büro\Elektro-Ausrüstung\RJ45-Kabel\Telefonkabel – Wikipedia-Dateien\minibar.js"
sh=B2FAD413E2E26181EFA3E9DF32FE87A4265D5F87 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\kami\Documents\Immobilien\Projekte\Dheim_Hh7\OG-Büro\Elektro-Ausrüstung\RJ45-Kabel\Telefonkabel – Wikipedia-Dateien\minibar_002.js"
sh=829853158C9D1F1212D39CE6056E8C7DD16F4E36 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\kami\Documents\Immobilien\Projekte\Dheim_Hh7\OG-Büro\Elektro-Ausrüstung\RJ45-Kabel\Telefonkabel – Wikipedia-Dateien\minibar_003.js"
sh=9434866971DD357600C9F2B1E31B7893C3A070F0 ft=1 fh=4f14aeb246e47811 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\LTplusCAD\LTTools\PDFCreator\PDFCreator.exe"
sh=EE475F3C3598C34938335A65E14B366BF706749E ft=1 fh=36a8d984508d8c97 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\SW-Downloads\LTplus\Setup_Installation.exe"
sh=3C26CA142E5A92936611842EE4E474BAD4D94693 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\SW-Downloads\Windows-Tools\HijackThis\HijackThis Logfileauswertung-Dateien\default_adapter.js"
sh=829853158C9D1F1212D39CE6056E8C7DD16F4E36 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\SW-Downloads\Windows-Tools\HijackThis\HijackThis Logfileauswertung-Dateien\minibar.js"
sh=66F4780CB3ECD9E5A7B57C5E232BAE3BF3D05BBE ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\SW-Downloads\Windows-Tools\HijackThis\HijackThis Logfileauswertung-Dateien\minibar_002.js"
sh=B2FAD413E2E26181EFA3E9DF32FE87A4265D5F87 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\SW-Downloads\Windows-Tools\HijackThis\HijackThis Logfileauswertung-Dateien\minibar_003.js"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hotel\AppData\LocalLow\Winload\tbWinl.dll"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kami\AppData\LocalLow\Winload\tbWinl.dll"
sh=171D0DFAD4ABC8BFCFC3DE6AD9EB03DBA9CB60AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kami\AppData\Roaming\HnmIsEN3HeBGjmHRcutCSbAF6p"
sh=6C80AC03C05EE6951308BCCF4A4E5CE6B1DA950B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\prefs-1.js"
sh=50CCCAC1245B5A771D2C7402A0ED3A9EE8260C57 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\prefs.js"
sh=B6416189314997F40D8AFACBEE26FDAF2E1BFBF5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\extensions\18c3bc7a-b2aa-43c1-885a-665d2f25cf89@d6802e59-3519-4428-bef7-bce888d550bb.com\extensionData\plugins\1.js"
sh=D88BC1DC06D849820DF1C3783159BE2E5424E5F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\extensions\18c3bc7a-b2aa-43c1-885a-665d2f25cf89@d6802e59-3519-4428-bef7-bce888d550bb.com\extensionData\plugins\190.js"
sh=3D8FEB274B1F910633E0EE3966A82AE9DCBD406A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\extensions\18c3bc7a-b2aa-43c1-885a-665d2f25cf89@d6802e59-3519-4428-bef7-bce888d550bb.com\extensionData\plugins\21.js"
sh=A61F2AB2BDA3DF4EA26FB96BFA4BAA4BEFA99E6A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\extensions\18c3bc7a-b2aa-43c1-885a-665d2f25cf89@d6802e59-3519-4428-bef7-bce888d550bb.com\extensionData\plugins\28.js"
sh=50734BE26157FCF2996922F76B9AF0A0088EFD2A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\extensions\18c3bc7a-b2aa-43c1-885a-665d2f25cf89@d6802e59-3519-4428-bef7-bce888d550bb.com\extensionData\plugins\91.js"
sh=3C26CA142E5A92936611842EE4E474BAD4D94693 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kami\Documents\Immobilien\Projekte\Dheim_Hh7\OG-Büro\Elektro-Ausrüstung\RJ45-Kabel\Telefonkabel und Netzwerkkabel  Wellenwiderstand (Impedanz) der Doppeladern-Dateien\default_adapter.js"
sh=66F4780CB3ECD9E5A7B57C5E232BAE3BF3D05BBE ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kami\Documents\Immobilien\Projekte\Dheim_Hh7\OG-Büro\Elektro-Ausrüstung\RJ45-Kabel\Telefonkabel und Netzwerkkabel  Wellenwiderstand (Impedanz) der Doppeladern-Dateien\minibar.js"
sh=B2FAD413E2E26181EFA3E9DF32FE87A4265D5F87 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kami\Documents\Immobilien\Projekte\Dheim_Hh7\OG-Büro\Elektro-Ausrüstung\RJ45-Kabel\Telefonkabel und Netzwerkkabel  Wellenwiderstand (Impedanz) der Doppeladern-Dateien\minibar_002.js"
sh=829853158C9D1F1212D39CE6056E8C7DD16F4E36 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kami\Documents\Immobilien\Projekte\Dheim_Hh7\OG-Büro\Elektro-Ausrüstung\RJ45-Kabel\Telefonkabel und Netzwerkkabel  Wellenwiderstand (Impedanz) der Doppeladern-Dateien\minibar_003.js"
sh=3C26CA142E5A92936611842EE4E474BAD4D94693 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kami\Documents\Immobilien\Projekte\Dheim_Hh7\OG-Büro\Elektro-Ausrüstung\RJ45-Kabel\Telefonkabel – Wikipedia-Dateien\default_adapter.js"
sh=66F4780CB3ECD9E5A7B57C5E232BAE3BF3D05BBE ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kami\Documents\Immobilien\Projekte\Dheim_Hh7\OG-Büro\Elektro-Ausrüstung\RJ45-Kabel\Telefonkabel – Wikipedia-Dateien\minibar.js"
sh=B2FAD413E2E26181EFA3E9DF32FE87A4265D5F87 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kami\Documents\Immobilien\Projekte\Dheim_Hh7\OG-Büro\Elektro-Ausrüstung\RJ45-Kabel\Telefonkabel – Wikipedia-Dateien\minibar_002.js"
sh=829853158C9D1F1212D39CE6056E8C7DD16F4E36 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kami\Documents\Immobilien\Projekte\Dheim_Hh7\OG-Büro\Elektro-Ausrüstung\RJ45-Kabel\Telefonkabel – Wikipedia-Dateien\minibar_003.js"
sh=FF273D0017363755214FA5CD888C2C2D54721700 ft=1 fh=0089eae0191970f8 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll"
sh=A70EFAB5F2D2D83AD2B7E0304169C73F6D0EC700 ft=1 fh=011924ad9c4ebdbf vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll"
sh=F966F534D43FAFF4C5993B8ED2252AB726E07990 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="G:\Landkarten\Baden-Württemberg\Firefox-Backup_131022.fbk"
sh=3C26CA142E5A92936611842EE4E474BAD4D94693 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="G:\Immobilien\Projekte\Dheim_Hh7\OG-Büro\Elektro-Ausrüstung\RJ45-Kabel\Telefonkabel und Netzwerkkabel  Wellenwiderstand (Impedanz) der Doppeladern-Dateien\default_adapter.js"
sh=66F4780CB3ECD9E5A7B57C5E232BAE3BF3D05BBE ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="G:\Immobilien\Projekte\Dheim_Hh7\OG-Büro\Elektro-Ausrüstung\RJ45-Kabel\Telefonkabel und Netzwerkkabel  Wellenwiderstand (Impedanz) der Doppeladern-Dateien\minibar.js"
sh=B2FAD413E2E26181EFA3E9DF32FE87A4265D5F87 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="G:\Immobilien\Projekte\Dheim_Hh7\OG-Büro\Elektro-Ausrüstung\RJ45-Kabel\Telefonkabel und Netzwerkkabel  Wellenwiderstand (Impedanz) der Doppeladern-Dateien\minibar_002.js"
sh=829853158C9D1F1212D39CE6056E8C7DD16F4E36 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="G:\Immobilien\Projekte\Dheim_Hh7\OG-Büro\Elektro-Ausrüstung\RJ45-Kabel\Telefonkabel und Netzwerkkabel  Wellenwiderstand (Impedanz) der Doppeladern-Dateien\minibar_003.js"
sh=3C26CA142E5A92936611842EE4E474BAD4D94693 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="G:\Immobilien\Projekte\Dheim_Hh7\OG-Büro\Elektro-Ausrüstung\RJ45-Kabel\Telefonkabel – Wikipedia-Dateien\default_adapter.js"
sh=66F4780CB3ECD9E5A7B57C5E232BAE3BF3D05BBE ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="G:\Immobilien\Projekte\Dheim_Hh7\OG-Büro\Elektro-Ausrüstung\RJ45-Kabel\Telefonkabel – Wikipedia-Dateien\minibar.js"
sh=B2FAD413E2E26181EFA3E9DF32FE87A4265D5F87 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="G:\Immobilien\Projekte\Dheim_Hh7\OG-Büro\Elektro-Ausrüstung\RJ45-Kabel\Telefonkabel – Wikipedia-Dateien\minibar_002.js"
sh=829853158C9D1F1212D39CE6056E8C7DD16F4E36 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="G:\Immobilien\Projekte\Dheim_Hh7\OG-Büro\Elektro-Ausrüstung\RJ45-Kabel\Telefonkabel – Wikipedia-Dateien\minibar_003.js"
sh=EE475F3C3598C34938335A65E14B366BF706749E ft=1 fh=36a8d984508d8c97 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="G:\SW-Downloads\LTplus\Setup_Installation.exe"
sh=3C26CA142E5A92936611842EE4E474BAD4D94693 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="G:\SW-Downloads\Windows-Tools\HijackThis\HijackThis Logfileauswertung-Dateien\default_adapter.js"
sh=829853158C9D1F1212D39CE6056E8C7DD16F4E36 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="G:\SW-Downloads\Windows-Tools\HijackThis\HijackThis Logfileauswertung-Dateien\minibar.js"
sh=66F4780CB3ECD9E5A7B57C5E232BAE3BF3D05BBE ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="G:\SW-Downloads\Windows-Tools\HijackThis\HijackThis Logfileauswertung-Dateien\minibar_002.js"
sh=B2FAD413E2E26181EFA3E9DF32FE87A4265D5F87 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="G:\SW-Downloads\Windows-Tools\HijackThis\HijackThis Logfileauswertung-Dateien\minibar_003.js"
sh=FD819637BA31AE25F7F34FF865535FB1BC135549 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2013-12-15 190002\Backup Files 2013-12-15 190002\Backup files 11.zip"
sh=0029D8DF29A83754875289235D3FA7EEB5725A14 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2013-12-15 190002\Backup Files 2013-12-15 190002\Backup files 28.zip"
sh=BA97C92D98B9AF1001987B6EC0058590943558AD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2013-12-15 190002\Backup Files 2013-12-15 190002\Backup files 29.zip"
sh=2BDEA9516BB7EA9A77480E007010F673DA70303A ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2013-12-15 190002\Backup Files 2013-12-15 190002\Backup files 30.zip"
sh=EF2E11102A83F5876B4C992294900BD70034236A ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2013-12-15 190002\Backup Files 2013-12-15 190002\Backup files 32.zip"
sh=B1D206641CD77BDCEA5C1D543AB46B2A5162ABF7 ft=0 fh=0000000000000000 vn="MSIL/AdvancedSystemProtector.C evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2013-12-15 190002\Backup Files 2013-12-15 190002\Backup files 34.zip"
sh=548EB45BA5D46DCDDD91EB1696976E256D2FD902 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2013-12-15 190002\Backup Files 2013-12-15 190002\Backup files 36.zip"
sh=EF686FFF20F1DB3B0ABF8BAB8EA45BD46497DFA6 ft=0 fh=0000000000000000 vn="Win32/InstallMonetizer.AH evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2013-12-15 190002\Backup Files 2013-12-15 190002\Backup files 37.zip"
sh=FD91F97FEB08010C854D2CBA99A272511DE962D4 ft=0 fh=0000000000000000 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2013-12-15 190002\Backup Files 2013-12-15 190002\Backup files 38.zip"
sh=EF9FD2B4557623789152BAA2CD540A7F67139938 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2013-12-15 190002\Backup Files 2013-12-15 190002\Backup files 39.zip"
sh=F2FDBFA5B6D2F2EE07AC779559A5C54767EE3186 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2013-12-15 190002\Backup Files 2013-12-22 190007\Backup files 1.zip"
sh=3454D122ECCA7B271D2F3D753F8D25D726843F92 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2013-12-15 190002\Backup Files 2013-12-29 190015\Backup files 1.zip"
sh=5B8BC6D090B94822DD7AE360301DCEA144539EEC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2013-12-15 190002\Backup Files 2014-01-06 110117\Backup files 1.zip"
sh=B8EC6E364199371235C9FFC6FDD16661EC99CF0D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2013-12-15 190002\Backup Files 2014-01-13 131207\Backup files 1.zip"
sh=78AFEBD9CF972E45C231D120C9D86450DEDBB0D5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2013-12-15 190002\Backup Files 2014-01-20 095318\Backup files 1.zip"
sh=3649153E83C5802B0BB73D886F9D5FA6975663E9 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-01-27 110646\Backup Files 2014-01-27 110646\Backup files 11.zip"
sh=F32C0BDB8B167970899F34F1E34AA6AD7F23905D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-01-27 110646\Backup Files 2014-01-27 110646\Backup files 30.zip"
sh=E2CA99938D865AD6AE2D464AC77483E1409C952D ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-01-27 110646\Backup Files 2014-01-27 110646\Backup files 34.zip"
sh=4756AE894E4BA453255F95FA8AB5F30F57E2E32A ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-01-27 110646\Backup Files 2014-01-27 110646\Backup files 35.zip"
sh=CFE3FE5F3339F65B0128DA579FFE43F3E7C1327D ft=0 fh=0000000000000000 vn="MSIL/AdvancedSystemProtector.C evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-01-27 110646\Backup Files 2014-01-27 110646\Backup files 37.zip"
sh=A2FE0CD7032D940354A497B852EF990A9FA76A53 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-01-27 110646\Backup Files 2014-01-27 110646\Backup files 40.zip"
sh=5B7782F1A52D631C62B0502710827B76560220DC ft=0 fh=0000000000000000 vn="Win32/InstallMonetizer.AH evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-01-27 110646\Backup Files 2014-01-27 110646\Backup files 41.zip"
sh=7067585FDC2ED93EA193EB906D4C0A3F72EC117D ft=0 fh=0000000000000000 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-01-27 110646\Backup Files 2014-01-27 110646\Backup files 42.zip"
sh=B3ED0F7994F273A75C35EF08856CD4B41C599BA0 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-01-27 110646\Backup Files 2014-01-27 110646\Backup files 43.zip"
sh=87A4259CDE9042D2057BE34596A0D28D33178908 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-01-27 110646\Backup Files 2014-02-03 113804\Backup files 2.zip"
sh=B8D9ED7C9DBE41505D6E82606FC6CAE847DF1FB9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-01-27 110646\Backup Files 2014-02-10 104241\Backup files 1.zip"
sh=BEE3D43DC5C0342743644344FF409DACC9AE5F75 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-01-27 110646\Backup Files 2014-02-16 190004\Backup files 1.zip"
sh=2615E84D2A206FB0E90A4319EC78D1A6D03D5CD1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-01-27 110646\Backup Files 2014-02-23 190007\Backup files 1.zip"
sh=3CAD365D55246AE072F871258ACF3F8242A5D3BF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-01-27 110646\Backup Files 2014-03-10 095805\Backup files 1.zip"
sh=6279C677233266042DED52F0F0310DAC3E9D5798 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-01-27 110646\Backup Files 2014-03-17 100810\Backup files 1.zip"
sh=BAAB38E52793E9DD18E025E1946A3B535493A167 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-01-27 110646\Backup Files 2014-03-24 114819\Backup files 1.zip"
sh=B92E777BBE2C77E4D698D7ADF901A24EEC0AF61F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-01-27 110646\Backup Files 2014-03-31 095917\Backup files 1.zip"
sh=4B0ECC3E6560916E60748349D1339AC039DE8631 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-01-27 110646\Backup Files 2014-04-06 190013\Backup files 1.zip"
sh=5DE90B6B3E1C6FD1F0BF3C333F65B12EB1E55316 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-01-27 110646\Backup Files 2014-04-28 115350\Backup files 1.zip"
sh=67AFF31D69D2BF527737372E7CEEAA0E28A64716 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-01-27 110646\Backup Files 2014-04-28 115350\Backup files 3.zip"
sh=79C2683B42845FDD33AA14363032E4C80A2446B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-01-27 110646\Backup Files 2014-05-05 100154\Backup files 1.zip"
sh=AA5055886A6505B31A2CC002F91FD8AA4A58B1EA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-01-27 110646\Backup Files 2014-06-02 093609\Backup files 1.zip"
sh=370DF0B7452B63EF3C3ABAECB644A83AEF1AB65B ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-01-27 110646\Backup Files 2014-06-02 093609\Backup files 4.zip"
sh=DE7C9CDD61E7D2A388D7D8288069B5152F4EBBA2 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-06-15 190003\Backup Files 2014-06-15 190003\Backup files 12.zip"
sh=7E8BC3CF7A553CA4CADB22A15EA05E84C70C2295 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-06-15 190003\Backup Files 2014-06-15 190003\Backup files 35.zip"
sh=A23C9B55D60FA812ED20931C3C14CE9D6267110A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-06-15 190003\Backup Files 2014-06-15 190003\Backup files 36.zip"
sh=6E50039EC33AA2DA163C3DDB755076E0A91F247E ft=0 fh=0000000000000000 vn="MSIL/AdvancedSystemProtector.C evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-06-15 190003\Backup Files 2014-06-15 190003\Backup files 39.zip"
sh=5A4FB3A8182C11CB4D3EB1E986CD6DC91F465144 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-06-15 190003\Backup Files 2014-06-15 190003\Backup files 42.zip"
sh=042DEE9FD0BD431863D3388C1D2F0B2EDCD2C868 ft=0 fh=0000000000000000 vn="Variante von Win32/FirseriaInstaller.I evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-06-15 190003\Backup Files 2014-06-15 190003\Backup files 43.zip"
sh=B1643F7BE0E14257BB6484FA2AAF39D0B72C2B04 ft=0 fh=0000000000000000 vn="Win32/InstallMonetizer.AH evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-06-15 190003\Backup Files 2014-06-15 190003\Backup files 44.zip"
sh=C0F09F39132FD18BCA7085691D3D8ABB3D3493E1 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-06-15 190003\Backup Files 2014-06-15 190003\Backup files 45.zip"
sh=65F6B212B6604CED1D3F9447A8D3ED78A69D3E56 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-06-15 190003\Backup Files 2014-06-15 190003\Backup files 46.zip"
sh=FAB7D4D662E029B5F32F988DD2AF9DDBD484F270 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-07-20 192431\Backup Files 2014-07-20 192431\Backup files 12.zip"
sh=6FF9845F8FE1DC6669488BACB788193BD1235975 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-07-20 192431\Backup Files 2014-07-20 192431\Backup files 35.zip"
sh=782DBEB775F445D0EE3B2D4F6A14E0EA8B82F2FD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-07-20 192431\Backup Files 2014-07-20 192431\Backup files 36.zip"
sh=4203E72C286C708F895908C839252460DB16CA08 ft=0 fh=0000000000000000 vn="MSIL/AdvancedSystemProtector.C evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-07-20 192431\Backup Files 2014-07-20 192431\Backup files 39.zip"
sh=BCB96F162E34763125AA8028730D789385D7625D ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-07-20 192431\Backup Files 2014-07-20 192431\Backup files 42.zip"
sh=2CEE7EF22A1D87A40E26C1364B7F005F0C683509 ft=0 fh=0000000000000000 vn="Variante von Win32/FirseriaInstaller.I evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-07-20 192431\Backup Files 2014-07-20 192431\Backup files 43.zip"
sh=BD3EA0FA3DE89BEA9B496140FF0BC2FFCA300C4B ft=0 fh=0000000000000000 vn="Win32/InstallMonetizer.AH evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-07-20 192431\Backup Files 2014-07-20 192431\Backup files 44.zip"
sh=B76D92A253C810B00726D8FC9AC076E3282822A9 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-07-20 192431\Backup Files 2014-07-20 192431\Backup files 45.zip"
sh=B10F7F6A0E8B0A94AD7E459F0A564153FEAF8D13 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-07-20 192431\Backup Files 2014-07-20 192431\Backup files 46.zip"
sh=14EE85CB4B4CC3E73143FB5697718ECDF879B27F ft=0 fh=0000000000000000 vn="Win32/WinloadSDA.F evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-07-20 192431\Backup Files 2014-08-18 113437\Backup files 1.zip"
sh=74F2E5394884D37C14A5D4031BF16F9A09025924 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-08-19 131229\Backup Files 2014-08-19 131229\Backup files 12.zip"
sh=A80C5938AC460D44B83C2B0B862F2E8040BD043D ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-08-19 131229\Backup Files 2014-08-19 131229\Backup files 35.zip"
sh=518FE4344EE78834A3D499D3D19C0027FD5D5A8D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-08-19 131229\Backup Files 2014-08-19 131229\Backup files 36.zip"
sh=9F94C9857FF2580A80319B321481C48FE0EC8C45 ft=0 fh=0000000000000000 vn="MSIL/AdvancedSystemProtector.C evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-08-19 131229\Backup Files 2014-08-19 131229\Backup files 39.zip"
sh=EAD60A98D35082C3A7BFC828EB063BFD5E6EA154 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-08-19 131229\Backup Files 2014-08-19 131229\Backup files 42.zip"
sh=F8268EC177E0C89AF3DA5B20E548672993B0C7B5 ft=0 fh=0000000000000000 vn="Variante von Win32/FirseriaInstaller.I evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-08-19 131229\Backup Files 2014-08-19 131229\Backup files 43.zip"
sh=4ED968A631789BC0AD7AC7D97617CA139B0F7AC1 ft=0 fh=0000000000000000 vn="Win32/InstallMonetizer.AH evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-08-19 131229\Backup Files 2014-08-19 131229\Backup files 44.zip"
sh=B265296F24A9EE6F6471956F8E6378BC560135BF ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-08-19 131229\Backup Files 2014-08-19 131229\Backup files 45.zip"
sh=88DA95D448AD6400F709816C0FE3BC9BDA9BF5CC ft=0 fh=0000000000000000 vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-08-19 131229\Backup Files 2014-08-19 131229\Backup files 46.zip"
sh=B7EBA406FFE8F372C05C3BC9D55B2F2A1572BB91 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-08-19 131229\Backup Files 2014-08-19 131229\Backup files 47.zip"
sh=72618E1F5CDE4B385EA0C17E7CBC21795C8FB860 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-08-19 131229\Backup Files 2014-09-22 102504\Backup files 2.zip"
sh=4DFADCF48F394D79255C2B0B6DF3AFB38703F022 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-11-17 173242\Backup Files 2014-11-17 173242\Backup files 13.zip"
sh=EB75C1F8D1EC311E583E06A93D28BC92DB9C500A ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-11-17 173242\Backup Files 2014-11-17 173242\Backup files 38.zip"
sh=F1662EF00CAAF2B68CD2FAD64010A0D10E4B243C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-11-17 173242\Backup Files 2014-11-17 173242\Backup files 39.zip"
sh=C0E4D18DA0DB7BFDFD6C67E6889772188FEB0454 ft=0 fh=0000000000000000 vn="MSIL/AdvancedSystemProtector.C evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-11-17 173242\Backup Files 2014-11-17 173242\Backup files 42.zip"
sh=A8E1D921205D7F7D03BAD276D91564B8A7C4A11D ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-11-17 173242\Backup Files 2014-11-17 173242\Backup files 44.zip"
sh=ACD0AC14BC89DDCEA2F0BC33FB6923395A7517D6 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-11-17 173242\Backup Files 2014-11-17 173242\Backup files 46.zip"
sh=D4BAE1C502FA25410752983E49B43CB5F4F75EF6 ft=0 fh=0000000000000000 vn="Variante von Win32/FirseriaInstaller.I evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-11-17 173242\Backup Files 2014-11-17 173242\Backup files 47.zip"
sh=7AE17FB4403E84E10BE25644978B49A2632FA129 ft=0 fh=0000000000000000 vn="Win32/InstallMonetizer.AH evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-11-17 173242\Backup Files 2014-11-17 173242\Backup files 48.zip"
sh=E16DCC595F2B4B9822F9C9A8E600913FAFBA7E4A ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-11-17 173242\Backup Files 2014-11-17 173242\Backup files 49.zip"
sh=64EB7718D9208554EA4AB2F0B762D33869D93F7C ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-11-17 173242\Backup Files 2014-11-17 173242\Backup files 51.zip"
sh=E2BC507096FF536E8DCAE5C2EBE37B93E2900563 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-11-17 173242\Backup Files 2014-12-14 190012\Backup files 1.zip"
sh=0F57DB54B3B08F8BEC031C5092195B3B68DAB370 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-11-17 173242\Backup Files 2015-01-11 190003\Backup files 5.zip"
sh=BEA749CFF7665DACA39FBAE6C184D19067ECEDFC ft=0 fh=0000000000000000 vn="Variante von Win32/WinloadSDA.I evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2014-11-17 173242\Backup Files 2015-01-26 185714\Backup files 6.zip"
sh=E54CD8344477815D1EF922D22527C9A558CE77EF ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2015-02-08 191346\Backup Files 2015-02-15 190003\Backup files 9.zip"
sh=C75A3A5B977C3D92F4D19B1D25DCFE3A8BB96710 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2015-02-08 191346\Backup Files 2015-02-15 190003\Backup files 31.zip"
sh=996FE322EA95B4C05184E9DF22FE3FE3770DFD9B ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2015-02-08 191346\Backup Files 2015-02-15 190003\Backup files 38.zip"
sh=934D028FBA1E2DD6B8080D27E3F2458B67C50F6A ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2015-02-08 191346\Backup Files 2015-02-15 190003\Backup files 39.zip"
sh=62396181F527773632C41AC1169324125EAD1156 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2015-02-08 191346\Backup Files 2015-02-15 190003\Backup files 42.zip"
sh=4630802FC83B2CAE2D56AF577D1742686FBFA73F ft=0 fh=0000000000000000 vn="Variante von Win32/WinloadSDA.I evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2015-02-08 191346\Backup Files 2015-02-15 190003\Backup files 44.zip"
sh=3FD6D3B603460F9DA4A76044C75584F7E52E8B65 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2015-02-08 191346\Backup Files 2015-02-15 190003\Backup files 47.zip"
sh=5624F1155D9C6A5FA63E20AE5C9330BDCBC9C831 ft=0 fh=0000000000000000 vn="Variante von Win32/FirseriaInstaller.I evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2015-02-08 191346\Backup Files 2015-02-15 190003\Backup files 48.zip"
sh=85AB34AB9C640641CE0468E5ADB7A711B6B819A3 ft=0 fh=0000000000000000 vn="Win32/InstallMonetizer.AH evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2015-02-08 191346\Backup Files 2015-02-15 190003\Backup files 49.zip"
sh=4B79054EFF9E0996C19CBE81DE5CCA2119B9859A ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2015-02-08 191346\Backup Files 2015-02-15 190003\Backup files 50.zip"
sh=DFCA9E679D983603AF90D1A46392DA984496A35F ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2015-02-08 191346\Backup Files 2015-02-15 190003\Backup files 52.zip"
sh=061E43514DA561169A9072CB040610062FDC31C7 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2015-04-06 112420\Backup Files 2015-04-06 112420\Backup files 14.zip"
sh=9B559F6B0B4080B5A584C5CA252DFBD3C20ED7EA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2015-04-06 112420\Backup Files 2015-04-13 114702\Backup files 19.zip"
sh=ACFC21C03473EE3ABAB2B6F4BA36879C18019DA4 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2015-04-06 112420\Backup Files 2015-04-13 114702\Backup files 27.zip"
sh=4B48679F768E023A9053D5926278AFBFDC382FAE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2015-04-06 112420\Backup Files 2015-04-13 114702\Backup files 28.zip"
sh=762D36A2C9727323B85C9A813AD88B7FC723EE8C ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\BETA\Backup Set 2015-04-06 112420\Backup Files 2015-04-13 114702\Backup files 31.zip"
sh=51DC0A93EE2E3D53C9EE6CBF6A4A8FD1A54CB52C ft=1 fh=1f9fa631af1a86f2 vn="Win32/Somoto.F evtl. unerwünschte Anwendung" ac=I fn="H:\Backup4Beta\kami\Downloads\HC2Setup.exe"
sh=737D6C038C1FADA9205604512A280B44D44F9476 ft=1 fh=f041af2c67239a3b vn="Win32/SchwarzeSonne.AB.Gen Trojaner" ac=I fn="H:\Backup4Beta\kami\Downloads\kps-homeplanner-2009-2-op.exe"
sh=A7990C81F602C5C6598F6BD58C2D246C2D5833D2 ft=1 fh=51d7c47f7ad3c782 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="H:\Backup4Beta\kami\Downloads\SoftonicDownloader_fuer_ie-snapshot(2).exe"
sh=A7990C81F602C5C6598F6BD58C2D246C2D5833D2 ft=1 fh=51d7c47f7ad3c782 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="H:\Backup4Beta\kami\Downloads\SoftonicDownloader_fuer_ie-snapshot.exe"
sh=A02098B9A90B63A1926FEED4CFB7A4978DDC8923 ft=1 fh=775ed238a3ad48de vn="Variante von Win32/SweetIM.B evtl. unerwünschte Anwendung" ac=I fn="H:\Backup4Beta\kami\Downloads\SweetImSetup.exe"
sh=E6C22311B0C5F702B16D7CAD26855F8017A69B36 ft=0 fh=0000000000000000 vn="Win32/SchwarzeSonne.AB.Gen Trojaner" ac=I fn="H:\BETA\Backup Set 2011-10-18 161232\Backup Files 2011-10-18 161232\Backup files 18.zip"
sh=995EFB6A2CE36B0359E030A81D81A5FA30A31F54 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="H:\BETA\Backup Set 2011-10-18 161232\Backup Files 2011-10-18 161232\Backup files 2.zip"
sh=BF649D30748BBD6E0C037C8958F742B1F88FE017 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\BETA\Backup Set 2011-10-18 161232\Backup Files 2011-10-18 161232\Backup files 3.zip"
sh=6D84A5C5BD5F27F91B1A419AADEA00B4DA87FF00 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.B evtl. unerwünschte Anwendung" ac=I fn="H:\BETA\Backup Set 2011-10-18 161232\Backup Files 2011-10-18 161232\Backup files 5.zip"
sh=5D7410E31E820EA5C910E2F99A06B914E2FAE59F ft=0 fh=0000000000000000 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="H:\BETA\Backup Set 2011-10-18 161232\Backup Files 2011-10-18 161232\Backup files 6.zip"
sh=197FCBD04E511FBF83F5E512B183706C6F565F4E ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="H:\BETA\Backup Set 2011-10-18 161232\Backup Files 2011-11-13 190005\Backup files 1.zip"
sh=7508DFC98E3BDBE756A973AAB678DFA727256C90 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="H:\BETA\Backup Set 2011-11-21 092950\Backup Files 2011-11-21 092950\Backup files 2.zip"
sh=F14DC8E6FF126FFD34E66E756B1337EE4BC534CC ft=0 fh=0000000000000000 vn="Win32/SchwarzeSonne.AB.Gen Trojaner" ac=I fn="H:\BETA\Backup Set 2011-11-21 092950\Backup Files 2011-11-21 092950\Backup files 22.zip"
sh=B418B17732F284AC7EF9355D4B601B04CC20D92E ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="H:\BETA\Backup Set 2011-11-21 092950\Backup Files 2011-11-21 092950\Backup files 3.zip"
sh=D906EC70C3DD3D10794FB996BFA7FEAE1A27E125 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.B evtl. unerwünschte Anwendung" ac=I fn="H:\BETA\Backup Set 2011-11-21 092950\Backup Files 2011-11-21 092950\Backup files 5.zip"
sh=3639198ACC5B91A1CF2F4B471AFD9610A50F83CA ft=0 fh=0000000000000000 vn="Win32/Somoto.F evtl. unerwünschte Anwendung" ac=I fn="H:\BETA\Backup Set 2011-11-21 092950\Backup Files 2011-11-21 092950\Backup files 6.zip"
sh=0F2D73DC9A31859F0B41E728BA3D53BBBE539119 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="H:\BETA\Backup Set 2011-11-21 092950\Backup Files 2011-11-21 092950\Backup files 7.zip"
sh=19412BADBEE25D3664DE073D333EB110C84BB9AC ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="H:\BETA\Backup Set 2011-11-21 092950\Backup Files 2011-12-11 190000\Backup files 1.zip"
sh=8B0C664D521F5ECAAE6F553E4E4B94042A5E99C9 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="H:\BETA\Backup Set 2011-11-21 092950\Backup Files 2011-12-11 190000\Backup files 2.zip"
sh=BB84FB5B756824C871988127FA1FC5DC357835DA ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.B evtl. unerwünschte Anwendung" ac=I fn="H:\BETA\Backup Set 2011-12-26 110520\Backup Files 2011-12-26 110520\Backup files 10.zip"
sh=37DCB24BD47E6A5FFE59B4CA67747E132FFE7A89 ft=0 fh=0000000000000000 vn="Win32/SchwarzeSonne.AB.Gen Trojaner" ac=I fn="H:\BETA\Backup Set 2011-12-26 110520\Backup Files 2011-12-26 110520\Backup files 26.zip"
sh=B6C86A53EBA37C4EC6CB47D3A2BEACF96561AE77 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="H:\BETA\Backup Set 2011-12-26 110520\Backup Files 2011-12-26 110520\Backup files 3.zip"
sh=4AF7AFE7C80ABCD0B07A9858D1C4398C3D2CE130 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\BETA\Backup Set 2011-12-26 110520\Backup Files 2011-12-26 110520\Backup files 4.zip"
sh=0C821046128EC04F0D6F2F7A7DAB076B7A591996 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.B evtl. unerwünschte Anwendung" ac=I fn="H:\BETA\Backup Set 2011-12-26 110520\Backup Files 2011-12-26 110520\Backup files 7.zip"
sh=AE6BB6384D3B21EA25CFC20620D6B887E074F186 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="H:\BETA\Backup Set 2011-12-26 110520\Backup Files 2011-12-26 110520\Backup files 8.zip"
sh=6757851133331C0D51D287E848FA0CF49AF6B3E4 ft=0 fh=0000000000000000 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="H:\BETA\Backup Set 2011-12-26 110520\Backup Files 2011-12-26 110520\Backup files 9.zip"
sh=849B2F060FC5D98D60594CA6284BC63FC398FD70 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="H:\BETA\Backup Set 2012-01-22 190004\Backup Files 2012-01-22 190004\Backup files 3.zip"
sh=42904D5AB683DB1A76F488A0159E759960A46E8B ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\BETA\Backup Set 2012-01-22 190004\Backup Files 2012-01-22 190004\Backup files 4.zip"
sh=C7AFCC12F481E664C07561629198203D48B7AEAD ft=0 fh=0000000000000000 vn="Win32/SoftonicDownloader evtl. unerwünschte Anwendung" ac=I fn="H:\BETA\Backup Set 2012-01-22 190004\Backup Files 2012-01-22 190004\Backup files 6.zip"
sh=430BE6E8DCFC7B19E2DB48E4BBECB8209A1BEF96 ft=1 fh=b6ec410fd8ebb48c vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="H:\Downloads\Firefox\SoftonicDownloader_fuer_recuva.exe"
sh=44423BF6F9328E8F620ACF77ECDA43E207A22F74 ft=1 fh=6f824eb7d8ebb48c vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="H:\Downloads\Firefox\SoftonicDownloader_fuer_testdisk.exe"
sh=430BE6E8DCFC7B19E2DB48E4BBECB8209A1BEF96 ft=1 fh=b6ec410fd8ebb48c vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="H:\Tools\Datenrettung\SoftonicDownloader_fuer_recuva.exe"
sh=44423BF6F9328E8F620ACF77ECDA43E207A22F74 ft=1 fh=6f824eb7d8ebb48c vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="H:\Tools\Datenrettung\SoftonicDownloader_fuer_testdisk.exe"
Schritt 4:

Code:
Results of screen317's Security Check version 1.00 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
McAfee Anti-Virus und Anti-Spyware 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 TuneUp Utilities Language Pack (de-DE)
 Java 8 Update 45 
 Java version 32-bit out of Date!
 Adobe Flash Player 17.0.0.169 
 Adobe Reader XI 
 Mozilla Firefox (37.0.2)
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

M-K-D-B 23.04.2015 15:14
Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
CloseProcesses:
C:\Documents and Settings\Hotel\AppData\LocalLow\Winload
C:\Documents and Settings\kami\AppData\Roaming\HnmIsEN3HeBGjmHRcutCSbAF6p
C:\Documents and Settings\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\prefs-1.js
C:\Documents and Settings\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\prefs.js
C:\Documents and Settings\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\extensions\18c3bc7a-b2aa-43c1-885a-665d2f25cf89@d6802e59-3519-4428-bef7-bce888d550bb.com
C:\SW-Downloads\LTplus\Setup_Installation.exe
C:\Users\Hotel\AppData\LocalLow\Winload
C:\Users\kami\AppData\Roaming\HnmIsEN3HeBGjmHRcutCSbAF6p
C:\Users\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\prefs-1.js
C:\Users\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\prefs.js
C:\Users\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\extensions\18c3bc7a-b2aa-43c1-885a-665d2f25cf89@d6802e59-3519-4428-bef7-bce888d550bb.com
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Die Fixlog von FRST gleich posten, da diese sonst mit DelFix (siehe weiter unten) automatisch entfernt wird!


Außerdem bitte die Backup-Ordner unter G:\BETA\ und H:\Beta\ per Hand löschen, da ist noch lauter Adware drauf!!!






Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

http://deeprybka.trojaner-board.de/b...ast/schild.png
Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

   
   


Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

NoMW! 23.04.2015 19:56
Hallo Matthias,

schön das du dich wieder meiner annimmst. Hier zunächst die Fixlog.txt:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2015 01
Ran by kami at 2015-04-23 16:24:10 Run:3
Running from C:\Users\kami\Desktop
Loaded Profiles: kami & RF & Vais & Hotel & Administrator (Available profiles: kami & RF & Vais & Hotel & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\Documents and Settings\Hotel\AppData\LocalLow\Winload
C:\Documents and Settings\kami\AppData\Roaming\HnmIsEN3HeBGjmHRcutCSbAF6p
C:\Documents and Settings\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\prefs-1.js
C:\Documents and Settings\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\prefs.js
C:\Documents and Settings\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\extensions\18c3bc7a-b2aa-43c1-885a-665d2f25cf89@d6802e59-3519-4428-bef7-bce888d550bb.com
C:\SW-Downloads\LTplus\Setup_Installation.exe
C:\Users\Hotel\AppData\LocalLow\Winload
C:\Users\kami\AppData\Roaming\HnmIsEN3HeBGjmHRcutCSbAF6p
C:\Users\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\prefs-1.js
C:\Users\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\prefs.js
C:\Users\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\extensions\18c3bc7a-b2aa-43c1-885a-665d2f25cf89@d6802e59-3519-4428-bef7-bce888d550bb.com
EmptyTemp:
end
*****************

Processes closed successfully.
C:\Documents and Settings\Hotel\AppData\LocalLow\Winload => Moved successfully.
C:\Documents and Settings\kami\AppData\Roaming\HnmIsEN3HeBGjmHRcutCSbAF6p => Moved successfully.
C:\Documents and Settings\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\prefs-1.js => Moved successfully.
C:\Documents and Settings\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\prefs.js => Moved successfully.
C:\Documents and Settings\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\extensions\18c3bc7a-b2aa-43c1-885a-665d2f25cf89@d6802e59-3519-4428-bef7-bce888d550bb.com => Moved successfully.
C:\SW-Downloads\LTplus\Setup_Installation.exe => Moved successfully.
"C:\Users\Hotel\AppData\LocalLow\Winload" => File/Directory not found.
"C:\Users\kami\AppData\Roaming\HnmIsEN3HeBGjmHRcutCSbAF6p" => File/Directory not found.
"C:\Users\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\prefs-1.js" => File/Directory not found.
"C:\Users\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\prefs.js" => File/Directory not found.
"C:\Users\kami\Desktop\Alte Firefox-Daten\uyv395xs.default-1346195518540\extensions\18c3bc7a-b2aa-43c1-885a-665d2f25cf89@d6802e59-3519-4428-bef7-bce888d550bb.com" => File/Directory not found.
EmptyTemp: => Removed 83.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 16:24:36 ====
Hallo Matthias,

bei mir scheint jetzt alles in Ordnung zu sein:taenzer:. Ich bin sehr, sehr froh, dass diese nervigen Attacken dank deiner ausgezeichneten Hilfe ein Ende haben. Deine Empfehlungen habe ich umgesetzt. Du und deine Mitstreiter sind Gold wert. Ab jetzt seid ihr für mich eine der absolut wichtigsten Adressen im Internet :daumenhoc. Die Spende ist schon überwiesen.

Herzliche Grüße
Karl

M-K-D-B 23.04.2015 20:52
Ich bin froh, dass wir helfen konnten :abklatsch:
Vielen Dank für die Spende!

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! :)

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:36 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130