Liebes Trojaner-Board-Team,

seit einigen Tagen bekomme ich nach dem Systemstart nach einigen Suchabfragen in Google Chrome (bislang nur darin) Redirects auf eine Werbeseite mit einer Captcha-Abfrage.

Hier einige Merkmale:

• Schafft man es auf die Original-Google-Seite zu gehen und sucht dort im Suchfeld tritt der Fehler nicht auf
• Manchmal wird man von dort automatisch auf die Adresszeile umgeleitet, dort tritt der Fehler dann auf
• Beginnt man in der Adresszeile eine Suche mit google wird scheinbar unweigerlich ein Plugin geladen, das vor dem Textfeld einen zusätzlichen Block mit Label einblendet. Ist dieses sichtbar und tätigt man eine Suche tritt der Fehler auf
• Der Fehler tritt nach Systemstart und einigen Suchanfragen mehr oder weniger willkürlich auf (zwischen 10 und 50 Suchanfragen nötig)
• Der Fehler tritt bei allen Benutzern des Systems auf
• Der Fehler tritt nur in Google Chrome auf, in anderen Browsern konnte ich ihn bislang nicht produzieren

Kleine Bemerkung vorab: ich habe den Benutzernamen durch "X__USERNAME__X" und den Computernamen durch "X__MACHINENAME__X" ersetzt. Sollte dies durch unbeabsichtigtes Umbenennen von Pfaden die Analyse an irgendeiner Stelle behindern bitte kurze Info.
Folgende Logs habe ich anzubieten:


MBAM ohne Funde

Code: Alles auswählenAufklappen

ATTFilter

<?xml version="1.0" encoding="UTF-8" ?>
<logs>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-27T02:02:37.443308+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="X__MACHINENAME__X" last_modified_tag="1836cd21-f07f-4b5d-adbe-a6069940b11b" result="Starting" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-27T02:02:37.458908+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="X__MACHINENAME__X" last_modified_tag="cf2ccf22-b76d-42c1-9532-50e0b8b1ab07" result="Started" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-27T02:02:37.521308+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="X__MACHINENAME__X" last_modified_tag="9a510e48-d76c-49da-abce-b754ff6d7a7e" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-27T02:02:42.435317+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="X__MACHINENAME__X" last_modified_tag="196e4d97-a4b5-4ea1-a2b5-97a16c181b7a" result="Started" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-27T02:23:56.183492+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="X__MACHINENAME__X" last_modified_tag="555d935e-c4f2-4c27-8bed-3306bd50b8d1" result="Starting" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-27T02:23:56.193492+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="X__MACHINENAME__X" last_modified_tag="b2e13eff-a547-4179-90af-47e201fff055" result="Started" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-27T02:23:56.223492+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="X__MACHINENAME__X" last_modified_tag="300e8a89-ee9f-4dd9-b217-494e3555add2" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-27T02:24:52.023569+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="X__MACHINENAME__X" last_modified_tag="e527420d-42ef-402a-9f17-0baf57fe2eed" result="Started" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="1" datetime="2014-07-27T03:27:03.539749+02:00" source="Scheduler" type="Update" username="SYSTEM" systemname="X__MACHINENAME__X" fromVersion="2014.7.26.9" last_modified_tag="963c2279-7c48-43c1-b1fd-ac1e191f95af" name="Malware Database" toVersion="2014.7.27.2"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-27T03:27:05.479751+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="X__MACHINENAME__X" last_modified_tag="dbbb3f4a-055a-45bf-95fd-3e1874f82d82" result="Starting" subtype="Refresh"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-27T03:27:05.489751+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="X__MACHINENAME__X" last_modified_tag="55dd48f3-9899-43ac-8416-e0d0bac09a5b" result="Stopping" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-27T03:27:05.519751+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="X__MACHINENAME__X" last_modified_tag="29b29d4c-70a5-4a3c-ada0-d95b61d50ee1" result="Stopped" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-27T03:27:09.849757+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="X__MACHINENAME__X" last_modified_tag="fdd6c927-5e5a-4de5-a7e2-788d22379dc9" result="Success" subtype="Refresh"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-27T03:27:09.869757+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="X__MACHINENAME__X" last_modified_tag="597051d5-a314-41b2-a5b0-efe7c1165412" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-27T03:27:10.159758+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="X__MACHINENAME__X" last_modified_tag="5139adde-c5aa-4db7-ab40-77fd589ede78" result="Started" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-27T03:48:04.598700+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="X__MACHINENAME__X" last_modified_tag="0cbf5416-971b-4c0c-9b30-969aeca7221e" result="Starting" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-27T03:48:04.598700+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="X__MACHINENAME__X" last_modified_tag="471f5ff3-d83c-416e-b015-9d9bcb3b1a26" result="Started" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-27T03:48:04.629900+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="X__MACHINENAME__X" last_modified_tag="1f74d993-7d94-4a1f-8177-6e5edca882ac" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-27T03:48:09.528308+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="X__MACHINENAME__X" last_modified_tag="89ecf81a-4788-4832-a081-c5303c4a34b1" result="Started" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-27T04:28:32.920684+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="X__MACHINENAME__X" last_modified_tag="f7fb0ec2-555d-404a-89f3-ac417ba842a4" result="Starting" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-27T04:28:32.951884+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="X__MACHINENAME__X" last_modified_tag="f786f366-c0dc-420d-90eb-7851ef9a9baf" result="Started" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-27T04:28:33.061085+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="X__MACHINENAME__X" last_modified_tag="242dcc91-a913-4731-a417-0ce7b94ea36b" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-27T04:28:39.332295+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="X__MACHINENAME__X" last_modified_tag="5c89782d-f995-4061-913e-3927448416c7" result="Started" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-27T04:40:12.127714+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="X__MACHINENAME__X" last_modified_tag="3fdb7132-12c8-4477-b367-6d51652b4ef6" result="Starting" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-27T04:40:12.157714+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="X__MACHINENAME__X" last_modified_tag="72ed5a9a-9744-4959-b8de-9593a5e20f02" result="Started" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-27T04:40:12.307715+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="X__MACHINENAME__X" last_modified_tag="51a4647d-7ac5-4385-a2be-aeeb78d1d7db" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-07-27T04:40:18.137723+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="X__MACHINENAME__X" last_modified_tag="886ca67a-c452-4e3a-8bc5-dea299e91999" result="Started" subtype="Malicious Website Protection"></record>
</logs>
         

Code: Alles auswählenAufklappen

ATTFilter

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/07/27 03:50:17 +0200</date>
<logfile>mbam-log-2014-07-27 (03-50-16).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.2.1012</version>
<malware-database>v2014.07.27.02</malware-database>
<rootkit-database>v2014.07.17.01</rootkit-database>
<license>premium</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>enabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>X__USERNAME__X</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>609263</objects>
<time>941</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>enabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>warn</pup>
<pum>enabled</pum>
</options>
<items>
</items>
</mbam-log>
         

gmer

Code: Alles auswählenAufklappen

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-27 05:24:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-5 OCZ-VERTEX3 rev.2.15 223,57GB
Running: Gmer-19357.exe; Driver: C:\Users\X__USERNAME__X\AppData\Local\Temp\ugldapog.sys


---- Kernel code sections - GMER 2.1 ----

.text  C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                                 fffff960000e4000 7 bytes [00, 93, F3, FF, 01, A0, F0]
.text  C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                                                             fffff960000e4008 3 bytes [C0, 06, 02]

---- User code sections - GMER 2.1 ----

.text  C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2104] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                       0000000075398791 4 bytes [C2, 04, 00, 00]
.text  C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2104] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                            0000000076bf1465 2 bytes [BF, 76]
.text  C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2104] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                           0000000076bf14bb 2 bytes [BF, 76]
.text  ...                                                                                                                                             * 2
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                0000000076bf1465 2 bytes [BF, 76]
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155               0000000076bf14bb 2 bytes [BF, 76]
.text  ...                                                                                                                                             * 2
.text  C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2512] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69              0000000076bf1465 2 bytes [BF, 76]
.text  C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2512] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155             0000000076bf14bb 2 bytes [BF, 76]
.text  ...                                                                                                                                             * 2
.text  C:\Windows\SysWOW64\vmnat.exe[2872] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 26                                                      000000006c3913c6 2 bytes [39, 6C]
.text  C:\Windows\SysWOW64\vmnat.exe[2872] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 74                                                      000000006c3913f6 2 bytes [39, 6C]
.text  C:\Windows\SysWOW64\vmnat.exe[2872] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 257                                                     000000006c3914ad 2 bytes [39, 6C]
.text  C:\Windows\SysWOW64\vmnat.exe[2872] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 303                                                     000000006c3914db 2 bytes [39, 6C]
.text  ...                                                                                                                                             * 2
.text  C:\Windows\SysWOW64\vmnat.exe[2872] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 79                                                      000000006c391577 2 bytes [39, 6C]
.text  C:\Windows\SysWOW64\vmnat.exe[2872] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 175                                                     000000006c3915d7 2 bytes [39, 6C]
.text  C:\Windows\SysWOW64\vmnat.exe[2872] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 620                                                     000000006c391794 2 bytes [39, 6C]
.text  C:\Windows\SysWOW64\vmnat.exe[2872] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 921                                                     000000006c3918c1 2 bytes [39, 6C]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                 0000000076bf1465 2 bytes [BF, 76]
.text  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                0000000076bf14bb 2 bytes [BF, 76]
.text  ...                                                                                                                                             * 2
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[6780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         0000000076bf1465 2 bytes [BF, 76]
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[6780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        0000000076bf14bb 2 bytes [BF, 76]
.text  ...                                                                                                                                             * 2

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                                
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                             C:\Program Files (x86)\DAEMON Tools Pro\
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                             0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                             0
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                          0x02 0x1E 0x20 0x9F ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                       
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                    0xA0 0x02 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                 0xCA 0xB1 0x91 0x03 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                  
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                            0x68 0x2C 0x07 0xB8 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                            
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                            
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                 C:\Program Files (x86)\DAEMON Tools Pro\
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                 0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                 0
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                              0x02 0x1E 0x20 0x9F ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                   
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                        0xA0 0x02 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                     0xCA 0xB1 0x91 0x03 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                              
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                0x68 0x2C 0x07 0xB8 ...
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0841649F-F048-0F28-4B2A-588419B68991}                                 
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0841649F-F048-0F28-4B2A-588419B68991}@oapfofmpmelpekfkdkhlencbigddnc  0x6A 0x61 0x66 0x6D ...

---- EOF - GMER 2.1 ----
         

defogger_disable

Code: Alles auswählenAufklappen

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 04:37 on 27/07/2014 (ROX)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Pro Agent -> Removed

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
         

FRST

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by X__USERNAME__X (administrator) on X__MACHINENAME__X on 27-07-2014 05:30:03
Running from C:\Users\X__USERNAME__X\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\AstSrv.exe
() C:\Program Files (x86)\DTProTS\DTProTS.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
() C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
() C:\Users\X__USERNAME__X\Downloads\ontop10\OnTop.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Google Inc.) C:\Users\X__USERNAME__X\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\X__USERNAME__X\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\X__USERNAME__X\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\X__USERNAME__X\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\X__USERNAME__X\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3988209001-333461537-3551373981-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3988209001-333461537-3551373981-1001\...\Run: [apmwinapp] => C:\Program Files (x86)\Paragon Software\HFS+ for Windows  10.0\apmwinsrv.exe [66328 2012-11-19] ()
HKU\S-1-5-21-3988209001-333461537-3551373981-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3988209001-333461537-3551373981-1001\...\MountPoints2: {077c3a5f-a40b-11e1-842b-6c626deaca32} - H:\setup.exe
HKU\S-1-5-21-3988209001-333461537-3551373981-1001\...\MountPoints2: {4ef31197-83e0-11e2-9926-005056c00008} - H:\setup.exe
HKU\S-1-5-21-3988209001-333461537-3551373981-1001\...\MountPoints2: {a007e308-b746-11e2-88ff-005056c00008} - "K:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-3988209001-333461537-3551373981-1001\...\MountPoints2: {a7a30362-b465-11e1-aa44-6c626deaca32} - J:\vs_ultimate.exe
HKU\S-1-5-21-3988209001-333461537-3551373981-1001\...\MountPoints2: {a7a30364-b465-11e1-aa44-6c626deaca32} - K:\vs_ultimate.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MOTU Pedal Service.lnk
ShortcutTarget: MOTU Pedal Service.lnk -> C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe ()
Startup: C:\Users\X__USERNAME__X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OnTop.exe - Verknüpfung.lnk
ShortcutTarget: OnTop.exe - Verknüpfung.lnk -> C:\Users\X__USERNAME__X\Downloads\ontop10\OnTop.exe ()
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\X__USERNAME__X\AppData\Roaming\Mozilla\Firefox\Profiles\kbx132tw.default-1402735048730
FF NewTab: about:blank
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:blank
FF Plugin: @3ds.com/3dxml - C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin\NP3DXMLPlugin.dll ()
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.3.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.3.1 - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @3ds.com/3dxml - C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin32\NP3DXMLPlugin.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @protectdisc.com/NPPDLicenseHelper - C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\X__USERNAME__X\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\X__USERNAME__X\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\X__USERNAME__X\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\X__USERNAME__X\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - D:\Trials Evolution Gold Edition\datapack\orbit\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afpX__USERNAME__Xy@anchorfree.com [2014-05-30]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-01-24]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012-01-10]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-01-10]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [mail@shopping-preise.de] - C:\Users\X__USERNAME__X\AppData\Roaming\Mozilla\Firefox\Profiles\sgm9k1s4.default\extensions\mail@shopping-preise.de

Chrome: 
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\X__USERNAME__X\AppData\Local\Google\Chrome\Application\37.0.2062.20\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\X__USERNAME__X\AppData\Local\Google\Chrome\Application\37.0.2062.20\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\X__USERNAME__X\AppData\Local\Google\Chrome\Application\37.0.2062.20\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\X__USERNAME__X\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\X__USERNAME__X\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-27]
CHR Extension: (YouTube) - C:\Users\X__USERNAME__X\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-21]
CHR Extension: (Google Search) - C:\Users\X__USERNAME__X\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-21]
CHR Extension: (Google Wallet) - C:\Users\X__USERNAME__X\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-03]
CHR Extension: (Gmail) - C:\Users\X__USERNAME__X\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-21]
CHR StartMenuInternet: Google Chrome - C:\Users\X__USERNAME__X\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 Ast Service; C:\Windows\SysWOW64\\AstSrv.exe [57344 2008-01-07] (Nalpeiron Ltd.) [File not signed]
S3 Bonjour Service; C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe [384512 2013-02-17] (Apple Inc.) [File not signed]
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
R2 DTProTS; C:\Program Files (x86)\DTProTS\DTProTS.exe [271360 2000-01-01] () [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-21] (Microsoft Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation)
S3 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5235712 2009-02-23] (Native Instruments GmbH) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S3 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [609632 2014-01-17] (Copyright 2013 SAMSUNG)
S2 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2012-03-29] (Microsoft Corporation) [File not signed]
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [79872 2012-08-15] (VMware, Inc.) [File not signed]
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [15680000 2012-08-15] () [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87736 2014-04-30] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-02-28] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [271728 2014-02-28] (Western Digital Technologies, Inc.)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation)
S2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 apmwin; C:\Windows\System32\DRIVERS\apmwin.sys [50456 2012-11-19] (Paragon Software Group)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-30] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [272448 2012-11-15] (DT Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R0 gpt_loader; C:\Windows\System32\DRIVERS\gpt_loader.sys [60184 2012-11-19] (Paragon Software Group)
S3 Hfsplus; C:\Windows\System32\DRIVERS\hfsplus.sys [202008 2012-11-19] (Paragon Software Group)
R2 HfsplusRec; C:\Windows\System32\DRIVERS\hfsplusrec.sys [15128 2012-11-19] (Paragon Software Group)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2010-05-20] (Paragon Software Group)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66360 2012-10-03] (Logitech Inc.)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 MFWAMIDI64; C:\Windows\System32\drivers\MFWAMIDI64.sys [32368 2011-11-09] (Mark of the Unicorn)
R3 MFWAWAVE64; C:\Windows\System32\drivers\MFWAWAVE64.sys [82544 2011-11-09] (Mark of the Unicorn)
R3 motubus; C:\Windows\System32\drivers\MotuBus64.sys [29808 2011-11-09] (Mark of the Unicorn)
R3 MotuFWA64; C:\Windows\System32\drivers\Motufwa64.sys [607856 2011-11-09] (Mark of the Unicorn)
S3 motumidi64; C:\Windows\System32\drivers\motumidi64.sys [43632 2011-11-09] (MOTU)
S3 MotuUsb64; C:\Windows\System32\Drivers\MotuUsb64.sys [64624 2011-11-09] (MOTU)
R0 mounthlp; C:\Windows\System32\DRIVERS\mounthlp.sys [42264 2012-11-19] (Paragon Software Group)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2012-03-07] (Duplex Secure Ltd.)
R0 SscRdBus; C:\Windows\System32\DRIVERS\SscRdBus.sys [91944 2010-01-25] (SuperSpeed LLC)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
R0 vidsflt61; C:\Windows\System32\DRIVERS\vsflt61.sys [142944 2012-03-07] (Acronis)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70256 2012-07-06] (VMware, Inc.)
S3 athr; system32\DRIVERS\athrx.sys [X]
S3 gfiark; system32\drivers\gfiark.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 ugldapog; \??\C:\Users\X__USERNAME__X\AppData\Local\Temp\ugldapog.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-27 05:24 - 2014-07-27 05:24 - 00009311 _____ () C:\Users\X__USERNAME__X\Downloads\gmer.txt
2014-07-27 04:47 - 2014-07-27 04:47 - 00380416 _____ () C:\Users\X__USERNAME__X\Downloads\Gmer-19357.exe
2014-07-27 04:37 - 2014-07-27 04:37 - 00050477 _____ () C:\Users\X__USERNAME__X\Downloads\Defogger.exe
2014-07-27 04:37 - 2014-07-27 04:37 - 00000658 _____ () C:\Users\X__USERNAME__X\Downloads\defogger_disable.log
2014-07-27 04:37 - 2014-07-27 04:37 - 00000198 _____ () C:\Users\X__USERNAME__X\defogger_reenable
2014-07-27 04:25 - 2014-07-27 04:25 - 00002084 _____ () C:\Windows\system32\.crusader
2014-07-27 04:24 - 2014-07-27 04:24 - 00071426 _____ () C:\Users\X__USERNAME__X\Desktop\HitmanPro_20140727_0424.log
2014-07-27 04:19 - 2014-07-27 04:19 - 00448512 _____ (OldTimer Tools) C:\Users\X__USERNAME__X\Downloads\TFC.exe
2014-07-27 04:17 - 2014-07-27 04:17 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-27 04:16 - 2014-07-27 04:26 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-27 04:16 - 2014-07-27 04:16 - 11188736 _____ (SurfRight B.V.) C:\Users\X__USERNAME__X\Downloads\HitmanPro_x64.exe
2014-07-27 04:15 - 2014-07-27 04:21 - 00000550 _____ () C:\Users\X__USERNAME__X\Downloads\SystemLook.txt
2014-07-27 04:14 - 2014-07-27 04:14 - 00165376 _____ () C:\Users\X__USERNAME__X\Downloads\SystemLook_x64.exe
2014-07-27 03:25 - 2014-07-27 03:25 - 04161313 _____ () C:\Users\X__USERNAME__X\Downloads\tdsskiller.zip
2014-07-27 03:14 - 2014-07-27 05:30 - 00028562 _____ () C:\Users\X__USERNAME__X\Downloads\FRST.txt
2014-07-27 03:14 - 2014-07-27 05:30 - 00000000 ____D () C:\FRST
2014-07-27 03:14 - 2014-07-27 03:15 - 00194978 _____ () C:\Users\X__USERNAME__X\Downloads\Additionold.txt
2014-07-27 03:14 - 2014-07-27 03:15 - 00073885 _____ () C:\Users\X__USERNAME__X\Downloads\FRSTold.txt
2014-07-27 03:13 - 2014-07-27 03:13 - 02093568 _____ (Farbar) C:\Users\X__USERNAME__X\Downloads\FRST64.exe
2014-07-27 02:59 - 2014-07-27 02:59 - 00000762 _____ () C:\Users\X__USERNAME__X\Desktop\JRT.txt
2014-07-27 02:50 - 2014-07-27 02:50 - 01016261 _____ (Thisisu) C:\Users\X__USERNAME__X\Downloads\JRT.exe
2014-07-27 02:47 - 2014-07-27 02:48 - 05172208 _____ (Aveas Limited) C:\Users\X__USERNAME__X\Downloads\Unhooker.exe
2014-07-27 02:16 - 2014-07-27 02:16 - 01354223 _____ () C:\Users\X__USERNAME__X\Downloads\adwcleaner_3.216.exe
2014-07-27 02:12 - 2014-07-27 02:12 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\X__USERNAME__X\Downloads\rkill.com
2014-07-27 02:08 - 2014-07-27 02:08 - 04165472 _____ (Kaspersky Lab ZAO) C:\Users\X__USERNAME__X\Downloads\tdsskiller.exe
2014-07-26 21:27 - 2014-07-26 21:27 - 00047681 ____N () C:\Users\X__USERNAME__X\Desktop\Keyboard Shortcuts.vssettings
2014-07-26 21:27 - 2014-07-26 21:27 - 00045463 ____N () C:\Users\X__USERNAME__X\Desktop\Accs.sln.dotsettings
2014-07-26 21:27 - 2014-07-26 21:27 - 00014719 ____N () C:\Users\X__USERNAME__X\Desktop\ResharperTypeMemberLayout.xsd
2014-07-26 21:27 - 2014-07-26 21:27 - 00004928 ____N () C:\Users\X__USERNAME__X\Desktop\WebEssentials-Settings.json
2014-07-25 00:05 - 2014-07-25 00:05 - 00001324 _____ () C:\Users\X__USERNAME__X\Desktop\toshiba.txt
2014-07-24 22:33 - 2014-07-24 22:33 - 00000464 _____ () C:\Users\X__USERNAME__X\Desktop\yp.txt
2014-07-24 22:31 - 2014-07-24 22:31 - 00000000 _____ () C:\Users\X__USERNAME__X\Downloads\search (1).crdownload
2014-07-24 22:30 - 2014-07-24 22:30 - 00000000 _____ () C:\Users\X__USERNAME__X\Downloads\search.crdownload
2014-07-24 22:29 - 2014-07-24 22:33 - 00000984 _____ () C:\Users\X__USERNAME__X\Downloads\ads
2014-07-23 22:47 - 2014-07-23 22:47 - 00296303 _____ () C:\Users\X__USERNAME__X\Desktop\powered_ui.psd
2014-07-22 23:17 - 2014-07-22 23:17 - 00509264 _____ (Microsoft Corporation) C:\Users\X__USERNAME__X\Downloads\winsdk_web.exe
2014-07-22 23:05 - 2014-07-22 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains dotPeek version 1.2
2014-07-22 23:04 - 2014-07-22 23:04 - 28185600 _____ () C:\Users\X__USERNAME__X\Downloads\dotPeekSetup-1.2.1.226.msi
2014-07-21 22:25 - 2014-07-21 22:25 - 00000000 ____D () C:\Users\X__USERNAME__X\AppData\Local\CodeSmith
2014-07-21 22:25 - 2014-07-21 22:25 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-07-21 22:15 - 2014-07-21 22:31 - 00000000 ____D () C:\Users\X__USERNAME__X\Documents\CodeSmith Generator
2014-07-21 22:15 - 2014-07-21 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeSmith Generator 7.0
2014-07-21 22:15 - 2014-07-21 22:15 - 00000000 ____D () C:\Program Files (x86)\CodeSmith
2014-07-21 19:53 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-21 19:53 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-21 19:53 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-21 19:53 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-21 19:53 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-21 19:53 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-21 19:53 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-21 19:53 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-21 19:53 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-21 19:53 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-21 19:53 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-21 19:53 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-21 19:53 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-21 19:53 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-21 19:24 - 2014-07-21 19:24 - 00000121 _____ () C:\Users\X__USERNAME__X\Desktop\images.txt
2014-07-21 18:57 - 2014-07-21 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone SDK 8.1
2014-07-21 18:57 - 2014-07-21 18:57 - 00000000 ____D () C:\Program Files (x86)\Windows Phone Silverlight Kits
2014-07-21 18:52 - 2014-07-21 18:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft XDE
2014-07-21 18:29 - 2014-07-21 18:29 - 00000000 ____D () C:\Program Files (x86)\Windows Phone Kits
2014-07-21 18:21 - 2014-07-21 18:21 - 00000000 ____D () C:\ProgramData\NuGet
2014-07-21 18:21 - 2014-07-21 18:21 - 00000000 ____D () C:\Program Files (x86)\NuGet
2014-07-21 17:56 - 2014-07-21 17:56 - 01805728 _____ (Microsoft Corporation) C:\Users\X__USERNAME__X\Downloads\VS2013.2.exe
2014-07-21 17:55 - 2014-07-21 17:55 - 00593000 _____ (Microsoft Corporation) C:\Users\X__USERNAME__X\Downloads\SSDTSetup(1).exe
2014-07-21 17:51 - 2014-07-21 17:51 - 00515668 ____N () C:\Users\X__USERNAME__X\Desktop\Imported-14-07-08-15-21-34.vssettings
2014-07-21 17:51 - 2014-07-21 17:51 - 00448070 ____N () C:\Users\X__USERNAME__X\Desktop\Exported-14-07-08-15-21-34.vssettings
2014-07-21 17:51 - 2014-07-21 17:51 - 00292095 ____N () C:\Users\X__USERNAME__X\Desktop\CurrentSettings.vssettings
2014-07-21 06:22 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-21 06:22 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-21 06:22 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-21 06:22 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-21 06:22 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-21 06:22 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-21 06:22 - 2012-06-01 07:39 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2014-07-21 06:22 - 2012-06-01 07:36 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2014-07-21 06:22 - 2012-06-01 07:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2014-07-21 06:22 - 2012-06-01 07:35 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2014-07-21 06:22 - 2012-06-01 07:34 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\admwpX__USERNAME__X.dll
2014-07-21 06:22 - 2012-06-01 07:33 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2014-07-21 06:22 - 2012-06-01 06:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2014-07-21 06:22 - 2012-06-01 06:37 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2014-07-21 06:22 - 2012-06-01 06:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2014-07-21 06:22 - 2012-06-01 06:35 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwpX__USERNAME__X.dll
2014-07-21 06:22 - 2012-06-01 06:35 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2014-07-21 06:22 - 2012-06-01 06:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2014-07-21 06:21 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-21 06:21 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-21 06:21 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-21 06:21 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-21 06:21 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-21 06:21 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-21 06:21 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-21 06:21 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-21 06:21 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-21 06:21 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwpX__USERNAME__Xystub.dll
2014-07-21 06:21 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jspX__USERNAME__Xy.dll
2014-07-21 06:21 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-21 06:21 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-21 06:21 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-21 06:21 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-21 06:21 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-21 06:21 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-21 06:21 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-21 06:21 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-21 06:21 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-21 06:21 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-21 06:21 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-21 06:21 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-21 06:21 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-21 06:21 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-21 06:21 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-21 06:21 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-21 06:21 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-21 06:21 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwpX__USERNAME__Xystub.dll
2014-07-21 06:21 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-21 06:21 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-21 06:21 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-21 06:21 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jspX__USERNAME__Xy.dll
2014-07-21 06:21 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-21 06:21 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-21 06:21 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-21 06:21 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-21 06:21 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-21 06:21 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-21 06:21 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-21 06:21 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-21 06:21 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-21 06:21 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-21 06:21 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-21 06:21 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-21 06:21 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-21 06:21 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-21 06:21 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-21 06:21 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-21 06:21 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-21 06:21 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-21 06:21 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-21 06:21 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-21 06:21 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-21 06:21 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-21 06:21 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-21 06:21 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-21 06:21 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-21 06:21 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-20 23:24 - 2014-07-20 23:24 - 00000016 _____ () C:\Windows\system32\config\software.szfi
2014-07-20 21:39 - 2014-07-20 23:16 - 00002064 _____ () C:\Windows\system32\Drivers\kgpcpy.cfg
2014-07-20 21:37 - 2014-07-20 21:37 - 00687776 _____ (iS3, Inc.) C:\Users\X__USERNAME__X\Downloads\STOPzilla_Setup.exe
2014-07-20 21:30 - 2014-07-20 21:30 - 00032654 _____ () C:\Users\X__USERNAME__X\Desktop\feedMe.xspf
2014-07-20 21:21 - 2014-07-20 21:21 - 00000000 ____D () C:\Windows\system32\log
2014-07-20 21:21 - 2014-07-16 11:39 - 00045248 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-07-20 21:19 - 2014-07-20 21:20 - 12788128 _____ (Elex do Brasil Participações Ltda) C:\Users\X__USERNAME__X\Downloads\yet_another_cleaner_sk.exe
2014-07-20 21:17 - 2014-07-20 21:18 - 29611712 _____ (Microsoft Corporation) C:\Users\X__USERNAME__X\Downloads\Windows-KB890830-x64-V5.14.exe
2014-07-20 21:15 - 2014-07-20 21:15 - 00000269 _____ () C:\Users\X__USERNAME__X\Desktop\fu.bat
2014-07-20 21:02 - 2014-07-20 21:02 - 00001336 _____ () C:\Users\X__USERNAME__X\Desktop\Continue Software Setup.lnk
2014-07-20 18:27 - 2014-07-20 18:31 - 00102125 _____ () C:\Users\X__USERNAME__X\Downloads\CslaExtension.vsix
2014-07-19 17:46 - 2014-07-19 17:46 - 00000020 ___SH () C:\Users\DefaultAppPool\ntuser.ini
2014-07-19 17:46 - 2014-07-19 17:46 - 00000000 _SHDL () C:\Users\DefaultAppPool\Vorlagen
2014-07-19 17:46 - 2014-07-19 17:46 - 00000000 _SHDL () C:\Users\DefaultAppPool\Startmenü
2014-07-19 17:46 - 2014-07-19 17:46 - 00000000 _SHDL () C:\Users\DefaultAppPool\Netzwerkumgebung
2014-07-19 17:46 - 2014-07-19 17:46 - 00000000 _SHDL () C:\Users\DefaultAppPool\Lokale Einstellungen
2014-07-19 17:46 - 2014-07-19 17:46 - 00000000 _SHDL () C:\Users\DefaultAppPool\Eigene Dateien
2014-07-19 17:46 - 2014-07-19 17:46 - 00000000 _SHDL () C:\Users\DefaultAppPool\Druckumgebung
2014-07-19 17:46 - 2014-07-19 17:46 - 00000000 _SHDL () C:\Users\DefaultAppPool\Documents\Eigene Musik
2014-07-19 17:46 - 2014-07-19 17:46 - 00000000 _SHDL () C:\Users\DefaultAppPool\Documents\Eigene Bilder
2014-07-19 17:46 - 2014-07-19 17:46 - 00000000 _SHDL () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-19 17:46 - 2014-07-19 17:46 - 00000000 _SHDL () C:\Users\DefaultAppPool\AppData\Local\Verlauf
2014-07-19 17:46 - 2014-07-19 17:46 - 00000000 _SHDL () C:\Users\DefaultAppPool\AppData\Local\Anwendungsdaten
2014-07-19 17:46 - 2014-07-19 17:46 - 00000000 _SHDL () C:\Users\DefaultAppPool\Anwendungsdaten
2014-07-19 17:46 - 2014-07-19 17:46 - 00000000 ____D () C:\Users\DefaultAppPool
2014-07-19 17:46 - 2013-01-20 10:47 - 00000000 ____D () C:\Users\DefaultAppPool\Documents\Visual Studio 2012
2014-07-19 17:46 - 2012-04-12 03:02 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2014-07-19 17:46 - 2012-03-12 07:53 - 00000000 ____D () C:\Users\DefaultAppPool\Documents\Visual Studio 2010
2014-07-19 17:46 - 2012-03-07 11:26 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
2014-07-19 17:46 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-19 17:46 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-19 15:52 - 2014-07-21 06:30 - 00045091 _____ () C:\Windows\iis7.log
2014-07-19 15:52 - 2014-07-19 15:52 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices
2014-07-19 15:52 - 2014-07-19 15:52 - 00000000 ____D () C:\Windows\system32\BestPractices
2014-07-19 15:52 - 2014-07-19 15:52 - 00000000 ____D () C:\inetpub
2014-07-15 19:04 - 2014-07-16 06:05 - 00000000 ____D () C:\Users\X__USERNAME__X\Desktop\Anzugbilder
2014-07-13 15:12 - 2014-07-13 15:53 - 00000000 ____D () C:\Users\X__USERNAME__X\Desktop\Zerro
2014-07-13 13:40 - 2014-07-27 00:53 - 00000000 ____D () C:\Users\X__USERNAME__X\AppData\Local\Powered
2014-07-12 08:45 - 2014-07-12 08:46 - 63205888 _____ () C:\Users\X__USERNAME__X\Downloads\ReSharperSetup.8.2.1000.4556.msi
2014-07-12 08:22 - 2014-07-21 18:48 - 00000000 ____D () C:\ProgramData\Windows App Certification Kit
2014-07-12 08:22 - 2014-07-12 08:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-07-12 08:22 - 2014-07-12 08:22 - 00000000 ____D () C:\Program Files\Application Verifier
2014-07-12 08:22 - 2014-07-12 08:22 - 00000000 ____D () C:\Program Files (x86)\Application Verifier
2014-07-12 08:16 - 2014-07-21 18:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Web Tools
2014-07-12 08:15 - 2014-07-12 08:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft WCF Data Services
2014-07-12 08:06 - 2014-07-21 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013
2014-07-12 08:04 - 2014-07-12 08:04 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 12.0
2014-07-11 00:17 - 2014-07-12 01:32 - 00000000 ____D () C:\Users\X__USERNAME__X\Documents\New Unity Project
2014-07-11 00:17 - 2014-07-11 00:17 - 00000000 ____D () C:\Users\X__USERNAME__X\AppData\Roaming\Unity
2014-07-11 00:17 - 2014-07-11 00:17 - 00000000 ____D () C:\ProgramData\Unity
2014-07-11 00:09 - 2014-07-11 00:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity
2014-07-11 00:09 - 2014-07-11 00:09 - 00001132 _____ () C:\Users\Public\Desktop\Unity.lnk
2014-07-11 00:09 - 2014-07-11 00:09 - 00000000 ____D () C:\Users\Public\Documents\Unity Projects
2014-07-11 00:04 - 2014-07-11 00:10 - 00000000 ____D () C:\Program Files (x86)\Unity
2014-07-10 23:57 - 2014-07-10 23:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2014-07-10 23:57 - 2014-05-16 14:04 - 00254240 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-07-10 23:57 - 2014-05-16 14:03 - 00128288 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-07-10 23:55 - 2014-07-10 23:56 - 109574432 _____ (Oracle Corporation) C:\Users\X__USERNAME__X\Downloads\VirtualBox-4.3.12-93733-Win.exe
2014-07-06 20:32 - 2014-07-26 09:47 - 00000000 ____D () C:\Users\X__USERNAME__X\Desktop\Plakat
2014-07-01 19:02 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-07-01 19:02 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-07-01 19:02 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-07-01 19:02 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-07-01 19:02 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-07-01 19:02 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-07-01 19:02 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-07-01 19:02 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-07-01 19:02 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-07-01 19:02 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-07-01 19:02 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-07-01 19:02 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-07-01 19:02 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-07-01 19:02 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-07-01 18:56 - 2014-07-01 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\SAMSUNG
2014-07-01 18:56 - 2014-07-01 18:56 - 00000000 ____D () C:\Users\Administrator\.swt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-27 05:30 - 2014-07-27 03:14 - 00028562 _____ () C:\Users\X__USERNAME__X\Downloads\FRST.txt
2014-07-27 05:30 - 2014-07-27 03:14 - 00000000 ____D () C:\FRST
2014-07-27 05:24 - 2014-07-27 05:24 - 00009311 _____ () C:\Users\X__USERNAME__X\Downloads\gmer.txt
2014-07-27 05:19 - 2012-07-01 09:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-27 04:47 - 2014-07-27 04:47 - 00380416 _____ () C:\Users\X__USERNAME__X\Downloads\Gmer-19357.exe
2014-07-27 04:47 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-27 04:47 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-27 04:44 - 2014-06-14 13:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-27 04:44 - 2011-04-12 09:43 - 00865878 _____ () C:\Windows\system32\perfh007.dat
2014-07-27 04:44 - 2011-04-12 09:43 - 00211746 _____ () C:\Windows\system32\perfc007.dat
2014-07-27 04:44 - 2009-07-14 07:13 - 02064134 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-27 04:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-07-27 04:40 - 2013-05-11 21:20 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-07-27 04:40 - 2013-01-26 11:12 - 00000000 ____D () C:\ProgramData\VMware
2014-07-27 04:39 - 2014-06-13 09:43 - 00007672 _____ () C:\Windows\setupact.log
2014-07-27 04:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-27 04:37 - 2014-07-27 04:37 - 00050477 _____ () C:\Users\X__USERNAME__X\Downloads\Defogger.exe
2014-07-27 04:37 - 2014-07-27 04:37 - 00000658 _____ () C:\Users\X__USERNAME__X\Downloads\defogger_disable.log
2014-07-27 04:37 - 2014-07-27 04:37 - 00000198 _____ () C:\Users\X__USERNAME__X\defogger_reenable
2014-07-27 04:37 - 2012-03-07 10:22 - 00000000 ____D () C:\Users\X__USERNAME__X
2014-07-27 04:37 - 2012-03-07 10:21 - 01234678 _____ () C:\Windows\WindowsUpdate.log
2014-07-27 04:26 - 2014-07-27 04:16 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-27 04:25 - 2014-07-27 04:25 - 00002084 _____ () C:\Windows\system32\.crusader
2014-07-27 04:25 - 2012-03-07 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
2014-07-27 04:25 - 2012-03-07 13:32 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Pro
2014-07-27 04:24 - 2014-07-27 04:24 - 00071426 _____ () C:\Users\X__USERNAME__X\Desktop\HitmanPro_20140727_0424.log
2014-07-27 04:21 - 2014-07-27 04:15 - 00000550 _____ () C:\Users\X__USERNAME__X\Downloads\SystemLook.txt
2014-07-27 04:19 - 2014-07-27 04:19 - 00448512 _____ (OldTimer Tools) C:\Users\X__USERNAME__X\Downloads\TFC.exe
2014-07-27 04:17 - 2014-07-27 04:17 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-27 04:16 - 2014-07-27 04:16 - 11188736 _____ (SurfRight B.V.) C:\Users\X__USERNAME__X\Downloads\HitmanPro_x64.exe
2014-07-27 04:14 - 2014-07-27 04:14 - 00165376 _____ () C:\Users\X__USERNAME__X\Downloads\SystemLook_x64.exe
2014-07-27 03:25 - 2014-07-27 03:25 - 04161313 _____ () C:\Users\X__USERNAME__X\Downloads\tdsskiller.zip
2014-07-27 03:15 - 2014-07-27 03:14 - 00194978 _____ () C:\Users\X__USERNAME__X\Downloads\Additionold.txt
2014-07-27 03:15 - 2014-07-27 03:14 - 00073885 _____ () C:\Users\X__USERNAME__X\Downloads\FRSTold.txt
2014-07-27 03:13 - 2014-07-27 03:13 - 02093568 _____ (Farbar) C:\Users\X__USERNAME__X\Downloads\FRST64.exe
2014-07-27 03:10 - 2013-11-11 15:02 - 00000000 ____D () C:\Users\X__USERNAME__X\AppData\Local\BBA3F974-2B6A-4B1E-B45D-FE4F819EF75F.aplzod
2014-07-27 02:59 - 2014-07-27 02:59 - 00000762 _____ () C:\Users\X__USERNAME__X\Desktop\JRT.txt
2014-07-27 02:50 - 2014-07-27 02:50 - 01016261 _____ (Thisisu) C:\Users\X__USERNAME__X\Downloads\JRT.exe
2014-07-27 02:48 - 2014-07-27 02:47 - 05172208 _____ (Aveas Limited) C:\Users\X__USERNAME__X\Downloads\Unhooker.exe
2014-07-27 02:26 - 2013-11-30 20:21 - 00000000 ____D () C:\AdwCleaner
2014-07-27 02:23 - 2010-11-21 05:47 - 01014972 _____ () C:\Windows\PFRO.log
2014-07-27 02:16 - 2014-07-27 02:16 - 01354223 _____ () C:\Users\X__USERNAME__X\Downloads\adwcleaner_3.216.exe
2014-07-27 02:13 - 2013-12-01 22:29 - 00004284 _____ () C:\Users\X__USERNAME__X\Desktop\Rkill.txt
2014-07-27 02:12 - 2014-07-27 02:12 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\X__USERNAME__X\Downloads\rkill.com
2014-07-27 02:08 - 2014-07-27 02:08 - 04165472 _____ (Kaspersky Lab ZAO) C:\Users\X__USERNAME__X\Downloads\tdsskiller.exe
2014-07-27 02:01 - 2012-05-15 06:10 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-27 02:01 - 2012-05-15 06:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-27 02:00 - 2012-12-04 07:36 - 00000000 ____D () C:\Users\X__USERNAME__X\AppData\Local\Adobe
2014-07-27 01:59 - 2013-04-08 01:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-27 00:59 - 2013-04-13 14:54 - 00000000 ____D () C:\Users\X__USERNAME__X\AppData\Roaming\Snoop
2014-07-27 00:53 - 2014-07-13 13:40 - 00000000 ____D () C:\Users\X__USERNAME__X\AppData\Local\Powered
2014-07-26 21:27 - 2014-07-26 21:27 - 00047681 ____N () C:\Users\X__USERNAME__X\Desktop\Keyboard Shortcuts.vssettings
2014-07-26 21:27 - 2014-07-26 21:27 - 00045463 ____N () C:\Users\X__USERNAME__X\Desktop\Accs.sln.dotsettings
2014-07-26 21:27 - 2014-07-26 21:27 - 00014719 ____N () C:\Users\X__USERNAME__X\Desktop\ResharperTypeMemberLayout.xsd
2014-07-26 21:27 - 2014-07-26 21:27 - 00004928 ____N () C:\Users\X__USERNAME__X\Desktop\WebEssentials-Settings.json
2014-07-26 15:36 - 2013-12-11 22:46 - 00000000 ____D () C:\Users\X__USERNAME__X\AppData\Local\Battle.net
2014-07-26 14:58 - 2014-04-18 14:07 - 00207949 _____ () C:\Users\X__USERNAME__X\Downloads\Kopie von Booster-Vorlage_b.xlsx
2014-07-26 10:57 - 2013-12-11 22:46 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-26 10:27 - 2012-05-28 18:03 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2
2014-07-26 09:47 - 2014-07-06 20:32 - 00000000 ____D () C:\Users\X__USERNAME__X\Desktop\Plakat
2014-07-25 22:16 - 2013-10-27 19:44 - 00000000 ____D () C:\Program Files\Nightly
2014-07-25 06:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-25 00:05 - 2014-07-25 00:05 - 00001324 _____ () C:\Users\X__USERNAME__X\Desktop\toshiba.txt
2014-07-24 22:34 - 2011-04-12 09:54 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-24 22:33 - 2014-07-24 22:33 - 00000464 _____ () C:\Users\X__USERNAME__X\Desktop\yp.txt
2014-07-24 22:33 - 2014-07-24 22:29 - 00000984 _____ () C:\Users\X__USERNAME__X\Downloads\ads
2014-07-24 22:33 - 2012-08-19 11:59 - 00000000 ____D () C:\Users\X__USERNAME__X\AppData\Local\PMB Files
2014-07-24 22:31 - 2014-07-24 22:31 - 00000000 _____ () C:\Users\X__USERNAME__X\Downloads\search (1).crdownload
2014-07-24 22:30 - 2014-07-24 22:30 - 00000000 _____ () C:\Users\X__USERNAME__X\Downloads\search.crdownload
2014-07-24 21:45 - 2012-08-19 11:59 - 00000000 ____D () C:\ProgramData\PMB Files
2014-07-24 21:02 - 2014-05-03 21:05 - 00000000 ____D () C:\Users\X__USERNAME__X\AppData\Local\Bitwig Studio
2014-07-24 19:06 - 2013-08-08 21:11 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-23 22:47 - 2014-07-23 22:47 - 00296303 _____ () C:\Users\X__USERNAME__X\Desktop\powered_ui.psd
2014-07-23 18:16 - 2012-03-11 19:56 - 00000000 ____D () C:\Users\X__USERNAME__X\AppData\Roaming\vlc
2014-07-22 23:19 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-07-22 23:17 - 2014-07-22 23:17 - 00509264 _____ (Microsoft Corporation) C:\Users\X__USERNAME__X\Downloads\winsdk_web.exe
2014-07-22 23:08 - 2012-09-04 19:43 - 00000000 ____D () C:\Users\X__USERNAME__X\AppData\Roaming\JetBrains
2014-07-22 23:08 - 2012-09-04 19:43 - 00000000 ____D () C:\Users\X__USERNAME__X\AppData\Local\JetBrains
2014-07-22 23:05 - 2014-07-22 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains dotPeek version 1.2
2014-07-22 23:04 - 2014-07-22 23:04 - 28185600 _____ () C:\Users\X__USERNAME__X\Downloads\dotPeekSetup-1.2.1.226.msi
2014-07-22 23:04 - 2012-09-04 19:39 - 00000000 ____D () C:\Program Files (x86)\JetBrains
2014-07-21 22:31 - 2014-07-21 22:15 - 00000000 ____D () C:\Users\X__USERNAME__X\Documents\CodeSmith Generator
2014-07-21 22:25 - 2014-07-21 22:25 - 00000000 ____D () C:\Users\X__USERNAME__X\AppData\Local\CodeSmith
2014-07-21 22:25 - 2014-07-21 22:25 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-07-21 22:15 - 2014-07-21 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeSmith Generator 7.0
2014-07-21 22:15 - 2014-07-21 22:15 - 00000000 ____D () C:\Program Files (x86)\CodeSmith
2014-07-21 19:27 - 2009-07-14 06:45 - 12211344 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-21 19:24 - 2014-07-21 19:24 - 00000121 _____ () C:\Users\X__USERNAME__X\Desktop\images.txt
2014-07-21 19:13 - 2013-10-27 15:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 12.0
2014-07-21 19:12 - 2012-03-07 10:40 - 00131936 _____ () C:\Users\X__USERNAME__X\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-21 19:05 - 2012-03-11 19:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-07-21 19:04 - 2013-09-21 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
2014-07-21 18:57 - 2014-07-21 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone SDK 8.1
2014-07-21 18:57 - 2014-07-21 18:57 - 00000000 ____D () C:\Program Files (x86)\Windows Phone Silverlight Kits
2014-07-21 18:52 - 2014-07-21 18:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft XDE
2014-07-21 18:48 - 2014-07-12 08:22 - 00000000 ____D () C:\ProgramData\Windows App Certification Kit
2014-07-21 18:44 - 2014-07-12 08:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Web Tools
2014-07-21 18:35 - 2012-07-01 09:02 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-21 18:34 - 2014-07-12 08:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013
2014-07-21 18:33 - 2012-03-11 19:31 - 00000000 ____D () C:\Windows\SysWOW64\1031
2014-07-21 18:29 - 2014-07-21 18:29 - 00000000 ____D () C:\Program Files (x86)\Windows Phone Kits
2014-07-21 18:21 - 2014-07-21 18:21 - 00000000 ____D () C:\ProgramData\NuGet
2014-07-21 18:21 - 2014-07-21 18:21 - 00000000 ____D () C:\Program Files (x86)\NuGet
2014-07-21 18:20 - 2012-03-11 19:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-07-21 17:56 - 2014-07-21 17:56 - 01805728 _____ (Microsoft Corporation) C:\Users\X__USERNAME__X\Downloads\VS2013.2.exe
2014-07-21 17:55 - 2014-07-21 17:55 - 00593000 _____ (Microsoft Corporation) C:\Users\X__USERNAME__X\Downloads\SSDTSetup(1).exe
2014-07-21 17:51 - 2014-07-21 17:51 - 00515668 ____N () C:\Users\X__USERNAME__X\Desktop\Imported-14-07-08-15-21-34.vssettings
2014-07-21 17:51 - 2014-07-21 17:51 - 00448070 ____N () C:\Users\X__USERNAME__X\Desktop\Exported-14-07-08-15-21-34.vssettings
2014-07-21 17:51 - 2014-07-21 17:51 - 00292095 ____N () C:\Users\X__USERNAME__X\Desktop\CurrentSettings.vssettings
2014-07-21 06:40 - 2012-03-07 14:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-21 06:30 - 2014-07-19 15:52 - 00045091 _____ () C:\Windows\iis7.log
2014-07-21 06:29 - 2014-06-19 05:32 - 00004094 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3988209001-333461537-3551373981-1001UA1cf8b6fb2ac3ac
2014-07-21 06:29 - 2014-06-19 05:32 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3988209001-333461537-3551373981-1001UA1cf8b6fb2ac3ac.job
2014-07-21 06:29 - 2014-05-08 21:26 - 00003698 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3988209001-333461537-3551373981-1001Core1cf6af37ab8a662
2014-07-21 06:29 - 2014-05-08 21:26 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3988209001-333461537-3551373981-1001Core1cf6af37ab8a662.job
2014-07-21 06:29 - 2013-07-27 09:32 - 00003904 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3988209001-333461537-3551373981-1001UA
2014-07-21 06:29 - 2013-07-27 09:32 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3988209001-333461537-3551373981-1001UA.job
2014-07-21 06:29 - 2013-07-27 09:32 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3988209001-333461537-3551373981-1001Core.job
2014-07-21 06:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2014-07-21 06:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-21 06:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-21 06:17 - 2013-07-27 09:32 - 00003536 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3988209001-333461537-3551373981-1001Core
2014-07-21 06:16 - 2012-07-01 09:44 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-21 06:14 - 2014-04-22 21:33 - 00000000 ____D () C:\ProgramData\UMS
2014-07-21 06:14 - 2012-08-15 21:05 - 00000500 __RSH () C:\Users\X__USERNAME__X\ntuser.pol
2014-07-21 06:13 - 2012-05-12 10:58 - 00000000 ____D () C:\Users\X__USERNAME__X\AppData\Local\Unity
2014-07-20 23:24 - 2014-07-20 23:24 - 00000016 _____ () C:\Windows\system32\config\software.szfi
2014-07-20 23:16 - 2014-07-20 21:39 - 00002064 _____ () C:\Windows\system32\Drivers\kgpcpy.cfg
2014-07-20 22:43 - 2013-01-19 13:39 - 00000000 ____D () C:\Users\X__USERNAME__X\.VirtualBox
2014-07-20 21:45 - 2012-01-10 01:06 - 00000000 ____D () C:\Windows\Minidump
2014-07-20 21:37 - 2014-07-20 21:37 - 00687776 _____ (iS3, Inc.) C:\Users\X__USERNAME__X\Downloads\STOPzilla_Setup.exe
2014-07-20 21:30 - 2014-07-20 21:30 - 00032654 _____ () C:\Users\X__USERNAME__X\Desktop\feedMe.xspf
2014-07-20 21:21 - 2014-07-20 21:21 - 00000000 ____D () C:\Windows\system32\log
2014-07-20 21:20 - 2014-07-20 21:19 - 12788128 _____ (Elex do Brasil Participações Ltda) C:\Users\X__USERNAME__X\Downloads\yet_another_cleaner_sk.exe
2014-07-20 21:18 - 2014-07-20 21:17 - 29611712 _____ (Microsoft Corporation) C:\Users\X__USERNAME__X\Downloads\Windows-KB890830-x64-V5.14.exe
2014-07-20 21:15 - 2014-07-20 21:15 - 00000269 _____ () C:\Users\X__USERNAME__X\Desktop\fu.bat
2014-07-20 21:02 - 2014-07-20 21:02 - 00001336 _____ () C:\Users\X__USERNAME__X\Desktop\Continue Software Setup.lnk
2014-07-20 18:31 - 2014-07-20 18:27 - 00102125 _____ () C:\Users\X__USERNAME__X\Downloads\CslaExtension.vsix
2014-07-20 17:45 - 2013-10-27 16:23 - 00000000 ____D () C:\Users\X__USERNAME__X\Documents\Visual Studio 2013
2014-07-20 15:34 - 2012-03-11 18:58 - 00000000 ____D () C:\Users\X__USERNAME__X\AppData\Roaming\IrfanView
2014-07-19 17:46 - 2014-07-19 17:46 - 00000020 ___SH () C:\Users\DefaultAppPool\ntuser.ini
2014-07-19 17:46 - 2014-07-19 17:46 - 00000000 _SHDL () C:\Users\DefaultAppPool\Vorlagen
2014-07-19 17:46 - 2014-07-19 17:46 - 00000000 _SHDL () C:\Users\DefaultAppPool\Startmenü
2014-07-19 17:46 - 2014-07-19 17:46 - 00000000 _SHDL () C:\Users\DefaultAppPool\Netzwerkumgebung
2014-07-19 17:46 - 2014-07-19 17:46 - 00000000 _SHDL () C:\Users\DefaultAppPool\Lokale Einstellungen
2014-07-19 17:46 - 2014-07-19 17:46 - 00000000 _SHDL () C:\Users\DefaultAppPool\Eigene Dateien
2014-07-19 17:46 - 2014-07-19 17:46 - 00000000 _SHDL () C:\Users\DefaultAppPool\Druckumgebung
2014-07-19 17:46 - 2014-07-19 17:46 - 00000000 _SHDL () C:\Users\DefaultAppPool\Documents\Eigene Musik
2014-07-19 17:46 - 2014-07-19 17:46 - 00000000 _SHDL () C:\Users\DefaultAppPool\Documents\Eigene Bilder
2014-07-19 17:46 - 2014-07-19 17:46 - 00000000 _SHDL () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-19 17:46 - 2014-07-19 17:46 - 00000000 _SHDL () C:\Users\DefaultAppPool\AppData\Local\Verlauf
2014-07-19 17:46 - 2014-07-19 17:46 - 00000000 _SHDL () C:\Users\DefaultAppPool\AppData\Local\Anwendungsdaten
2014-07-19 17:46 - 2014-07-19 17:46 - 00000000 _SHDL () C:\Users\DefaultAppPool\Anwendungsdaten
2014-07-19 17:46 - 2014-07-19 17:46 - 00000000 ____D () C:\Users\DefaultAppPool
2014-07-19 15:52 - 2014-07-19 15:52 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices
2014-07-19 15:52 - 2014-07-19 15:52 - 00000000 ____D () C:\Windows\system32\BestPractices
2014-07-19 15:52 - 2014-07-19 15:52 - 00000000 ____D () C:\inetpub
2014-07-19 15:52 - 2012-03-07 14:29 - 00000000 ____D () C:\Windows\system32\0409
2014-07-19 15:52 - 2012-02-14 19:39 - 01948790 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-19 15:52 - 2011-04-12 09:43 - 00000000 ____D () C:\Windows\system32\0407
2014-07-16 11:39 - 2014-07-20 21:21 - 00045248 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-07-16 06:05 - 2014-07-15 19:04 - 00000000 ____D () C:\Users\X__USERNAME__X\Desktop\Anzugbilder
2014-07-15 20:38 - 2012-05-19 13:51 - 00001456 _____ () C:\Users\X__USERNAME__X\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-07-13 15:53 - 2014-07-13 15:12 - 00000000 ____D () C:\Users\X__USERNAME__X\Desktop\Zerro
2014-07-13 15:13 - 2012-04-05 21:27 - 00014848 _____ () C:\Users\X__USERNAME__X\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-12 08:46 - 2014-07-12 08:45 - 63205888 _____ () C:\Users\X__USERNAME__X\Downloads\ReSharperSetup.8.2.1000.4556.msi
2014-07-12 08:22 - 2014-07-12 08:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-07-12 08:22 - 2014-07-12 08:22 - 00000000 ____D () C:\Program Files\Application Verifier
2014-07-12 08:22 - 2014-07-12 08:22 - 00000000 ____D () C:\Program Files (x86)\Application Verifier
2014-07-12 08:15 - 2014-07-12 08:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft WCF Data Services
2014-07-12 08:15 - 2013-03-17 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2014-07-12 08:07 - 2012-03-11 19:38 - 00000000 ____D () C:\Windows\system32\1033
2014-07-12 08:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-07-12 08:04 - 2014-07-12 08:04 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 12.0
2014-07-12 01:53 - 2012-07-01 09:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 11.0
2014-07-12 01:32 - 2014-07-11 00:17 - 00000000 ____D () C:\Users\X__USERNAME__X\Documents\New Unity Project
2014-07-11 00:17 - 2014-07-11 00:17 - 00000000 ____D () C:\Users\X__USERNAME__X\AppData\Roaming\Unity
2014-07-11 00:17 - 2014-07-11 00:17 - 00000000 ____D () C:\ProgramData\Unity
2014-07-11 00:17 - 2012-04-05 16:37 - 00000000 ____D () C:\Users\X__USERNAME__X\AppData\Local\Apple Computer
2014-07-11 00:17 - 2012-03-25 15:30 - 00000000 ____D () C:\Users\X__USERNAME__X\AppData\Roaming\Apple Computer
2014-07-11 00:10 - 2014-07-11 00:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity
2014-07-11 00:10 - 2014-07-11 00:04 - 00000000 ____D () C:\Program Files (x86)\Unity
2014-07-11 00:09 - 2014-07-11 00:09 - 00001132 _____ () C:\Users\Public\Desktop\Unity.lnk
2014-07-11 00:09 - 2014-07-11 00:09 - 00000000 ____D () C:\Users\Public\Documents\Unity Projects
2014-07-10 23:57 - 2014-07-10 23:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2014-07-10 23:57 - 2012-03-19 20:31 - 00000000 ____D () C:\Program Files\Oracle
2014-07-10 23:56 - 2014-07-10 23:55 - 109574432 _____ (Oracle Corporation) C:\Users\X__USERNAME__X\Downloads\VirtualBox-4.3.12-93733-Win.exe
2014-07-08 20:19 - 2012-03-29 19:33 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 20:19 - 2012-03-07 11:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-04 05:22 - 2014-04-21 18:40 - 00000000 ____D () C:\Users\DEVX__USERNAME__X
2014-07-04 05:22 - 2014-02-01 11:12 - 00001114 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-01 19:25 - 2013-09-08 11:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-01 19:19 - 2013-04-02 23:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-07-01 18:57 - 2013-01-22 19:45 - 00131936 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-01 18:56 - 2014-07-01 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\SAMSUNG
2014-07-01 18:56 - 2014-07-01 18:56 - 00000000 ____D () C:\Users\Administrator\.swt
2014-07-01 18:56 - 2013-01-22 19:45 - 00000500 __RSH () C:\Users\Administrator\ntuser.pol
2014-07-01 18:56 - 2013-01-22 19:45 - 00000000 ____D () C:\Users\Administrator

Files to move or delete:
====================
C:\Users\DEVX__USERNAME__X\JsDocComments.js
C:\Users\DEVX__USERNAME__X\Modern.Intellisense.js


Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\AskSLib.dll
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\DEVX__USERNAME__X\AppData\Local\Temp\avgnt.exe
C:\Users\X__USERNAME__X\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe
[2012-04-04 14:54] - [2009-12-25 19:59] - 2613248 ____A (Microsoft Corporation) 2510990F80626592DFC36058D80E7F79

C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-21 07:07

==================== End Of Log ============================
         

--- --- ---



Addition folgt.

Addition im Anhang, war leider zu groß

Habe etwas weiter recherchiert und auch wenn mir der Fehler nach wie vor nicht ganz geheuer ist scheint es sich nicht um einen Befall zu handeln. Ein Zurücksetzen des Browsers hat alles behoben und nur wenn man wie ein Bekloppter Suchanfragen rausschickt taucht er wieder auf (zuvor aber wirklich bereits nach wenigen Suchanfragen, die bereits im Rahmen einer normalen Recherche entstehen).

Also bitte keine Zeit auf die Analyse verwenden und das Thema löschen. Ich beobachte das weiter und melde mich erneut wenn etwas verdächtiges auftritt. Sorry, falls ich jemandem Arbeit gemacht habe!

Hallo,

leider wurde Dein Thema aus (technischen Gründen) übersehen. Da mehrere Antworten in Deinem Thema vorhanden waren, wurde es versehentlich als 'bereits in Arbeit' eingestuft.

Dies bitten wir zu entschuldigen.

Wir versuchen jedem Hilfesuchenden binnen kurzer Zeit zu antworten und Lösungen für das Problem anzubieten.

Bitte erstelle ggf. ein neues Thema, damit sich ein Teammitglied deinem Problem annehmen kann.

Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Vielen Dank für Dein Verständnis.