Win7: dos Anhang in zip einer Anwaltsmail geklickt

danigg · 19.11.2014, 07:13

Guten Tag

Ich habe übereilt einen zip Email Anhang geöffnet in welchem ich mit vollem Namen angesprochen wurde und darin zu schnell eine DOS Anwendung gestartet. Viel ist nicht geschehen, nur kamen danach Meldungen bezüglich meiner Lauwerke, wo ich einen Datenträger einlegen soll.
Die Email hatte diesen Text:
Sehr geehrter Kunde (Mein voller Vor und Nachname),

Ihr Kreditinstitut hat die Lastschrift zurück buchen lassen. Sie haben eine ungedeckte Rechnung bei unseren Mandanten Mail & Media GmbH. Namens unseren Mandanten fordern wir Sie auf, die offene Gesamtforderung unverzüglich zu begleichen.

Aufgrund des bestehenden Zahlungsrückstands sind Sie verpflichtet zusätzlich, die durch unsere Beauftragung entstandenen Gebühren von 49,45 Euro zu tragen. Die vollständige Zahlung erwarten wir bis spätestens 20.11.2014. Für Rückfragen oder Reklamationen erwarten wir eine Kontaktaufnahme innerhalb des gleichen Zeitraums.

Es erfolgt keine weitere Mahnung. Nach Ablauf der festgelegten Frist wird die Akte dem Staatsanwalt und der Schufa übergeben. Die vollständige Kostenaufstellung, der Sie alle Buchungen entnehmen können, ist beigefügt.

Mit freundlichen Grüßen

Stellvertretender Rechtsanwalt von Bora Aaron

Bin mir jetzt nicht sicher was ich damit ausgelöst habe. Nach dem Erstellen aller Logfiles habe ich einen längeren Vollscan mit Antivir gemacht, welches einen Fund meldetete. Ist auch im Anhang.

Vielen Dank für die Hilfe

schrauber · 19.11.2014, 07:30

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

danigg · 19.11.2014, 15:09

okey, war eben zu gross, auf mehrere posts bin nicht gekommen. Danke für die Antwort.

defoger:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:44 on 17/11/2014 (Daniel)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

frst:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2014
Ran by Daniel (administrator) on ESSPRESSO on 17-11-2014 22:45:46
Running from C:\Users\Daniel\Desktop
Loaded Profiles: Daniel & UpdatusUser (Available profiles: Daniel & Test nachname & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(IBM) C:\Program Files (x86)\IBM\Notes\nsd.exe
() C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(IBM Corp) C:\Program Files (x86)\IBM\Notes\SUService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(IBM Corp) C:\Program Files (x86)\IBM\Notes\ntmulti.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(LG Electronics) C:\Users\Daniel\Bluebirds\BlueBirds.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
() C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Dyn, Inc.) C:\Program Files (x86)\DynDNS Updater\DynTray.exe
(Dropbox, Inc.) C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
() C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(LaCie) C:\Users\Daniel\AppData\Roaming\Wuala\Wuala.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(BitLeader) C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Wuala Dokan\mounter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SoundMAX] => C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [LaCie Desktop Manager Launcher] => "C:\Program Files\LaCie\Desktop Manager\lacie_launcherd.exe"
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519408 2013-07-18] (Acronis)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [600928 2014-01-17] (Copyright 2013 SAMSUNG)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-26] (Bitleader)
HKLM-x32\...\Run: [Corel Photo Downloader] => C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [532808 2008-08-08] (Corel, Inc.)
HKLM-x32\...\Run: [Corel File Shell Monitor] => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [16712 2008-08-08] ()
HKLM-x32\...\Run: [NBKeyScan] => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-07-16] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-09-28] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2010-07-20] (Analog Devices, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [Bonus.SSR.FR10] => C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe [941320 2010-10-15] (ABBYY.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-14] (InstallShield Software Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-10-09] (APN)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7843744 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104616 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2711576 2014-10-03] (Sony Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\Run: [bluebirds] => C:\Users\Daniel\Bluebirds\BlueBirds.exe [270336 2009-04-29] (LG Electronics)
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1840424 2008-12-12] (Nero AG)
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\Run: [LaCie Desktop Manager Startup] => C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe [3441664 2012-04-05] ()
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\Run: [Data Replicator 3] => "C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe" /MIN
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\Run: [script] => C:\Users\Daniel\AppData\Roaming\Script\script.exe [148480 2014-11-17] ()
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\MountPoints2: K - K:\autorun\REPOWER.exe PUREPOWERgraubuenden.html
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\MountPoints2: {197bf242-7360-11df-87cf-0023546fd856} - G:\AUTORUN.EXE
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\MountPoints2: {4b7e6ff3-7792-11df-aebd-0023546fd856} - L:\autorun\REPOWER.exe PUREPOWERgraubuenden.html
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\MountPoints2: {bc02f379-df4a-11df-bc76-0023546fd856} - K:\LaunchU3.exe -a
AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll => C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll => C:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dyn Updater Tray Icon.lnk
ShortcutTarget: Dyn Updater Tray Icon.lnk -> C:\Program Files (x86)\DynDNS Updater\DynTray.exe (Dyn, Inc.)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk
ShortcutTarget: Wuala.lnk -> C:\Users\Daniel\AppData\Roaming\Wuala\Wuala.exe (LaCie)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {1F7935EF-4F47-43CF-8582-44EFFC86721E} => C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {1F7935EF-4F47-43CF-8582-44EFFC86721E} => C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
SearchScopes: HKU\S-1-5-21-3622117705-1755725411-2992989562-1001 -> DefaultScope {D09ECB80-1010-4E22-8D47-1C4A10DBB733} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKU\S-1-5-21-3622117705-1755725411-2992989562-1001 -> {D09ECB80-1010-4E22-8D47-1C4A10DBB733} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3622117705-1755725411-2992989562-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\..\Interfaces\{21B4DB2A-C7B2-4BAE-9A5F-AD9B407E1B15}: [NameServer] 8.8.8.8,8.8.4.4,195.186.1.162,195.86.4.162

FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\1nthujid.default-1405679983043
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3622117705-1755725411-2992989562-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Daniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3622117705-1755725411-2992989562-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\t9b3uhph.Dani\searchplugins\google-schweiz.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\1nthujid.default-1405679983043\searchplugins\google-schweiz---aus-der-schweiz.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\1nthujid.default-1405679983043\searchplugins\google-schweiz.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\1nthujid.default-1405679983043\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\1nthujid.default-1405679983043\searchplugins\wikipedia-deutsch.xml
FF Extension: Firebug - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\1nthujid.default-1405679983043\Extensions\firebug@software.joehewitt.com.xpi [2014-07-18]
FF Extension: Menu Editor - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\1nthujid.default-1405679983043\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2014-07-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-07-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-07-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-07-23]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-02-06]

Chrome: 
=======
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab [2014-01-19]
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-11-03]
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-11-03]
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Daniel\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-01-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Professional.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [814344 2010-07-22] (ABBYY)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2010-07-20] (Andrea Electronics Corporation)
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806704 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [994096 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-10-30] (APN LLC.)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
S2 Dyn Updater; C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe [95608 2011-11-15] (Dyn, Inc.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-10-25] (Macrovision Europe Ltd.) [File not signed]
R2 IBM Notes Diagnostics; C:\Program Files (x86)\IBM\Notes\nsd.exe [5164136 2013-10-15] (IBM)
R2 LaCieDesktopManagerService; C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe [1227776 2012-04-05] () [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 LNSUSvc; C:\Program Files (x86)\IBM\Notes\SUService.exe [1654376 2013-10-15] (IBM Corp)
R2 Multi-user Cleanup Service; C:\Program Files (x86)\IBM\Notes\ntmulti.exe [38504 2013-10-15] (IBM Corp)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-12-12] (Nero AG)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [485400 2014-10-03] (Sony Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2011-02-16] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [244904 2009-07-02] () [File not signed]
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [609632 2014-01-17] (Copyright 2013 SAMSUNG)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe [93848 2009-07-21] (SiSoftware) [File not signed]
R2 wDokanMounter; C:\Program Files (x86)\Wuala Dokan\mounter.exe [11776 2010-08-11] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2010-06-28] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 LVcKap64; C:\Windows\System32\DRIVERS\LVcKap64.sys [1013024 2007-02-06] (Logitech Inc.)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 lvsels64; C:\Windows\System32\DRIVERS\lvsels64.sys [68064 2010-07-27] (Logitech Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2010-06-28] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
S3 OXSDIDRV_x64; C:\Windows\System32\DRIVERS\OXSDIDRV_x64.sys [51760 2009-09-28] ()
S3 PayPen; C:\Windows\System32\Drivers\PayPen.sys [20840 2008-01-14] ()
S3 pendfu; C:\Windows\SysWOW64\Drivers\pendfu.sys [39040 2008-01-25] (Anoto AB)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-02-16] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-02-16] (Acronis International GmbH)
R1 truecrypt; C:\Windows\SysWow64\drivers\truecrypt.sys [222160 2010-06-09] (TrueCrypt Foundation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-05-21] ()
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-02-16] (Acronis International GmbH)
S3 vNICdrv; C:\Windows\System32\DRIVERS\vNICdrv.sys [20024 2011-01-20] (Iomega Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
R2 wDokan; C:\Windows\system32\drivers\wdokan.sys [86392 2010-08-11] ()
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2010-01-12] (CyberLink Corp.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-17 22:45 - 2014-11-17 22:46 - 00039029 _____ () C:\Users\Daniel\Desktop\FRST.txt
2014-11-17 22:45 - 2014-11-17 22:45 - 00000000 ____D () C:\FRST
2014-11-17 22:44 - 2014-11-17 22:44 - 00000474 _____ () C:\Users\Daniel\Desktop\defogger_disable.log
2014-11-17 22:44 - 2014-11-17 22:44 - 00000000 _____ () C:\Users\Daniel\defogger_reenable
2014-11-17 22:43 - 2014-11-17 22:39 - 02117120 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2014-11-17 22:43 - 2014-11-17 22:39 - 00380416 _____ () C:\Users\Daniel\Desktop\Gmer-19357.exe
2014-11-17 22:43 - 2014-11-17 22:38 - 00050477 _____ () C:\Users\Daniel\Desktop\Defogger.exe
2014-11-17 22:09 - 2014-11-17 22:09 - 00000000 ___HD () C:\Users\Daniel\AppData\Roaming\Script
2014-11-12 23:53 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 23:53 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 23:53 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 23:53 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 23:53 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 23:53 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 23:53 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 23:53 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 23:53 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 23:52 - 2014-10-26 02:56 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 23:52 - 2014-10-26 02:56 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 23:52 - 2014-10-26 02:56 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 23:52 - 2014-10-26 02:56 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 23:52 - 2014-10-26 02:55 - 19284480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 23:52 - 2014-10-26 02:55 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 23:52 - 2014-10-26 02:55 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 23:52 - 2014-10-26 02:55 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 23:52 - 2014-10-26 02:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 23:52 - 2014-10-26 01:36 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 23:52 - 2014-10-26 01:35 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 23:52 - 2014-10-26 01:35 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 23:52 - 2014-10-26 01:35 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 23:52 - 2014-10-26 01:35 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 23:52 - 2014-10-26 01:35 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 23:52 - 2014-10-26 01:35 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 13758464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 23:52 - 2014-10-26 01:34 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 23:52 - 2014-10-26 01:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 23:52 - 2014-10-26 01:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 23:52 - 2014-10-26 00:22 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-11-12 23:52 - 2014-10-26 00:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-11-12 23:52 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 23:52 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 23:52 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 23:52 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 23:52 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 23:52 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 23:52 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 23:52 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 23:52 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 23:52 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 23:52 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 23:52 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 23:52 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 23:52 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 23:52 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 23:52 - 2014-09-19 10:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-12 23:52 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 23:52 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 23:52 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 23:52 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 23:52 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 23:52 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 23:52 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-12 23:52 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 23:52 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 23:52 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 23:52 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 23:52 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 23:52 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 23:52 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 23:52 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 23:52 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 23:52 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 23:52 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 23:52 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-01 13:29 - 2014-11-01 13:29 - 00001029 _____ () C:\Users\Public\Desktop\iExplorer.lnk
2014-11-01 13:29 - 2014-11-01 13:29 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Macroplant
2014-11-01 13:29 - 2014-11-01 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer
2014-11-01 13:29 - 2014-11-01 13:29 - 00000000 ____D () C:\Program Files (x86)\iExplorer
2014-10-25 14:38 - 2014-10-25 14:38 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-10-25 14:26 - 2008-04-07 04:38 - 00024416 ____R (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll
2014-10-25 14:25 - 2014-10-25 14:25 - 00002507 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Standard.lnk
2014-10-25 14:25 - 2014-10-25 14:25 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk
2014-10-25 14:25 - 2014-10-25 14:25 - 00002045 _____ () C:\Users\Public\Desktop\Adobe Acrobat 9 Standard.lnk
2014-10-18 00:06 - 2014-10-18 00:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-17 22:44 - 2010-06-08 22:27 - 00000000 ____D () C:\Users\Daniel
2014-11-17 22:32 - 2012-04-13 05:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-17 22:29 - 2010-11-18 18:21 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Dropbox
2014-11-17 22:28 - 2010-06-09 13:35 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-17 22:25 - 2009-07-14 05:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-17 22:25 - 2009-07-14 05:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-17 22:23 - 2010-06-08 21:57 - 01942733 _____ () C:\Windows\WindowsUpdate.log
2014-11-17 22:22 - 2009-07-14 18:58 - 00714040 _____ () C:\Windows\system32\perfh007.dat
2014-11-17 22:22 - 2009-07-14 18:58 - 00155888 _____ () C:\Windows\system32\perfc007.dat
2014-11-17 22:22 - 2009-07-14 06:13 - 01660572 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-17 22:17 - 2014-07-23 15:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-17 22:17 - 2012-04-25 08:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-17 22:16 - 2010-06-09 00:55 - 00000397 _____ () C:\Windows\lgfwup.ini
2014-11-17 22:16 - 2010-06-09 00:55 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate
2014-11-17 22:15 - 2014-01-19 23:00 - 00030816 _____ () C:\SUService.log
2014-11-17 22:15 - 2013-04-15 02:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-17 22:15 - 2012-04-23 21:51 - 00000015 _____ () C:\Windows\system32\deviceAppeared.txt
2014-11-17 22:15 - 2010-06-22 11:17 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2014-11-17 22:15 - 2010-06-09 13:35 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-17 22:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-17 22:15 - 2009-07-14 05:51 - 00105026 _____ () C:\Windows\setupact.log
2014-11-17 22:14 - 2010-06-12 22:06 - 00907950 _____ () C:\Windows\PFRO.log
2014-11-16 21:20 - 2014-02-09 21:17 - 00000300 _____ () C:\Windows\Tasks\Synology Data Replicator 3-Esspresso-Daniel.job
2014-11-16 20:00 - 2014-02-09 22:06 - 00000978 _____ () C:\Windows\Tasks\Paragon Archive name arc_090214210431833.job
2014-11-15 17:33 - 2010-06-09 00:58 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Adobe
2014-11-15 16:56 - 2010-11-18 18:22 - 00001029 _____ () C:\Users\Daniel\Desktop\Dropbox.lnk
2014-11-15 16:56 - 2010-11-18 18:21 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-13 19:23 - 2010-06-09 13:35 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 19:23 - 2010-06-09 13:35 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 06:53 - 2010-10-25 09:35 - 00325480 _____ () C:\Users\Daniel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-13 06:53 - 2010-06-09 13:15 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Corel
2014-11-13 04:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 03:36 - 2009-07-14 05:45 - 01156136 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 03:16 - 2011-01-04 16:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 03:12 - 2013-08-15 00:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 03:04 - 2010-06-09 01:50 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 18:32 - 2012-04-13 05:49 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 18:32 - 2012-04-13 05:49 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 18:32 - 2011-06-02 07:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-09 21:31 - 2010-06-12 11:45 - 00000000 ____D () C:\Program Files (x86)\LehrerOffice
2014-10-27 16:11 - 2010-06-09 13:14 - 00000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2014-10-26 13:50 - 2012-10-11 14:54 - 00000944 _____ () C:\Users\Daniel\AppData\Roaming\__AvidCloudManager.log
2014-10-26 13:38 - 2012-10-11 14:54 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Avid
2014-10-26 13:19 - 2012-10-11 14:54 - 00000944 _____ () C:\Users\Daniel\AppData\Roaming\__AvidCloudManagerPrevious.log
2014-10-26 12:34 - 2012-08-06 17:37 - 00000000 ____D () C:\Users\Daniel\temp
2014-10-26 11:57 - 2012-10-11 14:54 - 00003682 _____ () C:\Users\Daniel\AppData\Roaming\ESSPRESSO.MTBF.txt
2014-10-26 11:16 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-25 15:15 - 2014-08-17 18:50 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Adobe
2014-10-25 14:26 - 2010-06-09 01:16 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-25 14:24 - 2010-06-09 01:16 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-20 14:54 - 2010-07-06 01:50 - 00452344 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-10-20 13:48 - 2011-02-06 18:50 - 00000000 ____D () C:\Backup itunes
2014-10-18 19:37 - 2010-06-09 02:16 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Apple Computer
2014-10-18 00:06 - 2010-06-09 02:15 - 00000000 ____D () C:\Program Files\Common Files\Apple

Some content of TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\7z920.exe
C:\Users\Daniel\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\Daniel\AppData\Local\Temp\amazonicon_v4.exe
C:\Users\Daniel\AppData\Local\Temp\amazonicon_v6.exe
C:\Users\Daniel\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Daniel\AppData\Local\Temp\appshat-distribution.exe
C:\Users\Daniel\AppData\Local\Temp\avgnt.exe
C:\Users\Daniel\AppData\Local\Temp\BabylonTB.exe
C:\Users\Daniel\AppData\Local\Temp\detectionapi_rd.dll
C:\Users\Daniel\AppData\Local\Temp\detectionui_r.exe
C:\Users\Daniel\AppData\Local\Temp\DE_de_Avery_AW40.exe
C:\Users\Daniel\AppData\Local\Temp\directx10tests_rd.dll
C:\Users\Daniel\AppData\Local\Temp\directx11tests_rd.dll
C:\Users\Daniel\AppData\Local\Temp\directx9tests_rd.dll
C:\Users\Daniel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjblg_s.dll
C:\Users\Daniel\AppData\Local\Temp\foxy_security.exe
C:\Users\Daniel\AppData\Local\Temp\handbrake-setup.exe
C:\Users\Daniel\AppData\Local\Temp\ident.dll
C:\Users\Daniel\AppData\Local\Temp\ifolor-Designer-Uninstall.exe
C:\Users\Daniel\AppData\Local\Temp\iphonebackupextractor-latest.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\kernelnsftopst.exe
C:\Users\Daniel\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Daniel\AppData\Local\Temp\local.dll
C:\Users\Daniel\AppData\Local\Temp\mpegc.dll
C:\Users\Daniel\AppData\Local\Temp\namebench.exe
C:\Users\Daniel\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Daniel\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Daniel\AppData\Local\Temp\nvStInst.exe
C:\Users\Daniel\AppData\Local\Temp\online.exe
C:\Users\Daniel\AppData\Local\Temp\ose00000.exe
C:\Users\Daniel\AppData\Local\Temp\pricepeep_130001_0101.exe
C:\Users\Daniel\AppData\Local\Temp\proxy_util_w32.dll
C:\Users\Daniel\AppData\Local\Temp\python27.dll
C:\Users\Daniel\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Daniel\AppData\Local\Temp\sdapskill.exe
C:\Users\Daniel\AppData\Local\Temp\sdaspwn.exe
C:\Users\Daniel\AppData\Local\Temp\tcl85.dll
C:\Users\Daniel\AppData\Local\Temp\tk85.dll
C:\Users\Daniel\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Daniel\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Daniel\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Daniel\AppData\Local\Temp\wajam_download.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 14:03

==================== End Of Log ============================

--- --- ---

danigg · 19.11.2014, 15:10

addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2014
Ran by Daniel at 2014-11-17 22:46:46
Running from C:\Users\Daniel\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3D Grundrissplaner CAD (HKLM-x32\...\AS-0000000709052007C8E4FAAD) (Version:  - ASCON Software)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
ABBYY FineReader 10 Professional Edition (HKLM-x32\...\{F1000000-0001-0000-0000-074957833700}) (Version: 10.501.324.70022 - ABBYY)
Acronis True Image 2014 (HKLM-x32\...\{3ECDD663-5AF8-489B-9E3C-561F33A271BD}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden
ActiveState ActivePython 2.7.2.5 (32-bit) (HKLM-x32\...\{49351FE8-DB8F-4C56-9DA6-B2D6CE3F7BF8}) (Version: 2.7.5 - ActiveState Software Inc.)
Adobe Acrobat  9 Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.600 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Ahnenblatt 2.62 (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.62.0.0 - Dirk Boettcher)
ALFONS Lernwelt Schullizenz Deutsch 4. Klasse (HKLM-x32\...\ALFONS Lernwelt Schullizenz Deutsch 4. Klasse 1.5.3) (Version: 1.5.3 - Schroedel Verlag GmbH)
ALFONS Lernwelt Schullizenz Deutsch 5. Klasse (HKLM-x32\...\ALFONS Lernwelt Schullizenz Deutsch 5. Klasse 1.5.3) (Version: 1.5.3 - Schroedel Verlag GmbH)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.0 - Sereby Corporation)
AllShare Framework DMS (HKLM\...\{83232C27-8C3F-44A5-9EB2-BB7161228ADD}) (Version: 1.3.23 - Samsung)
AM-DeadLink 4.6 (HKLM-x32\...\aignesamdeadlink_is1) (Version: 4.6 - www.aignes.com)
Amici 1 (HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\667afd484de7f475) (Version: 1.0.0.0 - Peter Heinrich)
Amici 2 (HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\b7902d28cfff848e) (Version: 1.0.0.0 - Peter Heinrich)
Amici 3 (HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\08a55d09521714a7) (Version: 1.0.0.0 - Peter Heinrich)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version:  - Audacity Team)
Avery Wizard 4.0 (HKLM-x32\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C1300}) (Version: 12.19.0.3554 - APN, LLC)
Battlecraft 1942 (HKLM-x32\...\Battlecraft 19422.1) (Version:  - )
Battlefield 1942 (HKLM-x32\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version:  - )
Battlefield 1942: Secret Weapons of WWII (HKLM-x32\...\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}) (Version:  - )
Battlefield 1942: The Road To Rome (HKLM-x32\...\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}) (Version:  - )
Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version:  - )
Battlefield 2: Special Forces (HKLM-x32\...\{50D4CB89-AF34-4978-96DC-C3034062E901}) (Version:  - )
Battlefield Mod Development Toolkit 2.0 Beta (HKLM-x32\...\MDT) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version:  - ) <==== ATTENTION
calibre (HKLM-x32\...\{A032ADDA-5DE8-44DF-A5D8-0B610EE14EDD}) (Version: 1.35.0 - Kovid Goyal)
CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden
C-CHANNEL OnlineUpdate (HKLM-x32\...\{408FA92C-0766-48A1-8055-D6DFD27B7C2B}) (Version:  - )
CDex extraction audio (HKLM-x32\...\CDex) (Version:  - )
CityDesk (HKLM-x32\...\CityDesk_is1) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cool & Quiet (HKLM-x32\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version:  - )
Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.50.0001 - Corel Corporation)
Crawler 3D Aquarium Screensaver (HKLM-x32\...\{CDAFD956-97BE-443D-8EF7-F4F094EB5766}_is1) (Version: 4.2.5.45 - Crawler, LLC)
Creative Pack Volume 1 (HKLM-x32\...\{05181A78-3BA6-4B63-BCE8-888A4BCAACFA}) (Version: 3.0.0 - Avid Technology, Inc.)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberLink BD Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version:  - )
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3102 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3224 - CyberLink Corp.)
CyberLink PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.4511 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3507.52 - CyberLink Corp.)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.3228f - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1520 - CyberLink Corp.)
DesertCombat  0.7 (HKLM-x32\...\DesertCombat) (Version:  - )
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DirectX 9.0c Extra Files (x86, x64) (HKLM\...\{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1) (Version: 1.10.06.0 - Sereby Corporation)
DiRT2 (HKLM-x32\...\{52D1D62C-FEAB-4580-849E-1DB624BADBBD}) (Version: 1.00.0000 - Codemasters)
DiRT2 (x32 Version: 1.0.0002.133 - Codemasters) Hidden
Dropbox (HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
Dyn Updater (HKLM-x32\...\DynUpdater) (Version: 4.1.10 - Dyn, Inc.)
EclipsePalette (HKLM-x32\...\{889047C6-F781-46AF-8183-04C661155710}) (Version: 2.0.20 - Green Eclipse)
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version:  - )
FileSeek 2.1.2 (HKLM-x32\...\44953928-E730-4e8c-A2B2-3A85BC96A3D0_is1) (Version: 2.1.2.0 - Binary Fortress Software)
FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
Filmmaker's Toolkit for Studio (HKLM-x32\...\InstallShield_{4CF172C5-F121-41FA-B0B0-0D49840BF003}) (Version: 1.00.0000 - Red Giant)
Filmmaker's Toolkit for Studio (x32 Version: 1.00.0000 - Red Giant) Hidden
Flickr.Net Screensaver 4 (HKLM-x32\...\Flickr.Net Screensaver_is1) (Version: 4.2 - Wackylabs)
Free Color Splash Maker (HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\3429165407.www.viscomsoftonline.com) (Version:  - www.viscomsoftonline.com)
Free M4a to MP3 Converter 8.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free YouTube to MP3 Converter version 3.12.0.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.0.128 - DVDVideoSoft Ltd.)
Game Alarm (HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\gamealarm-DEFAULT) (Version:  - )
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM-x32\...\{4422D20B-F530-4E65-8504-31396C9BC066}) (Version: 3.0.3196 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.14) (Version: 9.14 - Artifex Software Inc.)
GrandiAmici1 (HKLM-x32\...\ST6UNST #1) (Version:  - )
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Hi-Def Suite (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.1729 - CyberLink Corporation)
Hollywood FX Volumes 1-3 (HKLM-x32\...\{E3D181F8-246B-497F-945E-6DB98CBA6677}) (Version: 2.0.0 - Avid Technology, Inc.)
Host OpenAL (ADI) (HKLM-x32\...\Host OpenAL (ADI)) (Version:  - )
IBM Notes 9.0.1 Social Edition de (HKLM-x32\...\{69661EB4-5FBE-4EB3-995E-CBACA6C2C3ED}) (Version: 9.01.13337 - IBM)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IETester v0.4.8 (remove only) (HKLM-x32\...\IETester) (Version: 0.4.8 - Core Services)
iExplorer 2.2.1.3 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant, LLC)
ifolor Designer (HKLM-x32\...\ifolor-Designer) (Version:  - Ifolor AG)
ImageSkill Background Remover 3 (HKLM-x32\...\ImageSkill Background Remover 3) (Version: 3.0 - ImageSkill)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Iomega Product Registration (HKLM-x32\...\{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}) (Version: 7.24.0000 - Iomega Corporation)
iPhone Backup Extractor (HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\iPhone Backup Extractor) (Version: 4.9.30.0 - Reincubate Ltd)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
iTwin 3.3 Final (HKLM-x32\...\iTwin_is1) (Version: 3.3 Final - Stefan Moka)
IZArc 4.1 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1 - Ivan Zahariev)
Jalbum (HKLM-x32\...\{9B2C20F2-C408-4DAA-897A-814A7C75BCE0}) (Version: 8.9.2 - Jalbum AB)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Kernel for Lotus Notes to Outlook - Evaluation Version 13.04.01 (HKLM-x32\...\Kernel for Lotus Notes to Outlook - Evaluation Version_is1) (Version:  - Lepide Software Pvt.Ltd.)
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.0.1920a - CyberLink Corporation)
LaCie Desktop Manager 1.4.4 (HKLM\...\{3845209F-142E-4F48-B61A-AA34D2DB54BB}_is1) (Version: 1.4.4 - LaCie)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LehrerOffice Desktop (HKLM-x32\...\LehrerOffice Desktop_is1) (Version: 2009 - Roth Soft)
LehrerOffice Desktop (HKLM-x32\...\LehrerOffice Easy_is1) (Version:  - Roth Soft)
LehrerOffice Win (HKLM-x32\...\LehrerOffice Win_is1) (Version: 2009 - Roth Soft)
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
LibreOffice 4.2.6.3 (HKLM-x32\...\{14DB1822-00B5-4820-86B5-EF893CA46B53}) (Version: 4.2.6.3 - The Document Foundation)
Licensing Service Install (HKLM-x32\...\{AF72E557-0647-4DE5-ACDA-ECFB38D5D732}) (Version: 2.0.1.181 - Protexis Inc.)
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
LightScribe Template Labeler (HKLM-x32\...\{43523FEF-9D8E-4572-BB11-0E914D366E0A}) (Version: 1.18.15.1 - LightScribe)
LiveEditor 2.0.4 (HKLM-x32\...\LiveEditor_is1) (Version:  - )
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7230) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Logitech® Camera-Treiber (HKLM-x32\...\QcDrv) (Version:  - )
LoThoSoft Lernbasis (HKLM-x32\...\Lernbasis) (Version:  - )
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
MapCreator 2 (HKLM-x32\...\MapCreator 2) (Version: 2.0 - primap software)
MergeModule_x64 (Version: 9.0.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.0.00 - Sony Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Baseline Security Analyzer 2.2 (HKLM\...\{08C3441C-4FAF-48D3-A551-70DD6031734F}) (Version: 2.2.2170 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook-Minianwendungen für Windows SideShow (HKLM-x32\...\{3DCF21FE-A8CB-41DE-AEA3-D5FBEF108CD5}) (Version: 1.0.7252.0 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 1.2 (HKLM-x32\...\{EE96B6C8-3660-3B5E-AC95-843CDF03D613}) (Version: 9.0.30729 - Microsoft)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version:  - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Motion Graphics Toolkit for Studio (HKLM-x32\...\InstallShield_{178D71F4-DFB1-40EC-9D95-326FD8A3E7A0}) (Version: 1.00.0000 - Red Giant)
Motion Graphics Toolkit for Studio (x32 Version: 1.00.0000 - Red Giant) Hidden
MozBackup 1.4.10 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM-x32\...\{9A5B876D-A900-4AAB-B557-DE827BE46E6C}) (Version: 8.3.500 - Nero AG)
Nichtrauchertimer 2.0.0 (HKLM-x32\...\Nichtrauchertimer 2.0.0) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.6.8 - )
NVIDIA 3D Vision Controller-Treiber 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.6 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.1 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PayPen (HKLM-x32\...\{FF03F4E5-3269-459B-A5F3-DC0D7B2561FB}) (Version:  - )
PayPen (x32 Version: 1.5.0.0 - C Technologies, Anoto AB) Hidden
PDF Blender (HKLM-x32\...\PDF Blender) (Version:  - )
Pelikan Schulschriften (HKLM-x32\...\Vereinfachte Ausgangsschrift VA_is1) (Version:  - Will Software)
Personal Ancestral File 5 (HKLM-x32\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version:  - )
PhotoSync (HKLM\...\{7D15C32D-8ECA-4804-A4DE-89FEE7C4710E}) (Version: 1.6.4 - touchbyte GmbH)
Pinnacle Instant DVD Recorder (HKLM-x32\...\{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}) (Version: 2.6.0.118 - Pinnacle Systems)
Pinnacle Studio 12 (HKLM-x32\...\{D041EB9E-890A-4098-8F94-51DA194AC72A}) (Version: 12.1.3.6605 - Pinnacle Systems)
Pinnacle Studio 16 - Install Manager (HKLM-x32\...\{F1886CD7-9F73-417A-92E9-7E0AB0F0E099}) (Version: 16.0.75 - Avid Technology, Inc.)
Pinnacle Studio 16 - Standard Content Pack (HKLM-x32\...\{7D0F4ACC-698A-41B9-B1E2-17594988FBEF}) (Version: 16.0.0 - Avid Technology, Inc.)
Pinnacle Studio 16 (HKLM-x32\...\{284BFDBC-DAC6-43EC-85A8-E1CEC0D3A114}) (Version: 16.1.0.115 - Corel Corporation)
Pinnacle Video Treiber (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.029 - Pinnacle Systems)
PlayMemories Home (HKLM-x32\...\{93AA5B49-0994-4EF6-80F3-868C9CEA88ED}) (Version: 4.0.02.10030 - Sony Corporation)
plist Editor for Windows 1.0.2 (HKLM-x32\...\plist Editor for Windows) (Version: 1.0.2 - VOWSoft,Ltd.)
PMB_ModeEditor (x32 Version: 9.0.02 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 9.0.02 - Sony Corporation) Hidden
Poedit (HKLM-x32\...\{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1) (Version: 1.5.5 - Vaclav Slavik)
PowerDVD (x32 Version: 10.0.3507.52 - CyberLink Corp.) Hidden
Premium Pack Volumes 1-2 (HKLM-x32\...\{88C4D8A6-9954-46A0-965D-92E55DAB8734}) (Version: 2.0.0 - Avid Technology, Inc.)
proDAD Heroglyph 2.5 (HKLM-x32\...\proDAD-Heroglyph-2.5) (Version:  - )
Progetto Italiano 2 (HKLM-x32\...\{77FBBDA9-B9A7-4BF7-A861-6B1FCEC3FDC1}) (Version: 1.00.0000 - Edilingua)
PunkBuster für Battlefield 1942 (HKLM-x32\...\{127B684B-A002-44C8-99A7-6CF8F1E26873}) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.987 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rapture3D 2.3.22 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
REFLEX Modellflugsimulator (HKLM-x32\...\{1CE25480-9ADD-4AA7-840F-314A257DEA15}) (Version: 5.03.1 - Dipl.-Ing. Stefan Kunde)
RemoteComms driver (HKLM-x32\...\{43BEEE26-01A8-4EEE-8632-2353261E3B55}) (Version: 1.25.0000 - Oxford Semiconductor)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Link 1.8.0.1401171024 (HKLM\...\8474-7877-9059-0204) (Version: 1.8.0.1401171024 - Copyright 2013 SAMSUNG)
Schiff-Simulator 2008 (HKLM-x32\...\Shipsim2008) (Version:  - )
ScoreFitter Volumes 1-2 (HKLM-x32\...\{0FDA9ECA-6DA3-480E-B7A9-76F353AF6B6C}) (Version: 2.0.0 - Avid Technology, Inc.)
SequoiaView (HKLM-x32\...\SequoiaView) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 1.05.19 - NVIDIA Corporation) Hidden
Shutter (HKLM-x32\...\Shutter_is1) (Version: 2.90 - [den4b] Denis Kozlov)
Silent Hunter 5 (HKLM-x32\...\{AC61C594-5F86-4BE9-ABAF-763C6A8E2302}) (Version: 1.2.0 - Ubisoft)
simfy (HKLM-x32\...\Simfy) (Version: 1.7.0 - simfy AG)
simfy (x32 Version: 1.7.0 - simfy AG) Hidden
Simple CSS 2.1 (HKLM-x32\...\{0379CF3E-BED6-474C-AE96-D07E8D7763AC}_is1) (Version:  - HostM.com Web Hosting)
Simple Shutdown Timer (HKLM-x32\...\Simple Shutdown Timer1.1.2) (Version: 1.1.2 - PcWinTech.com)
SiSoftware Sandra Lite 2011.SP4a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1) (Version: 17.72.2011.8 - SiSoftware)
Ski Challenge 13 (CH) (HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\sc13-CH_MAIN) (Version:  - )
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Smart Color Splash Windows Version v1.0.0 (HKLM-x32\...\Smart Color Splash) (Version: Windows Version v1.0.0 - HengTu, Inc.)
Snagit 10.0.1 (HKLM-x32\...\{22FC7536-BE5C-4E88-8069-C24689D34EC5}) (Version: 10.0.1 - TechSmith Corporation)
SofTax GR 2009 NP (HKLM-x32\...\SofTax GR 2009 NP) (Version: 1.2.4.1392 - Abraxas Informatik AG)
SofTax GR 2010 NP (HKLM-x32\...\SofTax GR 2010 NP) (Version: 1.0.4.2044 - Abraxas Informatik AG)
SofTax GR 2011 NP (HKLM-x32\...\SofTax GR 2011 NP) (Version: 1.0.5.2812 - Abraxas Informatik AG)
SofTax GR 2012 NP (HKLM-x32\...\SofTax GR 2012 NP) (Version: 1.0.4.3564 - Abraxas Informatik AG)
SofTax GR 2013 NP (HKLM-x32\...\{2F79A660-BD79-4C88-8C9A-DFECD41F58E1}) (Version: 2.0.2 - Abraxas Informatik AG)
SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.6585 - Analog Devices)
Spb Pocket Plus (HKLM-x32\...\Spb Pocket Plus) (Version:  - )
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Studio 10 Bonus DVD (HKLM-x32\...\{6A012D9C-2E2E-405A-B87C-E909F5297C3F}) (Version: 10.0.000 - )
SuperMailer 5.71 (HKLM-x32\...\SuperMailer_is1) (Version: 5.71 - Mirko Boeer Softwareentwicklungen)
SureThing Express Labeler (HKLM-x32\...\stax-Pinnacle_is1) (Version:  - MicroVision Development, Inc.)
Switch Audiodatei-Konverter (HKLM-x32\...\Switch) (Version:  - NCH Software)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
synedra View Personal 3.4.0.2 (HKLM-x32\...\synedraViewPersonal) (Version: 3.4.0.2 - synedra it GmbH)
Synology Assistant (HKLM-x32\...\{C59ADB1C-0403-4A11-8930-9F81ABC71908}) (Version: 1.0.0.0 - Synology Inc.)
TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version:  - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24482 - TeamViewer)
TextPad 5 (HKLM-x32\...\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}) (Version: 5.3.1 - Helios)
Title Extreme (HKLM-x32\...\{F7214014-27EE-4237-9978-2F9D1551559B}) (Version: 2.0.0 - Avid Technology, Inc.)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 6.3a - TrueCrypt Foundation)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Unity Web Player (HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
Viscomsoft Free Color Splash Effect Maker (HKLM-x32\...\Viscomsoft Free Color Splash Effect Maker for Window_is1) (Version:  - ViscomsoftOnline.com)
VisionGS BE (HKLM-x32\...\VisionGS BE_is1) (Version:  - bluepath GmbH)
Visual C++ 2008 x64 Runtime - v9.0.30729.5026 (HKLM-x32\...\{0FB0306C-11D8-35F2-9AC9-121FA753F9AD}.vc_x64runtime_30729_5026) (Version: 9.0.30729.5026 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.5026 (HKLM-x32\...\{E04ACCBC-DF36-364E-87E8-6C24BB981AB8}.vc_x86runtime_30729_5026) (Version: 9.0.30729.5026 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Utils (HKLM-x32\...\Windows Utils) (Version:  - )
Windows-Treiberpaket - Anoto AB (PayPen) Input Pen  (09/28/2007 2.0.0.0) (HKLM\...\B0FFC364CE14DAFAFC484A60C2BB7758BC842A8F) (Version: 09/28/2007 2.0.0.0 - Anoto AB)
WinHTTrack Website Copier 3.44-1 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.44.1 - HTTrack)
Winmx Community 1 (HKLM-x32\...\Winmx Community 1) (Version:  - )
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wizbee Version 1.5 (RC2) (HKLM-x32\...\{EE3C7E56-8974-47F9-AECE-A7D50F102E50}_is1) (Version: 1.5 (RC2) - Wizzy Education Technologies SA)
Wuala (HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\Wuala) (Version:  - Wuala)
Wuala CBFS (HKLM-x32\...\Wuala CBFS) (Version: 3.2.107.0 - LaCie)
Wuala Dokan (HKLM-x32\...\Wuala Dokan) (Version: 1.0.8837.8 - Wuala)
Wuala OverlayIcons (HKLM-x32\...\Wuala OverlayIcons) (Version: 1.0.0.2 - LaCie)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version:  - )
XitNotes (HKLM-x32\...\{4120315D-0E5D-4963-B2AC-A0AC9945C078}) (Version: 2.3 - Kim Beros Consulting Pty Ltd)
XMedia Recode 3.0.8.0 (HKLM-x32\...\XMedia Recode) (Version: 3.0.8.0 - Sebastian Dörfler)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3622117705-1755725411-2992989562-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3622117705-1755725411-2992989562-1001_Classes\CLSID\{7BCD76A2-E9A0-4332-BE18-9D7D40288621}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3622117705-1755725411-2992989562-1001_Classes\CLSID\{ABECE8A0-FF84-4efb-82AE-9B3181CE097D}\InprocServer32 -> C:\Program Files (x86)\TextPad 5\System\shellext64.dll (Helios Software Solutions)
CustomCLSID: HKU\S-1-5-21-3622117705-1755725411-2992989562-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3622117705-1755725411-2992989562-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3622117705-1755725411-2992989562-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3622117705-1755725411-2992989562-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3622117705-1755725411-2992989562-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3622117705-1755725411-2992989562-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3622117705-1755725411-2992989562-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3622117705-1755725411-2992989562-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

29-08-2014 01:00:34 Windows Update
05-09-2014 16:16:30 Geplanter Prüfpunkt
07-09-2014 01:36:33 Installed ActiveState ActivePython 2.7.8.10 (32-bit)
12-09-2014 01:00:40 Windows Update
19-09-2014 17:28:50 Geplanter Prüfpunkt
21-09-2014 11:18:47 Installed LibreOffice 4.2.6.3
21-09-2014 15:35:47 DirectX wurde installiert
24-09-2014 01:00:35 Windows Update
27-09-2014 08:43:33 DirectX wurde installiert
02-10-2014 01:01:04 Windows Update
13-10-2014 00:38:56 DirectX wurde installiert
16-10-2014 01:01:10 Windows Update
17-10-2014 16:45:19 Windows Update
17-10-2014 19:05:02 Removed iTunes
17-10-2014 19:09:05 Removed Bonjour
17-10-2014 19:10:27 Installed iTunes
17-10-2014 19:42:31 Installed iTunes
17-10-2014 23:05:27 Installed iCloud
25-10-2014 10:28:44 Geplanter Prüfpunkt
25-10-2014 13:23:18 Installed Adobe Acrobat  9 Standard - English, Français, Deutsch.
02-11-2014 11:51:44 Geplanter Prüfpunkt
09-11-2014 23:00:03 Geplanter Prüfpunkt
13-11-2014 02:01:20 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0EE246CA-C952-46E5-8E8B-319C2DD444E2} - System32\Tasks\{6FAB5766-6D47-4478-A1F4-FCA0C30918F2} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {22F4CC54-4047-4D87-8E3D-8B0D2456DC84} - System32\Tasks\Secunia PSI Logon Task => C:\Program Files (x86)\Secunia\PSI\psi.exe
Task: {2C1662D8-FA89-487E-95CC-4B16E86ACAB9} - System32\Tasks\{828CB621-0868-463C-A637-E70455475AAF} => C:\EA GAMES\Battlefield 1942\eReg\Battlefield 1942_Code.exe [2002-07-17] ()
Task: {3165F25C-56F5-4725-8F99-3D6FED602B48} - System32\Tasks\{9200DFF0-44BC-4BFB-88CD-7F96979E399F} => D:\Download\Games\battlefield_2_demo\Battlefield_2_Demo.exe [2011-04-23] (Macrovision Corporation)
Task: {332A57C1-D57E-499F-A45F-C60317402495} - System32\Tasks\Paragon Archive name arc_090214210431833 => C:\Program Files (x86)\Paragon Software\Backup and Recovery 2013 Free\program\scripts.exe
Task: {4CDE268C-28D2-4543-A37B-7FC27B63DC6E} - System32\Tasks\{EA5ECCA6-7C90-4765-B2DF-856636801E13} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe
Task: {534C4807-7E70-4DCD-ACF7-4AE17C17700C} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)
Task: {5D2A256E-4AC9-43B2-AB87-03BDF6B4B696} - System32\Tasks\{C8ACF038-5232-4F49-8DA2-95D5C6C9CAE9} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe
Task: {5DEB2F64-42C1-41B1-9E3F-0C41C64631DD} - System32\Tasks\{E358ABAE-7A09-4CCE-BEB1-CCB4925749C3} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe
Task: {66A42651-341F-46F3-9DBB-F712872A1CD6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {66C65BCA-9325-43BA-B364-B6283567CB30} - System32\Tasks\{79F25F34-E833-4C03-BDE9-9D2428BA340C} => D:\Download\Windows 7\dotnetfx35.exe [2011-02-08] (Microsoft Corporation)
Task: {7A7F012C-44D6-4760-942B-CDEA8CBC4CF9} - System32\Tasks\{74C00CCF-7FB2-4130-BC70-5D317D17C9CB} => E:\AUTOPLAY.EXE
Task: {8EDF0E66-3DEE-4C6C-BCD2-D7AD2F4AABC0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {95218FF1-135E-456D-9E0A-D45A127F8BDF} - System32\Tasks\{5745B0BD-024A-4B9A-85FE-EDC864222079} => E:\SETUP.EXE
Task: {9ABCDEA4-25E3-4A93-A5CF-D3E040BDF189} - System32\Tasks\{3A7A3E3E-7093-4E50-AF02-57E03DFE6D29} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {9D8D6B09-AD9F-4329-A93D-A8FB5917464A} - System32\Tasks\Synology Data Replicator 3-Esspresso-Daniel => C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe
Task: {C2957D1D-32A6-4612-8A8C-8CA09455BC81} - System32\Tasks\{3211B718-920E-4BF8-B3BA-7E7351FC493B} => F:\setup.exe
Task: {C7D86EB8-0484-4E93-A84F-31C3B7926E73} - System32\Tasks\{CDFF6654-72E5-453B-AE70-FCFDE382F0F3} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe
Task: {D13A1FDA-F3BF-41FA-A1AE-55288F0A1825} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E72960F7-3752-47BD-93DA-EDBFB7129993} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {F029BDAB-084A-4539-BA28-90A4092BBCB1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Paragon Archive name arc_090214210431833.job => C:\Program Files (x86)\Paragon Software\Backup and Recovery 2013 Free\program\scripts.exe
Task: C:\Windows\Tasks\Synology Data Replicator 3-Esspresso-Daniel.job => C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe

==================== Loaded Modules (whitelisted) =============

2010-08-11 15:57 - 2010-08-11 15:57 - 00013312 _____ () C:\Windows\System32\wdokannp.dll
2013-04-15 02:03 - 2013-09-12 08:25 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-06-09 11:05 - 2009-11-05 07:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2012-04-23 21:51 - 2012-04-05 14:57 - 01227776 _____ () C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe
2013-08-05 23:32 - 2013-07-27 09:48 - 00267040 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libzmq.dll
2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2009-11-25 00:36 - 2009-11-25 00:36 - 00125440 _____ () C:\Program Files (x86)\Notepad++\NppShell_01.dll
2010-06-14 12:53 - 2009-04-24 13:50 - 00210944 _____ () C:\Program Files (x86)\IZArc\IZArcCM64.dll
2014-08-15 17:35 - 2014-01-17 10:24 - 00013824 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll
2014-08-15 17:35 - 2014-01-17 10:24 - 00048640 _____ () C:\Program Files\Samsung\Samsung Link\JniIO.dll
2013-12-21 10:25 - 2013-12-21 10:25 - 00036864 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\JNIInterface.dll
2013-12-21 10:26 - 2013-12-21 10:26 - 00144384 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\ASFAPI.dll
2013-12-21 10:27 - 2013-12-21 10:27 - 00018944 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\MediaDB_Manager.dll
2013-10-22 08:52 - 2013-10-22 08:52 - 00030720 _____ () C:\Windows\system32\MediaDB64.dll
2013-10-22 08:52 - 2013-10-22 08:52 - 00908800 _____ () C:\Windows\system32\ContentDirectoryPresenter64.dll
2013-12-21 10:27 - 2013-12-21 10:27 - 00521728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\DMS_Manager.dll
2013-07-23 18:19 - 2013-07-23 18:19 - 00049152 _____ () C:\Windows\system32\boost_date_time-vc90-mt-1_47.dll
2013-07-23 18:19 - 2013-07-23 18:19 - 00016896 _____ () C:\Windows\system32\boost_system-vc90-mt-1_47.dll
2013-07-23 18:19 - 2013-07-23 18:19 - 00058880 _____ () C:\Windows\system32\boost_thread-vc90-mt-1_47.dll
2013-07-23 18:19 - 2013-07-23 18:19 - 00299520 _____ () C:\Windows\system32\boost_serialization-vc90-mt-1_47.dll
2012-04-23 21:51 - 2012-04-05 14:55 - 03441664 _____ () C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe
2008-08-08 16:30 - 2008-08-08 16:30 - 00016712 ____R () C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
2010-06-15 11:54 - 2011-02-16 00:20 - 00075064 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-06-22 11:17 - 2009-07-02 15:02 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
2014-08-15 17:36 - 2014-08-15 17:36 - 00515584 _____ () C:\Windows\Temp\sqlite-3.7.2-sqlitejdbc.dll
2014-08-15 17:35 - 2014-01-17 10:24 - 01394176 _____ () C:\Program Files\Samsung\Samsung Link\scone_proxy.dll
2014-08-15 17:35 - 2014-01-17 10:24 - 01435648 _____ () C:\Program Files\Samsung\Samsung Link\scone_stub.dll
2010-08-11 15:57 - 2010-08-11 15:57 - 00011776 _____ () C:\Program Files (x86)\Wuala Dokan\mounter.exe
2013-12-11 15:46 - 2013-12-11 15:46 - 01114624 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll
2013-10-22 08:48 - 2013-10-22 08:48 - 00707072 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ContentDirectoryPresenter.dll
2013-10-24 15:53 - 2013-10-24 15:53 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMCDP.dll
2013-12-11 15:46 - 2013-12-11 15:46 - 00102400 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\FolderCDP.dll
2013-12-11 15:46 - 2013-12-11 15:46 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MetadataFramework.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\sqlite3.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MoodExtractor.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMImgExtractor.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AutoChaptering.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexpat.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoThumb.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avutil-50.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avformat-52.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\swscale-0.dll
2013-10-25 18:49 - 2013-10-25 18:49 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AudioExtractor.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ID3Driver.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\tag.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libThumbnail.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RichInfoDriver.dll
2013-12-11 15:45 - 2013-12-11 15:45 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoExtractor.dll
2013-10-25 18:53 - 2013-10-25 18:53 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ThumbnailMaker.dll
2013-10-25 18:53 - 2013-10-25 18:53 - 01033728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageMagickWrapper.dll
2013-12-11 15:45 - 2013-12-11 15:45 - 00134144 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoMetadataDriver.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libKeyFrame.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\SECMetaDriver.dll
2013-10-25 18:53 - 2013-10-25 18:53 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageExtractor.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\photoDriver.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexif-12.dll.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\TextExtractor.dll
2013-10-24 15:53 - 2013-10-24 15:53 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\Autobackup.dll
2013-04-19 15:38 - 2013-04-19 15:38 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RosettaAllShare.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_serialization-vc90-mt-1_47.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_date_time-vc90-mt-1_47.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_system-vc90-mt-1_47.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_thread-vc90-mt-1_47.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\us.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-11-17 22:17 - 2014-11-17 22:17 - 00043008 _____ () c:\users\daniel\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjblg_s.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Daniel\AppData\Roaming\Dropbox\bin\libcef.dll
2009-06-03 19:59 - 2009-06-03 19:59 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-06-03 19:59 - 2009-06-03 19:59 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-11-13 06:54 - 2014-11-13 06:54 - 00165376 _____ () C:\Users\Daniel\AppData\Local\Wuala\Program0\lib.465\orangevolt-4n-1.1.2.dll
2014-11-13 06:54 - 2014-11-13 06:54 - 00370688 _____ () C:\Users\Daniel\AppData\Local\Wuala\Program0\lib.465\jcbfs3.dll
2010-05-07 17:35 - 2010-05-07 17:35 - 02143576 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2010-05-07 17:35 - 2010-05-07 17:35 - 07954776 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2010-05-07 17:36 - 2010-05-07 17:36 - 00340824 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2010-05-07 17:37 - 2010-05-07 17:37 - 00027480 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2010-05-07 17:37 - 2010-05-07 17:37 - 00126808 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2013-10-10 12:02 - 2013-10-10 12:02 - 00013120 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll
2014-06-12 21:52 - 2014-06-12 21:52 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-06-12 21:52 - 2014-06-12 21:52 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-06-12 21:52 - 2014-06-12 21:52 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-07-23 15:31 - 2014-11-17 22:17 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-09-06 17:44 - 2014-09-06 17:44 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2014-02-04 18:28 - 2014-02-04 18:28 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2014-11-12 18:32 - 2014-11-12 18:32 - 16840880 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3622117705-1755725411-2992989562-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3622117705-1755725411-2992989562-1008 - Limited - Enabled)
Daniel (S-1-5-21-3622117705-1755725411-2992989562-1001 - Administrator - Enabled) => C:\Users\Daniel
Gast (S-1-5-21-3622117705-1755725411-2992989562-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3622117705-1755725411-2992989562-1012 - Limited - Enabled)
Test nachname (S-1-5-21-3622117705-1755725411-2992989562-1009 - Limited - Enabled) => C:\Users\Test nachname
UpdatusUser (S-1-5-21-3622117705-1755725411-2992989562-1010 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: RAID-Controller
Description: RAID-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/17/2014 10:16:01 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (11/17/2014 10:15:58 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]

Error: (11/17/2014 02:48:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11997

Error: (11/17/2014 02:48:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11997

Error: (11/17/2014 02:48:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/17/2014 02:48:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10998

Error: (11/17/2014 02:48:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10998

Error: (11/17/2014 02:48:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/17/2014 02:48:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10000

Error: (11/17/2014 02:48:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10000


System errors:
=============
Error: (11/17/2014 10:17:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
UimBus
Uim_IM
Uim_VIM

Error: (11/13/2014 03:38:54 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
UimBus
Uim_IM
Uim_VIM

Error: (11/13/2014 03:00:22 AM) (Source: srv) (EventID: 2017) (User: )
Description: Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren, da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher erreicht wurde.

Error: (11/12/2014 01:59:43 PM) (Source: srv) (EventID: 2017) (User: )
Description: Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren, da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher erreicht wurde.

Error: (11/12/2014 07:09:10 AM) (Source: srv) (EventID: 2017) (User: )
Description: Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren, da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher erreicht wurde.

Error: (11/11/2014 11:04:54 PM) (Source: srv) (EventID: 2017) (User: )
Description: Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren, da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher erreicht wurde.

Error: (11/11/2014 04:04:29 PM) (Source: srv) (EventID: 2017) (User: )
Description: Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren, da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher erreicht wurde.

Error: (11/10/2014 04:20:13 PM) (Source: srv) (EventID: 2017) (User: )
Description: Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren, da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher erreicht wurde.

Error: (11/10/2014 06:55:37 AM) (Source: srv) (EventID: 2017) (User: )
Description: Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren, da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher erreicht wurde.

Error: (11/09/2014 06:39:50 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.


Microsoft Office Sessions:
=========================
Error: (11/17/2014 10:16:01 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (11/17/2014 10:15:58 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]

Error: (11/17/2014 02:48:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11997

Error: (11/17/2014 02:48:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11997

Error: (11/17/2014 02:48:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/17/2014 02:48:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10998

Error: (11/17/2014 02:48:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10998

Error: (11/17/2014 02:48:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/17/2014 02:48:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10000

Error: (11/17/2014 02:48:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10000


CodeIntegrity Errors:
===================================
  Date: 2013-07-27 20:14:25.698
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Daniel\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-27 20:14:25.648
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Daniel\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-27 20:14:25.528
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-27 20:14:25.478
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 53%
Total physical RAM: 6135.11 MB
Available physical RAM: 2873.48 MB
Total Pagefile: 12268.41 MB
Available Pagefile: 8357.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:698.63 GB) (Free:306.91 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Daten) (Fixed) (Total:698.63 GB) (Free:198.36 GB) NTFS
Drive s: () (Network) (Total:2746.22 GB) (Free:1496.11 GB) 
Drive w: (Wuala) (Network) (Total:5 GB) (Free:3.29 GB) FAT32
Drive z: () (Network) (Total:2746.22 GB) (Free:1496.11 GB) 

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: A39AB515)
Partition 1: (Active) - (Size=698.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: CEB3BE2C)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================

danigg · 19.11.2014, 15:12

gmer:

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-17 23:09:37
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 SAMSUNG_ rev.1AA0 698.64GB
Running: Gmer-19357.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\kxldqpoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                                                                          fffff80003604000 52 bytes [FF, FF, FF, FF, FF, FF, FF, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 582                                                                                                                                                                          fffff80003604036 27 bytes [FF, FF, FF, FF, FF, FF, FF, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                    0000000075971401 2 bytes JMP 7694b21b C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2856] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                      0000000075971419 2 bytes JMP 7694b346 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                    0000000075971431 2 bytes JMP 769c8ea9 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                    000000007597144a 2 bytes CALL 769248ad C:\Windows\syswow64\kernel32.dll
.text     ...                                                                                                                                                                                                                                         * 9
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2856] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                       00000000759714dd 2 bytes JMP 769c87a2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                00000000759714f5 2 bytes JMP 769c8978 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2856] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                       000000007597150d 2 bytes JMP 769c8698 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                0000000075971525 2 bytes JMP 769c8a62 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                      000000007597153d 2 bytes JMP 7693fca8 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2856] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                           0000000075971555 2 bytes JMP 769468ef C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                    000000007597156d 2 bytes JMP 769c8f61 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                      0000000075971585 2 bytes JMP 769c8ac2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2856] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                         000000007597159d 2 bytes JMP 769c865c C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                      00000000759715b5 2 bytes JMP 7693fd41 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                    00000000759715cd 2 bytes JMP 7694b2dc C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                00000000759716b2 2 bytes JMP 769c8e24 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                00000000759716bd 2 bytes JMP 769c85f1 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3164] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                                                                                                         0000000075971401 2 bytes JMP 7694b21b C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3164] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                                                                                                           0000000075971419 2 bytes JMP 7694b346 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3164] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                                                                                                         0000000075971431 2 bytes JMP 769c8ea9 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3164] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                                                                                                         000000007597144a 2 bytes CALL 769248ad C:\Windows\syswow64\kernel32.dll
.text     ...                                                                                                                                                                                                                                         * 9
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3164] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                                                                                                            00000000759714dd 2 bytes JMP 769c87a2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3164] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                                                                                                     00000000759714f5 2 bytes JMP 769c8978 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3164] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                                                                                                            000000007597150d 2 bytes JMP 769c8698 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3164] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                                                                                                     0000000075971525 2 bytes JMP 769c8a62 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3164] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                                                                                                           000000007597153d 2 bytes JMP 7693fca8 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3164] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                                                                                                                0000000075971555 2 bytes JMP 769468ef C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3164] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                                                                                                         000000007597156d 2 bytes JMP 769c8f61 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3164] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                                                                                                           0000000075971585 2 bytes JMP 769c8ac2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3164] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                                                                                                              000000007597159d 2 bytes JMP 769c865c C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3164] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                                                                                                           00000000759715b5 2 bytes JMP 7693fd41 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3164] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                                                                                                         00000000759715cd 2 bytes JMP 7694b2dc C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3164] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                                                                                                     00000000759716b2 2 bytes JMP 769c8e24 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3164] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                                                                                                     00000000759716bd 2 bytes JMP 769c85f1 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                       0000000075971401 2 bytes JMP 7694b21b C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3456] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                         0000000075971419 2 bytes JMP 7694b346 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                       0000000075971431 2 bytes JMP 769c8ea9 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                       000000007597144a 2 bytes CALL 769248ad C:\Windows\syswow64\kernel32.dll
.text     ...                                                                                                                                                                                                                                         * 9
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3456] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                          00000000759714dd 2 bytes JMP 769c87a2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                   00000000759714f5 2 bytes JMP 769c8978 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3456] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                          000000007597150d 2 bytes JMP 769c8698 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                   0000000075971525 2 bytes JMP 769c8a62 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                         000000007597153d 2 bytes JMP 7693fca8 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3456] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                              0000000075971555 2 bytes JMP 769468ef C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                       000000007597156d 2 bytes JMP 769c8f61 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                         0000000075971585 2 bytes JMP 769c8ac2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3456] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                            000000007597159d 2 bytes JMP 769c865c C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                         00000000759715b5 2 bytes JMP 7693fd41 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                       00000000759715cd 2 bytes JMP 7694b2dc C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                   00000000759716b2 2 bytes JMP 769c8e24 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                   00000000759716bd 2 bytes JMP 769c85f1 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                             0000000075971401 2 bytes JMP 7694b21b C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3672] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                               0000000075971419 2 bytes JMP 7694b346 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                             0000000075971431 2 bytes JMP 769c8ea9 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                             000000007597144a 2 bytes CALL 769248ad C:\Windows\syswow64\kernel32.dll
.text     ...                                                                                                                                                                                                                                         * 9
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3672] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                00000000759714dd 2 bytes JMP 769c87a2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                         00000000759714f5 2 bytes JMP 769c8978 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3672] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                000000007597150d 2 bytes JMP 769c8698 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                         0000000075971525 2 bytes JMP 769c8a62 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                               000000007597153d 2 bytes JMP 7693fca8 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3672] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                    0000000075971555 2 bytes JMP 769468ef C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                             000000007597156d 2 bytes JMP 769c8f61 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                               0000000075971585 2 bytes JMP 769c8ac2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3672] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                  000000007597159d 2 bytes JMP 769c865c C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                               00000000759715b5 2 bytes JMP 7693fd41 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                             00000000759715cd 2 bytes JMP 7694b2dc C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                         00000000759716b2 2 bytes JMP 769c8e24 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                         00000000759716bd 2 bytes JMP 769c85f1 C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[3748] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17                                                                                                                       0000000075971401 2 bytes JMP 7694b21b C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[3748] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17                                                                                                                         0000000075971419 2 bytes JMP 7694b346 C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[3748] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17                                                                                                                       0000000075971431 2 bytes JMP 769c8ea9 C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[3748] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42                                                                                                                       000000007597144a 2 bytes CALL 769248ad C:\Windows\syswow64\kernel32.dll
.text     ...                                                                                                                                                                                                                                         * 9
.text     C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[3748] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17                                                                                                                          00000000759714dd 2 bytes JMP 769c87a2 C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[3748] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17                                                                                                                   00000000759714f5 2 bytes JMP 769c8978 C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[3748] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17                                                                                                                          000000007597150d 2 bytes JMP 769c8698 C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[3748] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17                                                                                                                   0000000075971525 2 bytes JMP 769c8a62 C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[3748] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17                                                                                                                         000000007597153d 2 bytes JMP 7693fca8 C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[3748] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17                                                                                                                              0000000075971555 2 bytes JMP 769468ef C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[3748] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17                                                                                                                       000000007597156d 2 bytes JMP 769c8f61 C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[3748] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17                                                                                                                         0000000075971585 2 bytes JMP 769c8ac2 C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[3748] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17                                                                                                                            000000007597159d 2 bytes JMP 769c865c C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[3748] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17                                                                                                                         00000000759715b5 2 bytes JMP 7693fd41 C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[3748] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17                                                                                                                       00000000759715cd 2 bytes JMP 7694b2dc C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[3748] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20                                                                                                                   00000000759716b2 2 bytes JMP 769c8e24 C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[3748] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31                                                                                                                   00000000759716bd 2 bytes JMP 769c85f1 C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Wuala\Wuala.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                               0000000075971401 2 bytes JMP 7694b21b C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Wuala\Wuala.exe[3120] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                                 0000000075971419 2 bytes JMP 7694b346 C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Wuala\Wuala.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                               0000000075971431 2 bytes JMP 769c8ea9 C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Wuala\Wuala.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                               000000007597144a 2 bytes CALL 769248ad C:\Windows\syswow64\kernel32.dll
.text     ...                                                                                                                                                                                                                                         * 9
.text     C:\Users\Daniel\AppData\Roaming\Wuala\Wuala.exe[3120] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                                  00000000759714dd 2 bytes JMP 769c87a2 C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Wuala\Wuala.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                           00000000759714f5 2 bytes JMP 769c8978 C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Wuala\Wuala.exe[3120] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                                  000000007597150d 2 bytes JMP 769c8698 C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Wuala\Wuala.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                           0000000075971525 2 bytes JMP 769c8a62 C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Wuala\Wuala.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                                 000000007597153d 2 bytes JMP 7693fca8 C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Wuala\Wuala.exe[3120] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                                      0000000075971555 2 bytes JMP 769468ef C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Wuala\Wuala.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                               000000007597156d 2 bytes JMP 769c8f61 C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Wuala\Wuala.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                                 0000000075971585 2 bytes JMP 769c8ac2 C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Wuala\Wuala.exe[3120] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                                    000000007597159d 2 bytes JMP 769c865c C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Wuala\Wuala.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                                 00000000759715b5 2 bytes JMP 7693fd41 C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Wuala\Wuala.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                               00000000759715cd 2 bytes JMP 7694b2dc C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Wuala\Wuala.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                           00000000759716b2 2 bytes JMP 769c8e24 C:\Windows\syswow64\kernel32.dll
.text     C:\Users\Daniel\AppData\Roaming\Wuala\Wuala.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                           00000000759716bd 2 bytes JMP 769c85f1 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                   0000000075971401 2 bytes JMP 7694b21b C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[2208] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                     0000000075971419 2 bytes JMP 7694b346 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                   0000000075971431 2 bytes JMP 769c8ea9 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                   000000007597144a 2 bytes CALL 769248ad C:\Windows\syswow64\kernel32.dll
.text     ...                                                                                                                                                                                                                                         * 9
.text     C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[2208] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                      00000000759714dd 2 bytes JMP 769c87a2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                               00000000759714f5 2 bytes JMP 769c8978 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[2208] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                      000000007597150d 2 bytes JMP 769c8698 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                               0000000075971525 2 bytes JMP 769c8a62 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                     000000007597153d 2 bytes JMP 7693fca8 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[2208] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                          0000000075971555 2 bytes JMP 769468ef C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                   000000007597156d 2 bytes JMP 769c8f61 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                     0000000075971585 2 bytes JMP 769c8ac2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[2208] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                        000000007597159d 2 bytes JMP 769c865c C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                     00000000759715b5 2 bytes JMP 7693fd41 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                   00000000759715cd 2 bytes JMP 7694b2dc C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                               00000000759716b2 2 bytes JMP 769c8e24 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                               00000000759716bd 2 bytes JMP 769c85f1 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4176] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                       0000000075971401 2 bytes JMP 7694b21b C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4176] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                         0000000075971419 2 bytes JMP 7694b346 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                       0000000075971431 2 bytes JMP 769c8ea9 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                       000000007597144a 2 bytes CALL 769248ad C:\Windows\syswow64\kernel32.dll
.text     ...                                                                                                                                                                                                                                         * 9
.text     C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4176] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                          00000000759714dd 2 bytes JMP 769c87a2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4176] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                   00000000759714f5 2 bytes JMP 769c8978 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4176] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                          000000007597150d 2 bytes JMP 769c8698 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4176] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                   0000000075971525 2 bytes JMP 769c8a62 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4176] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                         000000007597153d 2 bytes JMP 7693fca8 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4176] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                              0000000075971555 2 bytes JMP 769468ef C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4176] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                       000000007597156d 2 bytes JMP 769c8f61 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4176] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                         0000000075971585 2 bytes JMP 769c8ac2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4176] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                            000000007597159d 2 bytes JMP 769c865c C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4176] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                         00000000759715b5 2 bytes JMP 7693fd41 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4176] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                       00000000759715cd 2 bytes JMP 7694b2dc C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4176] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                   00000000759716b2 2 bytes JMP 769c8e24 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4176] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                   00000000759716bd 2 bytes JMP 769c85f1 C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\svchost.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                                               0000000075971401 2 bytes JMP 7694b21b C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\svchost.exe[4376] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                                                 0000000075971419 2 bytes JMP 7694b346 C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\svchost.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                                               0000000075971431 2 bytes JMP 769c8ea9 C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\svchost.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                                               000000007597144a 2 bytes CALL 769248ad C:\Windows\syswow64\kernel32.dll
.text     ...                                                                                                                                                                                                                                         * 9
.text     C:\Windows\SysWOW64\svchost.exe[4376] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                                                  00000000759714dd 2 bytes JMP 769c87a2 C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\svchost.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                                           00000000759714f5 2 bytes JMP 769c8978 C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\svchost.exe[4376] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                                                  000000007597150d 2 bytes JMP 769c8698 C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\svchost.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                                           0000000075971525 2 bytes JMP 769c8a62 C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\svchost.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                                                 000000007597153d 2 bytes JMP 7693fca8 C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\svchost.exe[4376] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                                                      0000000075971555 2 bytes JMP 769468ef C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\svchost.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                                               000000007597156d 2 bytes JMP 769c8f61 C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\svchost.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                                                 0000000075971585 2 bytes JMP 769c8ac2 C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\svchost.exe[4376] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                                                    000000007597159d 2 bytes JMP 769c865c C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\svchost.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                                                 00000000759715b5 2 bytes JMP 7693fd41 C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\svchost.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                                               00000000759715cd 2 bytes JMP 7694b2dc C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\svchost.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                                           00000000759716b2 2 bytes JMP 769c8e24 C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\svchost.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                                           00000000759716bd 2 bytes JMP 769c85f1 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4760] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                      0000000075971401 2 bytes JMP 7694b21b C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4760] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                        0000000075971419 2 bytes JMP 7694b346 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                      0000000075971431 2 bytes JMP 769c8ea9 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                      000000007597144a 2 bytes CALL 769248ad C:\Windows\syswow64\kernel32.dll
.text     ...                                                                                                                                                                                                                                         * 9
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4760] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                         00000000759714dd 2 bytes JMP 769c87a2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4760] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                  00000000759714f5 2 bytes JMP 769c8978 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4760] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                         000000007597150d 2 bytes JMP 769c8698 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4760] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                  0000000075971525 2 bytes JMP 769c8a62 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4760] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                        000000007597153d 2 bytes JMP 7693fca8 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4760] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                             0000000075971555 2 bytes JMP 769468ef C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4760] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                      000000007597156d 2 bytes JMP 769c8f61 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4760] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                        0000000075971585 2 bytes JMP 769c8ac2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4760] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                           000000007597159d 2 bytes JMP 769c865c C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4760] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                        00000000759715b5 2 bytes JMP 7693fd41 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4760] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                      00000000759715cd 2 bytes JMP 7694b2dc C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4760] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                  00000000759716b2 2 bytes JMP 769c8e24 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4760] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                  00000000759716bd 2 bytes JMP 769c85f1 C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\PnkBstrA.exe[5032] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82                                                                                                                                                            0000000071c117fa 2 bytes CALL 769211a9 C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\PnkBstrA.exe[5032] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88                                                                                                                                                        0000000071c11860 2 bytes CALL 769211a9 C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\PnkBstrA.exe[5032] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98                                                                                                                                                      0000000071c11942 2 bytes JMP 76f57089 C:\Windows\syswow64\WS2_32.dll
.text     C:\Windows\SysWOW64\PnkBstrA.exe[5032] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109                                                                                                                                                     0000000071c1194d 2 bytes JMP 76f5cba6 C:\Windows\syswow64\WS2_32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                     0000000075971401 2 bytes JMP 7694b21b C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[6008] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                       0000000075971419 2 bytes JMP 7694b346 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                     0000000075971431 2 bytes JMP 769c8ea9 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                     000000007597144a 2 bytes CALL 769248ad C:\Windows\syswow64\kernel32.dll
.text     ...                                                                                                                                                                                                                                         * 9
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[6008] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                        00000000759714dd 2 bytes JMP 769c87a2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                 00000000759714f5 2 bytes JMP 769c8978 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[6008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                        000000007597150d 2 bytes JMP 769c8698 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                 0000000075971525 2 bytes JMP 769c8a62 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                       000000007597153d 2 bytes JMP 7693fca8 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[6008] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                            0000000075971555 2 bytes JMP 769468ef C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                     000000007597156d 2 bytes JMP 769c8f61 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                       0000000075971585 2 bytes JMP 769c8ac2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[6008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                          000000007597159d 2 bytes JMP 769c865c C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                       00000000759715b5 2 bytes JMP 7693fd41 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                     00000000759715cd 2 bytes JMP 7694b2dc C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                 00000000759716b2 2 bytes JMP 769c8e24 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[6008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                 00000000759716bd 2 bytes JMP 769c85f1 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[8572] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                              0000000075971401 2 bytes JMP 7694b21b C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[8572] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                0000000075971419 2 bytes JMP 7694b346 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[8572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                              0000000075971431 2 bytes JMP 769c8ea9 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[8572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                              000000007597144a 2 bytes CALL 769248ad C:\Windows\syswow64\kernel32.dll
.text     ...                                                                                                                                                                                                                                         * 9
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[8572] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                 00000000759714dd 2 bytes JMP 769c87a2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[8572] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                          00000000759714f5 2 bytes JMP 769c8978 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[8572] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                 000000007597150d 2 bytes JMP 769c8698 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[8572] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                          0000000075971525 2 bytes JMP 769c8a62 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[8572] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                000000007597153d 2 bytes JMP 7693fca8 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[8572] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                     0000000075971555 2 bytes JMP 769468ef C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[8572] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                              000000007597156d 2 bytes JMP 769c8f61 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[8572] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                0000000075971585 2 bytes JMP 769c8ac2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[8572] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                   000000007597159d 2 bytes JMP 769c865c C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[8572] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                00000000759715b5 2 bytes JMP 7693fd41 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[8572] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                              00000000759715cd 2 bytes JMP 7694b2dc C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[8572] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                          00000000759716b2 2 bytes JMP 769c8e24 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[8572] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                          00000000759716bd 2 bytes JMP 769c85f1 C:\Windows\syswow64\kernel32.dll

---- Threads - GMER 2.1 ----

Thread    C:\Windows\SysWOW64\ntdll.dll [2400:2404]                                                                                                                                                                                                   0000000000fdc18f
Thread    C:\Windows\SysWOW64\svchost.exe [4376:4616]                                                                                                                                                                                                 000000007ef90000
Thread    C:\Windows\SysWOW64\svchost.exe [4376:4652]                                                                                                                                                                                                 000000007efa35f2
Thread    C:\Windows\SysWOW64\svchost.exe [4376:4684]                                                                                                                                                                                                 000000007efa89be
Thread    C:\Windows\SysWOW64\svchost.exe [4376:8392]                                                                                                                                                                                                 000000007efacef3
Thread    C:\Windows\SysWOW64\svchost.exe [4376:10896]                                                                                                                                                                                                000000007efa6f66
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [8836:9276]                                                                                                                                                                              000007fefb6a2bf8
---- Processes - GMER 2.1 ----

Library   C:\Users\Daniel\AppData\Local\Microsoft\Windows Sidebar\Gadgets\QuadCoreUsage17.gadget\SharedMemoryReader.dll (*** suspicious ***) @ C:\Program Files\Windows Sidebar\sidebar.exe [3512] (SharedMemoryReader/Orbmu2k)(2010-06-08 22:13:15)  0000000063260000
Library   C:\Users\Daniel\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe [3748](2014-11-13 06:49:58)                                                                     0000000004090000
Library   c:\users\daniel\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjblg_s.dll (*** suspicious ***) @ C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe [3748](2014-11-17 21:17:20)                       0000000003320000
Library   C:\Users\Daniel\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe [3748](2013-08-23 19:01:44)                                                                           000000005e540000
Library   C:\Users\Daniel\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe [3748] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42)                                             000000005cdf0000
Library   C:\Users\Daniel\AppData\Local\Wuala\Program0\lib.465\jnidispatch.dll (*** suspicious ***) @ C:\Users\Daniel\AppData\Roaming\Wuala\Wuala.exe [3120] (JNA native library/Java(TM) Native Access (JNA))(2014-11-13 05:54:52)                   0000000010000000
Library   C:\Users\Daniel\AppData\Local\Wuala\Program0\lib.465\swt-win32-4332.dll (*** suspicious ***) @ C:\Users\Daniel\AppData\Roaming\Wuala\Wuala.exe [3120] (SWT for Windows native library/Eclipse Foundation)(2014-11-13 05:54:53)              0000000005cd0000
Library   C:\Users\Daniel\AppData\Local\Wuala\Program0\lib.465\orangevolt-4n-1.1.2.dll (*** suspicious ***) @ C:\Users\Daniel\AppData\Roaming\Wuala\Wuala.exe [3120](2014-11-13 05:54:53)                                                             0000000057e70000
Library   C:\Users\Daniel\AppData\Local\Wuala\Program0\lib.465\jcbfs3.dll (*** suspicious ***) @ C:\Users\Daniel\AppData\Roaming\Wuala\Wuala.exe [3120](2014-11-13 05:54:53)                                                                          0000000057a50000

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd10193b                                                                                                                                                                 
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd10193b@04180f186823                                                                                                                                                    0xD1 0xC4 0x49 0x47 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd10193b (not active ControlSet)                                                                                                                                             
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd10193b@04180f186823                                                                                                                                                        0xD1 0xC4 0x49 0x47 ...
Reg       HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Daniel\AppData\Local\Logitech\xae Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe                                             1

---- EOF - GMER 2.1 ----

antivir fund danach.

Code:

ATTFilter

Antivirus Pro
Erstellungsdatum der Reportdatei: Dienstag, 18. November 2014  18:25


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.


Plattform      : Windows 7 Ultimate
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : Daniel
Computername   : ESSPRESSO

Versionsinformationen:
BUILD.DAT      : 14.0.7.306     94325 Bytes  26.09.2014 10:03:00
AVSCAN.EXE     : 14.0.7.266   1014576 Bytes  07.10.2014 09:31:49
AVSCANRC.DLL   : 14.0.7.220     65272 Bytes  07.10.2014 09:31:49
LUKE.DLL       : 14.0.7.220     59696 Bytes  07.10.2014 09:31:52
AVSCPLR.DLL    : 14.0.7.266     94512 Bytes  07.10.2014 09:31:49
REPAIR.DLL     : 14.0.7.266    366328 Bytes  07.10.2014 09:31:49
REPAIR.RDF     : 1.0.2.30      596694 Bytes  25.10.2014 09:12:06
AVREG.DLL      : 14.0.7.220    264952 Bytes  07.10.2014 09:31:49
AVLODE.DLL     : 14.0.7.266    563448 Bytes  07.10.2014 09:31:48
AVLODE.RDF     : 14.0.4.50      76508 Bytes  11.11.2014 15:04:32
XBV00012.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:26:49
XBV00013.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:26:49
XBV00014.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:26:49
XBV00015.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:26:49
XBV00016.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:26:49
XBV00017.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:26:49
XBV00018.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:26:49
XBV00019.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:26:49
XBV00020.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:26:49
XBV00021.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:26:49
XBV00022.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:26:49
XBV00023.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:26:49
XBV00024.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:26:49
XBV00025.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:26:49
XBV00026.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:26:49
XBV00027.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:26:49
XBV00028.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:26:49
XBV00029.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:26:49
XBV00030.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:26:49
XBV00031.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:26:49
XBV00032.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:26:49
XBV00033.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:26:49
XBV00034.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:26:49
XBV00035.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:26:49
XBV00036.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:26:49
XBV00037.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:26:49
XBV00038.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:26:49
XBV00039.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:26:49
XBV00040.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:26:49
XBV00041.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:26:49
XBV00093.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00094.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00095.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00096.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00097.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00098.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00099.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00100.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00101.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00102.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00103.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00104.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00105.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00106.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00107.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00108.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00109.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00110.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00111.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00112.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00113.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00114.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00115.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00116.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00117.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00118.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00119.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00120.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00121.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00122.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00123.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00124.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00125.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00126.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00127.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00128.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:33
XBV00129.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00130.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00131.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00132.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00133.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00134.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00135.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00136.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00137.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00138.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00139.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00140.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00141.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00142.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00143.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00144.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00145.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00146.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00147.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00148.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00149.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00150.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00151.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00152.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00153.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00154.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00155.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00156.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00157.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00158.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00159.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00160.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00161.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00162.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00163.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00164.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00165.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00166.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00167.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00168.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00169.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00170.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00171.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00172.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00173.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00174.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00175.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00176.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00177.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00178.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00179.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00180.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00181.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00182.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00183.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00184.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00185.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00186.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00187.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00188.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00189.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00190.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00191.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00192.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00193.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00194.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00195.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00196.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00197.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00198.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00199.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00200.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:34
XBV00201.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00202.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00203.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00204.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00205.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00206.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00207.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00208.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00209.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00210.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00211.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00212.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00213.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00214.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00215.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00216.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00217.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00218.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00219.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00220.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00221.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00222.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00223.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00224.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00225.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00226.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00227.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00228.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00229.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00230.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00231.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00232.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00233.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00234.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00235.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00236.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00237.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00238.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00239.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00240.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00241.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00242.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00243.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00244.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00245.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00246.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00247.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00248.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00249.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00250.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00251.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00252.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00253.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00254.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00255.VDF   : 8.11.184.50     2048 Bytes  11.11.2014 15:04:35
XBV00000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 10:37:22
XBV00001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 10:37:22
XBV00002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 10:37:22
XBV00003.VDF   : 7.11.85.214  2162688 Bytes  21.06.2013 10:37:22
XBV00004.VDF   : 7.11.91.176  3903488 Bytes  23.07.2013 10:37:22
XBV00005.VDF   : 7.11.98.186  6822912 Bytes  29.08.2013 10:37:22
XBV00006.VDF   : 7.11.139.38 15708672 Bytes  27.03.2014 14:03:23
XBV00007.VDF   : 7.11.152.100  4193792 Bytes  02.06.2014 14:39:49
XBV00008.VDF   : 8.11.165.192  4251136 Bytes  07.08.2014 13:26:49
XBV00009.VDF   : 8.11.172.30  2094080 Bytes  15.09.2014 11:09:45
XBV00010.VDF   : 8.11.178.32  1581056 Bytes  14.10.2014 07:50:47
XBV00011.VDF   : 8.11.184.50  2178560 Bytes  11.11.2014 15:04:32
XBV00042.VDF   : 8.11.184.74     2048 Bytes  11.11.2014 15:04:32
XBV00043.VDF   : 8.11.184.98    37376 Bytes  11.11.2014 15:04:32
XBV00044.VDF   : 8.11.184.124    20992 Bytes  11.11.2014 22:04:45
XBV00045.VDF   : 8.11.184.126     2048 Bytes  11.11.2014 22:04:45
XBV00046.VDF   : 8.11.184.152    17920 Bytes  11.11.2014 22:04:45
XBV00047.VDF   : 8.11.184.154    12288 Bytes  11.11.2014 06:09:21
XBV00048.VDF   : 8.11.184.156     5632 Bytes  12.11.2014 06:09:21
XBV00049.VDF   : 8.11.184.160     6656 Bytes  12.11.2014 06:09:21
XBV00050.VDF   : 8.11.184.182     8704 Bytes  12.11.2014 12:59:34
XBV00051.VDF   : 8.11.184.202     6144 Bytes  12.11.2014 12:59:34
XBV00052.VDF   : 8.11.184.204    10752 Bytes  12.11.2014 12:59:34
XBV00053.VDF   : 8.11.184.224    28160 Bytes  12.11.2014 14:59:33
XBV00054.VDF   : 8.11.184.246    34304 Bytes  12.11.2014 20:59:34
XBV00055.VDF   : 8.11.184.250    15360 Bytes  12.11.2014 22:59:34
XBV00056.VDF   : 8.11.184.252    11776 Bytes  12.11.2014 02:00:34
XBV00057.VDF   : 8.11.185.18    35840 Bytes  13.11.2014 18:22:34
XBV00058.VDF   : 8.11.185.38    35840 Bytes  13.11.2014 18:22:34
XBV00059.VDF   : 8.11.185.58    10240 Bytes  13.11.2014 18:22:34
XBV00060.VDF   : 8.11.185.60     2048 Bytes  13.11.2014 18:22:34
XBV00061.VDF   : 8.11.185.62     7168 Bytes  13.11.2014 18:22:34
XBV00062.VDF   : 8.11.185.82     9216 Bytes  13.11.2014 18:22:34
XBV00063.VDF   : 8.11.185.102    29696 Bytes  13.11.2014 20:22:33
XBV00064.VDF   : 8.11.185.104     2048 Bytes  13.11.2014 20:22:33
XBV00065.VDF   : 8.11.185.108    20480 Bytes  13.11.2014 17:41:06
XBV00066.VDF   : 8.11.185.110     4608 Bytes  13.11.2014 17:41:06
XBV00067.VDF   : 8.11.185.112    26112 Bytes  14.11.2014 17:41:06
XBV00068.VDF   : 8.11.185.132     9216 Bytes  14.11.2014 17:41:06
XBV00069.VDF   : 8.11.185.150     4608 Bytes  14.11.2014 17:41:06
XBV00070.VDF   : 8.11.185.168    15360 Bytes  14.11.2014 17:41:06
XBV00071.VDF   : 8.11.185.186    17920 Bytes  14.11.2014 17:41:06
XBV00072.VDF   : 8.11.185.204     8192 Bytes  14.11.2014 17:41:06
XBV00073.VDF   : 8.11.185.224   203264 Bytes  14.11.2014 00:32:22
XBV00074.VDF   : 8.11.185.226     5120 Bytes  14.11.2014 00:32:22
XBV00075.VDF   : 8.11.185.228     2048 Bytes  14.11.2014 00:32:22
XBV00076.VDF   : 8.11.186.8     34304 Bytes  14.11.2014 12:32:46
XBV00077.VDF   : 8.11.186.26    41472 Bytes  15.11.2014 12:32:46
XBV00078.VDF   : 8.11.186.44     2048 Bytes  15.11.2014 12:32:46
XBV00079.VDF   : 8.11.186.62    18432 Bytes  15.11.2014 14:32:43
XBV00080.VDF   : 8.11.186.88    20480 Bytes  15.11.2014 16:32:43
XBV00081.VDF   : 8.11.186.106     2048 Bytes  15.11.2014 13:02:43
XBV00082.VDF   : 8.11.186.108    69632 Bytes  16.11.2014 13:02:43
XBV00083.VDF   : 8.11.186.110     2048 Bytes  16.11.2014 13:02:44
XBV00084.VDF   : 8.11.186.112     2048 Bytes  16.11.2014 13:02:44
XBV00085.VDF   : 8.11.186.128     5120 Bytes  16.11.2014 19:02:44
XBV00086.VDF   : 8.11.186.130    56320 Bytes  16.11.2014 19:02:44
XBV00087.VDF   : 8.11.186.146    67584 Bytes  17.11.2014 12:43:25
XBV00088.VDF   : 8.11.186.162   108032 Bytes  17.11.2014 12:43:25
XBV00089.VDF   : 8.11.186.164     2048 Bytes  17.11.2014 12:43:25
XBV00090.VDF   : 8.11.186.180     8704 Bytes  17.11.2014 18:25:26
XBV00091.VDF   : 8.11.186.196    16896 Bytes  17.11.2014 18:25:26
XBV00092.VDF   : 8.11.186.214    19968 Bytes  17.11.2014 22:25:34
LOCAL001.VDF   : 8.11.186.214 114803200 Bytes  17.11.2014 22:25:47
Engineversion  : 8.3.26.16 
AEVDF.DLL      : 8.3.1.6       133992 Bytes  20.08.2014 16:36:32
AESCRIPT.DLL   : 8.2.2.22      526248 Bytes  17.11.2014 12:43:24
AESCN.DLL      : 8.3.2.2       139456 Bytes  21.07.2014 11:19:31
AESBX.DLL      : 8.2.20.24    1409224 Bytes  08.05.2014 16:31:01
AERDL.DLL      : 8.2.1.16      743328 Bytes  29.10.2014 12:34:47
AEPACK.DLL     : 8.4.0.54      788392 Bytes  24.09.2014 15:28:37
AEOFFICE.DLL   : 8.3.1.6       350120 Bytes  17.11.2014 12:43:24
AEHEUR.DLL     : 8.1.4.1396   7772072 Bytes  17.11.2014 12:43:24
AEHELP.DLL     : 8.3.1.0       278728 Bytes  29.05.2014 06:47:01
AEGEN.DLL      : 8.1.7.34      453480 Bytes  06.11.2014 23:21:44
AEEXP.DLL      : 8.4.2.44      251808 Bytes  17.11.2014 12:43:25
AEEMU.DLL      : 8.1.3.4       399264 Bytes  07.08.2014 15:26:25
AEDROID.DLL    : 8.4.2.248     812968 Bytes  17.11.2014 12:43:25
AECORE.DLL     : 8.3.2.6       243712 Bytes  07.08.2014 15:26:25
AEBB.DLL       : 8.1.2.0        60448 Bytes  07.08.2014 15:26:25
AVWINLL.DLL    : 14.0.7.220     25904 Bytes  07.10.2014 09:31:47
AVPREF.DLL     : 14.0.7.220     52016 Bytes  07.10.2014 09:31:49
AVREP.DLL      : 14.0.7.220    220976 Bytes  07.10.2014 09:31:49
AVARKT.DLL     : 14.0.7.220    227632 Bytes  07.10.2014 09:31:48
AVEVTLOG.DLL   : 14.0.7.220    185080 Bytes  07.10.2014 09:31:48
SQLITE3.DLL    : 14.0.7.220    453936 Bytes  07.10.2014 09:31:52
AVSMTP.DLL     : 14.0.7.220     79096 Bytes  07.10.2014 09:31:49
NETNT.DLL      : 14.0.7.220     15152 Bytes  07.10.2014 09:31:52
RCIMAGE.DLL    : 14.0.7.220   4887856 Bytes  07.10.2014 09:31:47
RCTEXT.DLL     : 14.0.7.240     77048 Bytes  07.10.2014 09:31:47

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Windows Systemverzeichnis
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysdir.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, 
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Dienstag, 18. November 2014  18:25

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:)'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '115' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '151' Modul(e) wurden durchsucht
Durchsuche Prozess 'UMVPFSrv.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'NetworkLicenseServer.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'schedul2.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'AEADISRV.EXE' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'afcdpsrv.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'AllShareFrameworkManagerDMS.exe' - '11' Modul(e) wurden durchsucht
Durchsuche Prozess 'AllShareFrameworkDMS.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '136' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'apnmcp.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '189' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'nsd.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'lacie_dm_service.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SUService.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'MDM.EXE' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'ntmulti.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvstreamsvc.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'PMBDeviceInfoProvider.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'PsiService_2.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Samsung Link.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'Samsung Link.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvstreamsvc.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'SoundMAX.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmdc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'NvTmru.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'SetPoint.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'schedhlp.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'Samsung Link Tray Agent.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'BlueBirds.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'StikyNot.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMIndexStoreSvr.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'LaCieDesktopManagerStatusItem.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'ApplePhotoStreams.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'iCloudServices.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'DynTray.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'Wuala.exe' - '113' Modul(e) wurden durchsucht
Durchsuche Prozess 'CorelIOMonitor.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'fwupdate.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVD8Serv.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'brs.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'smax4pnp.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'LWS.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVD10Serv.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'TBNotifier.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrueImageMonitor.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'TibMounterMonitor.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '127' Modul(e) wurden durchsucht
Durchsuche Prozess 'KHALMNPR.EXE' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'mounter.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'PMBVolumeWatcher.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'DynUpSvc.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAANTMon.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc7.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'avwebg7.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMIndexingService.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'UI0Detect.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'SOHDms.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'SpfService64.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'sppsvc.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'syncagentsrv.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'WmiApSrv.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '152' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Users\Name\AppData\Roaming\Script\script.exe
  [FUND]      Ist das Trojanische Pferd TR/Crypt.Xpack.102863

Die Registry wurde durchsucht ( '83474' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Windows\system32'

Beginne mit der Desinfektion:
Der Registrierungseintrag <HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Start> wurde erfolgreich repariert.
Der Registrierungseintrag <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\script> konnte nicht entfernt werden.
Der Registrierungseintrag <HKEY_USERS\S-1-5-21-3622117705-1755725411-2992989562-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\script> wurde erfolgreich entfernt.
C:\Users\Name\AppData\Roaming\Script\script.exe
  [FUND]      Ist das Trojanische Pferd TR/Crypt.Xpack.102863
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '526535a8.qua' verschoben!
  [WARNUNG]   Der Registrierungseintrag <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\script> konnte nicht repariert werden.
  [HINWEIS]   Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.
  [HINWEIS]   Der Registrierungseintrag <HKEY_USERS\S-1-5-21-3622117705-1755725411-2992989562-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\script> wurde erfolgreich repariert.


Ende des Suchlaufs: Dienstag, 18. November 2014  19:52
Benötigte Zeit: 08:44 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

   1382 Verzeichnisse wurden überprüft
 244303 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 244302 Dateien ohne Befall
   1307 Archive wurden durchsucht
      1 Warnungen
      1 Hinweise

Die Reparaturanweisungen wurden in die Datei 'C:\avrescue\rescue.avp' geschrieben.

schrauber · 20.11.2014, 05:52

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

Bundled software uninstaller
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

danigg · 20.11.2014, 07:56

Danke, bundled software uninstaller konnte ich bei Revo nicht finden.

Code:

ATTFilter

ComboFix 14-11-18.01 - Daniel 20.11.2014   7:41.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.41.1031.18.6135.3237 [GMT 1:00]
ausgeführt von:: d:\download\trojanerboard\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\hb_5DC1.tmp
C:\install.exe
c:\programdata\xml6548.tmp
c:\programdata\xml6826.tmp
c:\programdata\xml68E2.tmp
c:\programdata\xmlBBD1.tmp
c:\programdata\xmlBDC5.tmp
c:\programdata\xmlBE34.tmp
c:\users\Daniel\AppData\Local\._Revolution_
c:\users\Daniel\AppData\Local\assembly\tmp
c:\windows\msdownld.tmp
c:\windows\SysWow64\tmpE678.tmp
c:\windows\SysWow64\tmpE688.tmp
c:\windows\TEMP\sqlite-3.7.2-sqlitejdbc.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-10-20 bis 2014-11-20  ))))))))))))))))))))))))))))))
.
.
2014-11-20 06:52 . 2014-11-20 06:52	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-11-20 06:52 . 2014-11-20 06:52	--------	d-----w-	c:\users\Test Nigg\AppData\Local\temp
2014-11-20 06:52 . 2014-11-20 06:52	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-11-20 06:34 . 2014-11-20 06:34	--------	d-----w-	c:\program files (x86)\VS Revo Group
2014-11-19 21:20 . 2014-11-19 21:20	--------	d-----w-	c:\windows\ERUNT
2014-11-19 15:43 . 2014-11-19 16:14	--------	d-----w-	C:\AdwCleaner
2014-11-19 15:20 . 2014-11-19 16:32	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-19 15:20 . 2014-10-01 10:11	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-11-19 15:20 . 2014-10-01 10:11	93400	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-11-19 15:20 . 2014-10-01 10:11	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-11-19 15:20 . 2014-11-19 15:20	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-11-19 15:20 . 2014-11-19 15:20	--------	d-----w-	c:\programdata\Malwarebytes
2014-11-19 05:51 . 2014-11-11 03:08	241152	----a-w-	c:\windows\system32\pku2u.dll
2014-11-19 05:51 . 2014-11-11 03:08	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-11-19 05:51 . 2014-11-11 02:44	186880	----a-w-	c:\windows\SysWow64\pku2u.dll
2014-11-19 05:51 . 2014-11-11 02:44	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-11-17 21:45 . 2014-11-17 21:47	--------	d-----w-	C:\FRST
2014-11-17 21:09 . 2014-11-18 18:51	--------	d--h--w-	c:\users\Daniel\AppData\Roaming\Script
2014-11-12 22:53 . 2014-10-14 02:16	155064	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2014-11-12 22:53 . 2014-10-14 02:13	683520	----a-w-	c:\windows\system32\termsrv.dll
2014-11-12 22:53 . 2014-10-14 02:12	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-11-12 22:53 . 2014-10-14 02:07	681984	----a-w-	c:\windows\system32\adtschema.dll
2014-11-12 22:53 . 2014-10-14 01:46	681984	----a-w-	c:\windows\SysWow64\adtschema.dll
2014-11-12 22:53 . 2014-10-14 02:09	146432	----a-w-	c:\windows\system32\msaudite.dll
2014-11-12 22:53 . 2014-10-14 01:50	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-11-12 22:53 . 2014-10-14 01:49	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-11-12 22:53 . 2014-10-14 01:47	146432	----a-w-	c:\windows\SysWow64\msaudite.dll
2014-11-01 12:29 . 2014-11-01 12:29	--------	d-----w-	c:\users\Daniel\AppData\Local\Macroplant
2014-11-01 12:29 . 2014-11-01 12:29	--------	d-----w-	c:\program files (x86)\iExplorer
2014-10-25 13:38 . 2014-10-25 13:38	--------	d-----w-	c:\programdata\FLEXnet
2014-10-25 13:26 . 2014-10-25 13:26	--------	d-----w-	c:\program files (x86)\Common Files\Macrovision Shared
2014-10-25 13:26 . 2008-04-07 03:38	24416	----a-r-	c:\windows\system32\AdobePDFUI.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-13 02:04 . 2010-06-09 00:50	103374192	----a-w-	c:\windows\system32\MRT.exe
2014-11-12 17:32 . 2012-04-13 04:49	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-12 17:32 . 2011-06-02 06:50	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-27 15:11 . 2010-06-09 12:14	952	--sha-w-	c:\programdata\KGyGaAvL.sys
2014-10-07 09:31 . 2014-02-19 06:09	43064	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2014-10-07 09:31 . 2014-02-19 06:09	131608	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-10-07 09:31 . 2014-02-19 06:09	119272	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-09-25 02:08 . 2014-10-01 16:46	371712	----a-w-	c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 16:46	519680	----a-w-	c:\windows\SysWow64\qdvd.dll
2014-09-09 22:11 . 2014-09-23 18:44	2048	----a-w-	c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-23 18:44	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-09-04 05:23 . 2014-10-15 08:10	424448	----a-w-	c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-15 08:10	372736	----a-w-	c:\windows\SysWow64\rastls.dll
2014-08-29 02:07 . 2014-10-15 08:10	44032	----a-w-	c:\windows\system32\tsgqec.dll
2014-08-29 02:07 . 2014-10-15 08:10	3179520	----a-w-	c:\windows\system32\rdpcorets.dll
2014-08-29 02:07 . 2014-10-15 08:10	5780480	----a-w-	c:\windows\system32\mstscax.dll
2014-08-29 02:07 . 2014-10-15 08:10	322560	----a-w-	c:\windows\system32\aaclient.dll
2014-08-29 02:06 . 2014-10-15 08:10	1125888	----a-w-	c:\windows\system32\mstsc.exe
2014-08-29 01:44 . 2014-10-15 08:10	37376	----a-w-	c:\windows\SysWow64\tsgqec.dll
2014-08-29 01:44 . 2014-10-15 08:10	4922368	----a-w-	c:\windows\SysWow64\mstscax.dll
2014-08-29 01:44 . 2014-10-15 08:10	269312	----a-w-	c:\windows\SysWow64\aaclient.dll
2014-08-29 01:44 . 2014-10-15 08:10	1050112	----a-w-	c:\windows\SysWow64\mstsc.exe
2014-08-23 02:07 . 2014-08-28 17:23	404480	----a-w-	c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 17:23	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{1F7935EF-4F47-43CF-8582-44EFFC86721E}"
[HKEY_CLASSES_ROOT\CLSID\{1F7935EF-4F47-43CF-8582-44EFFC86721E}]
2012-04-09 15:27	158224	----a-w-	c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 15:27	158224	----a-w-	c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"bluebirds"="c:\users\Daniel\Bluebirds\BlueBirds.exe" [2009-04-29 270336]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-12-12 1840424]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]
"LaCie Desktop Manager Startup"="c:\program files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe" [2012-04-05 3441664]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" [2012-07-26 27760]
"Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-08 532808]
"Corel File Shell Monitor"="c:\program files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-08 16712]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"MDS_Menu"="c:\program files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-09-28 75048]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2010-07-20 1310720]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"Bonus.SSR.FR10"="c:\program files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" [2010-10-15 941320]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-14 81920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2014-02-04 7843744]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2013-10-10 1104616]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-10-07 703736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2014-10-03 2711576]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
.
c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-11-13 35419192]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
Wuala.lnk - c:\users\Daniel\AppData\Roaming\Wuala\Wuala.exe -silent [2010-12-15 453552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dyn Updater Tray Icon.lnk - c:\program files (x86)\DynDNS Updater\DynTray.exe [2011-11-15 78192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll
.
R1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys;c:\windows\SYSNATIVE\Drivers\uim_vimx64.sys [x]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/03/30 23:22;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Dyn Updater;Dyn Updater;c:\program files (x86)\DynDNS Updater\DynUpSvc.exe;c:\program files (x86)\DynDNS Updater\DynUpSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys;c:\windows\SYSNATIVE\DRIVERS\CamDrL64.sys [x]
R3 LVcKap64;Logitech AEC Driver;c:\windows\system32\DRIVERS\LVcKap64.sys;c:\windows\SYSNATIVE\DRIVERS\LVcKap64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 lvsels64;Logitech Selective Suspend Filter;c:\windows\system32\DRIVERS\lvsels64.sys;c:\windows\SYSNATIVE\DRIVERS\lvsels64.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 OXSDIDRV_x64;Oxford Semi eSATA Filter (x64);c:\windows\system32\DRIVERS\OXSDIDRV_x64.sys;c:\windows\SYSNATIVE\DRIVERS\OXSDIDRV_x64.sys [x]
R3 PayPen;PayPen;c:\windows\system32\Drivers\PayPen.sys;c:\windows\SYSNATIVE\Drivers\PayPen.sys [x]
R3 pendfu;PenDfu (pendfu.sys);c:\windows\system32\Drivers\pendfu.sys;c:\windows\SYSNATIVE\Drivers\pendfu.sys [x]
R3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\DRIVERS\MarvinAVS64.sys;c:\windows\SYSNATIVE\DRIVERS\MarvinAVS64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe [x]
R3 SOHDs;Sony Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 vNICdrv;Iomega Virtual Miniport;c:\windows\system32\DRIVERS\vNICdrv.sys;c:\windows\SYSNATIVE\DRIVERS\vNICdrv.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/06/22 12:20];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl;c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [x]
S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 AllShare Framework DMS;AllShare Framework DMS;c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe;c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 IBM Notes Diagnostics;IBM Notes-Diagnose;c:\program files (x86)\IBM\Notes\nsd.exe;c:\program files (x86)\IBM\Notes\nsd.exe [x]
S2 LaCieDesktopManagerService;LaCieDesktopManagerService;c:\program files\LaCie\Desktop Manager\lacie_dm_service.exe;c:\program files\LaCie\Desktop Manager\lacie_dm_service.exe [x]
S2 LNSUSvc;IBM Notes Smart Upgrade Service       ;c:\program files (x86)\IBM\Notes\SUService.exe;c:\program files (x86)\IBM\Notes\SUService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
S2 Samsung Link Service;Samsung Link Service;c:\program files\Samsung\Samsung Link\Samsung Link.exe;c:\program files\Samsung\Samsung Link\Samsung Link.exe [x]
S2 SOHDms;Sony Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 wDokan;wDokan;c:\windows\system32\drivers\wdokan.sys;c:\windows\SYSNATIVE\drivers\wdokan.sys [x]
S2 wDokanMounter;wDokanMounter;c:\program files (x86)\Wuala Dokan\mounter.exe;c:\program files (x86)\Wuala Dokan\mounter.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 08:36	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 17:32]
.
2014-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 19:53]
.
2014-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 19:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-05-02 12:10	1721856	----a-w-	c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-05-02 12:10	1721856	----a-w-	c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-05-02 12:10	1721856	----a-w-	c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2012-05-02 12:10	1721856	----a-w-	c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{1F7935EF-4F47-43CF-8582-44EFFC86721E}"
[HKEY_CLASSES_ROOT\CLSID\{1F7935EF-4F47-43CF-8582-44EFFC86721E}]
2012-04-09 15:27	190480	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2013-10-01 09:32	2818216	----a-w-	c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2013-10-01 09:32	2818216	----a-w-	c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2013-10-01 09:32	2818216	----a-w-	c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 15:27	190480	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-27 1028896]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2013-07-18 519408]
"Samsung Link"="c:\program files\Samsung\Samsung Link\Samsung Link Tray Agent.exe" [2014-01-17 600928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An vorhandenes PDF anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube to MP3 Converter - c:\users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
TCP: Interfaces\{21B4DB2A-C7B2-4BAE-9A5F-AD9B407E1B15}: NameServer = 8.8.8.8,8.8.4.4,195.186.1.162,195.86.4.162
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\1nthujid.default-1405679983043\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKCU-Run-Data Replicator 3 - c:\program files (x86)\Synology Data Replicator  3\Backup.exe
Wow6432Node-HKLM-Run-NBKeyScan - c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-LaCie Desktop Manager Launcher - c:\program files\LaCie\Desktop Manager\lacie_launcherd.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Switch - c:\program files (x86)\NCH Software\Switch\uninst.exe
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
AddRemove-Windows Utils - c:\users\Daniel\AppData\Roaming\Windows Net Data\uninstaller.exe
AddRemove-{CDAFD956-97BE-443D-8EF7-F4F094EB5766}_is1 - c:\program files (x86)\Crawler\SSaver\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-11-20  07:55:13
ComboFix-quarantined-files.txt  2014-11-20 06:55
.
Vor Suchlauf: 31 Verzeichnis(se), 327'626'067'968 Bytes frei
Nach Suchlauf: 36 Verzeichnis(se), 335'885'504'512 Bytes frei
.
- - End Of File - - 85AB1BFAD93DAF11F6C5054026B302D6
A36C5E4F47E84449FF07ED3517B43A31

schrauber · 20.11.2014, 19:02

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

danigg · 20.11.2014, 23:39

Okey, hier die neuen scans:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 20.11.2014
Suchlauf-Zeit: 19:05:16
Logdatei: mbam_neu.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.20.06
Rootkit Datenbank: v2014.11.18.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Daniel

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 454203
Verstrichene Zeit: 16 Min, 39 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

Code:

ATTFilter

# AdwCleaner v4.101 - Bericht erstellt am 20/11/2014 um 19:43:30
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-16.1 [Live]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Daniel - ESSPRESSO
# Gestartet von : D:\Download\trojanerboard\tools\AdwCleaner_4.101.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaacalgebmfelllfiaoknifldpngjh
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.17148


-\\ Mozilla Firefox v33.1 (x86 de)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [8342 octets] - [19/11/2014 16:44:11]
AdwCleaner[R1].txt - [1303 octets] - [20/11/2014 19:34:52]
AdwCleaner[S0].txt - [8033 octets] - [19/11/2014 17:13:53]
AdwCleaner[S1].txt - [1220 octets] - [20/11/2014 19:43:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1280 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Ultimate x64
Ran by Daniel on 20.11.2014 at 19:53:56.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.11.2014 at 19:57:27.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-11-2014
Ran by Daniel (administrator) on PC-Name on 20-11-2014 23:34:32
Running from D:\Download\trojanerboard
Loaded Profiles: Daniel & UpdatusUser (Available profiles: Daniel & Test Name & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(IBM) C:\Program Files (x86)\IBM\Notes\nsd.exe
() C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(IBM Corp) C:\Program Files (x86)\IBM\Notes\SUService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(IBM Corp) C:\Program Files (x86)\IBM\Notes\ntmulti.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Wuala Dokan\mounter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(LG Electronics) C:\Users\Daniel\Bluebirds\BlueBirds.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
() C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Dyn, Inc.) C:\Program Files (x86)\DynDNS Updater\DynTray.exe
(Dropbox, Inc.) C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(LaCie) C:\Users\Daniel\AppData\Roaming\Wuala\Wuala.exe
() C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(BitLeader) C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [LaCie Desktop Manager Launcher] => "C:\Program Files\LaCie\Desktop Manager\lacie_launcherd.exe"
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519408 2013-07-18] (Acronis)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [600928 2014-01-17] (Copyright 2013 SAMSUNG)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-26] (Bitleader)
HKLM-x32\...\Run: [Corel Photo Downloader] => C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [532808 2008-08-08] (Corel, Inc.)
HKLM-x32\...\Run: [Corel File Shell Monitor] => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [16712 2008-08-08] ()
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-07-16] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-09-28] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2010-07-20] (Analog Devices, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [Bonus.SSR.FR10] => C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe [941320 2010-10-15] (ABBYY.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-14] (InstallShield Software Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7843744 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104616 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2711576 2014-10-03] (Sony Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\Run: [bluebirds] => C:\Users\Daniel\Bluebirds\BlueBirds.exe [270336 2009-04-29] (LG Electronics)
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1840424 2008-12-12] (Nero AG)
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\Run: [LaCie Desktop Manager Startup] => C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe [3441664 2012-04-05] ()
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll => C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll => C:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dyn Updater Tray Icon.lnk
ShortcutTarget: Dyn Updater Tray Icon.lnk -> C:\Program Files (x86)\DynDNS Updater\DynTray.exe (Dyn, Inc.)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk
ShortcutTarget: Wuala.lnk -> C:\Users\Daniel\AppData\Roaming\Wuala\Wuala.exe (LaCie)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {1F7935EF-4F47-43CF-8582-44EFFC86721E} => C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {1F7935EF-4F47-43CF-8582-44EFFC86721E} => C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-3622117705-1755725411-2992989562-1001 -> DefaultScope {D09ECB80-1010-4E22-8D47-1C4A10DBB733} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKU\S-1-5-21-3622117705-1755725411-2992989562-1001 -> {D09ECB80-1010-4E22-8D47-1C4A10DBB733} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
BHO: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\..\Interfaces\{21B4DB2A-C7B2-4BAE-9A5F-AD9B407E1B15}: [NameServer] 8.8.8.8,8.8.4.4,195.186.1.162,195.86.4.162

FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\1nthujid.default-1405679983043
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3622117705-1755725411-2992989562-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Daniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3622117705-1755725411-2992989562-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\t9b3uhph.Dani\searchplugins\google-schweiz.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\1nthujid.default-1405679983043\searchplugins\google-schweiz---aus-der-schweiz.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\1nthujid.default-1405679983043\searchplugins\google-schweiz.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\1nthujid.default-1405679983043\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\1nthujid.default-1405679983043\searchplugins\wikipedia-deutsch.xml
FF Extension: Firebug - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\1nthujid.default-1405679983043\Extensions\firebug@software.joehewitt.com.xpi [2014-07-18]
FF Extension: Menu Editor - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\1nthujid.default-1405679983043\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2014-07-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-07-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-07-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-07-23]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-02-06]

Chrome: 
=======
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Professional.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [814344 2010-07-22] (ABBYY)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2010-07-20] (Andrea Electronics Corporation)
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806704 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [994096 2014-10-07] (Avira Operations GmbH & Co. KG)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
S2 Dyn Updater; C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe [95608 2011-11-15] (Dyn, Inc.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-10-25] (Macrovision Europe Ltd.) [File not signed]
R2 IBM Notes Diagnostics; C:\Program Files (x86)\IBM\Notes\nsd.exe [5164136 2013-10-15] (IBM)
R2 LaCieDesktopManagerService; C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe [1227776 2012-04-05] () [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 LNSUSvc; C:\Program Files (x86)\IBM\Notes\SUService.exe [1654376 2013-10-15] (IBM Corp)
R2 Multi-user Cleanup Service; C:\Program Files (x86)\IBM\Notes\ntmulti.exe [38504 2013-10-15] (IBM Corp)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-12-12] (Nero AG)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [485400 2014-10-03] (Sony Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2011-02-16] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [244904 2009-07-02] () [File not signed]
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [609632 2014-01-17] (Copyright 2013 SAMSUNG)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe [93848 2009-07-21] (SiSoftware) [File not signed]
R2 wDokanMounter; C:\Program Files (x86)\Wuala Dokan\mounter.exe [11776 2010-08-11] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2010-06-28] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 LVcKap64; C:\Windows\System32\DRIVERS\LVcKap64.sys [1013024 2007-02-06] (Logitech Inc.)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 lvsels64; C:\Windows\System32\DRIVERS\lvsels64.sys [68064 2010-07-27] (Logitech Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2010-06-28] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
S3 OXSDIDRV_x64; C:\Windows\System32\DRIVERS\OXSDIDRV_x64.sys [51760 2009-09-28] ()
S3 PayPen; C:\Windows\System32\Drivers\PayPen.sys [20840 2008-01-14] ()
S3 pendfu; C:\Windows\SysWOW64\Drivers\pendfu.sys [39040 2008-01-25] (Anoto AB)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-02-16] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-02-16] (Acronis International GmbH)
R1 truecrypt; C:\Windows\SysWow64\drivers\truecrypt.sys [222160 2010-06-09] (TrueCrypt Foundation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-05-21] ()
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-02-16] (Acronis International GmbH)
S3 vNICdrv; C:\Windows\System32\DRIVERS\vNICdrv.sys [20024 2011-01-20] (Iomega Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
R2 wDokan; C:\Windows\system32\drivers\wdokan.sys [86392 2010-08-11] ()
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2010-01-12] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-20 19:57 - 2014-11-20 19:57 - 00000622 _____ () C:\Users\Daniel\Desktop\JRT.txt
2014-11-20 07:55 - 2014-11-20 07:55 - 00039463 _____ () C:\ComboFix.txt
2014-11-20 07:39 - 2014-11-20 07:55 - 00000000 ____D () C:\Qoobox
2014-11-20 07:39 - 2014-11-20 07:55 - 00000000 ____D () C:\ComboFix
2014-11-20 07:39 - 2014-11-20 07:53 - 00000000 ____D () C:\Windows\erdnt
2014-11-20 07:39 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-20 07:39 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-20 07:39 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-20 07:39 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-20 07:39 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-20 07:39 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-20 07:39 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-20 07:39 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-20 07:34 - 2014-11-20 07:34 - 00001274 _____ () C:\Users\Daniel\Desktop\Revo Uninstaller.lnk
2014-11-20 07:34 - 2014-11-20 07:34 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-11-19 22:20 - 2014-11-19 22:20 - 00000000 ____D () C:\Windows\ERUNT
2014-11-19 16:43 - 2014-11-20 19:43 - 00000000 ____D () C:\AdwCleaner
2014-11-19 16:20 - 2014-11-20 19:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-19 16:20 - 2014-11-19 16:20 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-19 16:20 - 2014-11-19 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-19 16:20 - 2014-11-19 16:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-19 16:20 - 2014-11-19 16:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-19 16:20 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-19 16:20 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-19 16:20 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-19 06:51 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 06:51 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 06:51 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 06:51 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-17 22:45 - 2014-11-20 23:34 - 00000000 ____D () C:\FRST
2014-11-17 22:44 - 2014-11-17 22:44 - 00000000 _____ () C:\Users\Daniel\defogger_reenable
2014-11-17 22:43 - 2014-11-17 22:39 - 02117120 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2014-11-17 22:43 - 2014-11-17 22:39 - 00380416 _____ () C:\Users\Daniel\Desktop\Gmer-19357.exe
2014-11-17 22:43 - 2014-11-17 22:38 - 00050477 _____ () C:\Users\Daniel\Desktop\Defogger.exe
2014-11-17 22:09 - 2014-11-18 19:51 - 00000000 ___HD () C:\Users\Daniel\AppData\Roaming\Script
2014-11-12 23:53 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 23:53 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 23:53 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 23:53 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 23:53 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 23:53 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 23:53 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 23:53 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 23:53 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 23:52 - 2014-10-26 02:56 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 23:52 - 2014-10-26 02:56 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 23:52 - 2014-10-26 02:56 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 23:52 - 2014-10-26 02:56 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 23:52 - 2014-10-26 02:55 - 19284480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 23:52 - 2014-10-26 02:55 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 23:52 - 2014-10-26 02:55 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 23:52 - 2014-10-26 02:55 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 23:52 - 2014-10-26 02:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 23:52 - 2014-10-26 01:36 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 23:52 - 2014-10-26 01:35 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 23:52 - 2014-10-26 01:35 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 23:52 - 2014-10-26 01:35 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 23:52 - 2014-10-26 01:35 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 23:52 - 2014-10-26 01:35 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 23:52 - 2014-10-26 01:35 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 13758464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 23:52 - 2014-10-26 01:34 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 23:52 - 2014-10-26 01:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 23:52 - 2014-10-26 01:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 23:52 - 2014-10-26 00:22 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-11-12 23:52 - 2014-10-26 00:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-11-12 23:52 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 23:52 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 23:52 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 23:52 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 23:52 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 23:52 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 23:52 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 23:52 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 23:52 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 23:52 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 23:52 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 23:52 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 23:52 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 23:52 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 23:52 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 23:52 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 23:52 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 23:52 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 23:52 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 23:52 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 23:52 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 23:52 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 23:52 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 23:52 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 23:52 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 23:52 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 23:52 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 23:52 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 23:52 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 23:52 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 23:52 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 23:52 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 23:52 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-01 13:29 - 2014-11-01 13:29 - 00001029 _____ () C:\Users\Public\Desktop\iExplorer.lnk
2014-11-01 13:29 - 2014-11-01 13:29 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Macroplant
2014-11-01 13:29 - 2014-11-01 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer
2014-11-01 13:29 - 2014-11-01 13:29 - 00000000 ____D () C:\Program Files (x86)\iExplorer
2014-10-25 14:38 - 2014-10-25 14:38 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-10-25 14:26 - 2008-04-07 04:38 - 00024416 ____R (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll
2014-10-25 14:25 - 2014-10-25 14:25 - 00002507 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Standard.lnk
2014-10-25 14:25 - 2014-10-25 14:25 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk
2014-10-25 14:25 - 2014-10-25 14:25 - 00002045 _____ () C:\Users\Public\Desktop\Adobe Acrobat 9 Standard.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-20 23:32 - 2012-04-13 05:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-20 23:32 - 2010-06-09 13:35 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-20 23:32 - 2010-06-08 21:57 - 02068528 _____ () C:\Windows\WindowsUpdate.log
2014-11-20 19:53 - 2009-07-14 05:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-20 19:53 - 2009-07-14 05:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-20 19:52 - 2010-11-18 18:21 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Dropbox
2014-11-20 19:50 - 2010-06-22 11:17 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2014-11-20 19:50 - 2010-06-09 13:35 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-20 19:50 - 2010-06-09 00:55 - 00000397 _____ () C:\Windows\lgfwup.ini
2014-11-20 19:50 - 2010-06-09 00:55 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate
2014-11-20 19:45 - 2014-01-19 23:00 - 00032804 _____ () C:\SUService.log
2014-11-20 19:45 - 2013-04-15 02:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-20 19:45 - 2012-04-23 21:51 - 00000015 _____ () C:\Windows\system32\deviceAppeared.txt
2014-11-20 19:45 - 2010-06-12 22:06 - 00913394 _____ () C:\Windows\PFRO.log
2014-11-20 19:45 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-20 19:45 - 2009-07-14 05:51 - 00105866 _____ () C:\Windows\setupact.log
2014-11-20 07:55 - 2011-02-27 16:52 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Apps\2.0
2014-11-20 07:55 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-11-20 07:52 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-19 17:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SchCache
2014-11-19 16:19 - 2009-07-14 18:58 - 00714040 _____ () C:\Windows\system32\perfh007.dat
2014-11-19 16:19 - 2009-07-14 18:58 - 00155888 _____ () C:\Windows\system32\perfc007.dat
2014-11-19 16:19 - 2009-07-14 06:13 - 01660572 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-18 18:14 - 2012-04-25 08:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-17 22:44 - 2010-06-08 22:27 - 00000000 ____D () C:\Users\Daniel
2014-11-17 22:17 - 2014-07-23 15:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-15 17:33 - 2010-06-09 00:58 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Adobe
2014-11-15 16:56 - 2010-11-18 18:22 - 00001029 _____ () C:\Users\Daniel\Desktop\Dropbox.lnk
2014-11-15 16:56 - 2010-11-18 18:21 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-13 19:23 - 2010-06-09 13:35 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 19:23 - 2010-06-09 13:35 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 06:53 - 2010-10-25 09:35 - 00325480 _____ () C:\Users\Daniel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-13 06:53 - 2010-06-09 13:15 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Corel
2014-11-13 04:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 03:36 - 2009-07-14 05:45 - 01156136 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 03:16 - 2011-01-04 16:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 03:12 - 2013-08-15 00:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 03:04 - 2010-06-09 01:50 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 18:32 - 2012-04-13 05:49 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 18:32 - 2012-04-13 05:49 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 18:32 - 2011-06-02 07:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-09 21:31 - 2010-06-12 11:45 - 00000000 ____D () C:\Program Files (x86)\LehrerOffice
2014-10-27 16:11 - 2010-06-09 13:14 - 00000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2014-10-26 13:50 - 2012-10-11 14:54 - 00000944 _____ () C:\Users\Daniel\AppData\Roaming\__AvidCloudManager.log
2014-10-26 13:38 - 2012-10-11 14:54 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Avid
2014-10-26 13:19 - 2012-10-11 14:54 - 00000944 _____ () C:\Users\Daniel\AppData\Roaming\__AvidCloudManagerPrevious.log
2014-10-26 12:34 - 2012-08-06 17:37 - 00000000 ____D () C:\Users\Daniel\temp
2014-10-26 11:57 - 2012-10-11 14:54 - 00003682 _____ () C:\Users\Daniel\AppData\Roaming\ESSPRESSO.MTBF.txt
2014-10-26 11:16 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-25 15:15 - 2014-08-17 18:50 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Adobe
2014-10-25 14:26 - 2010-06-09 01:16 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-25 14:24 - 2010-06-09 01:16 - 00000000 ____D () C:\Program Files (x86)\Adobe

Some content of TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\avgnt.exe
C:\Users\Daniel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyoetoo.dll
C:\Users\Daniel\AppData\Local\Temp\Quarantine.exe
C:\Users\Daniel\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 14:03

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 21.11.2014, 17:40

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

danigg · 22.11.2014, 05:22

Hallo Schrauber, Danke. HIer die logs. Bei Security Check hiess es dass mein Betriebssystem nicht unterstützt sei, eine andere Version konnte ich nicht finden.

PHP-Code:

  ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=87f4e9f978fae345ba3103d3754025b2

# engine=21206

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-11-22 12:21:15

# local_time=2014-11-22 01:21:15 (+0100, Mitteleuropäische Zeit)

# country="Switzerland"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 42565918 168245525 0 0

# scanned=1108613

# found=19

# cleaned=0

# scan_time=21574

sh=DE33325E686C82C12DB1F95F39E94AC746F5B5B5 ft=1 fh=d789ebaae8b3bc52 vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Daniel\Local Settings\Application Data\Bundled software uninstaller\biclient.exe"

sh=A1276951162A4D9D63D7C3D4F37DC4B3A6B8B51F ft=1 fh=50702e1e57fc2d13 vn="Win16/Hoax.BadJoke.MouseShoot.A Virus" ac=I fn="D:\@Eigene Dateien\Kleine exe's\rats!.exe"

sh=0B382A1F93F6174C99ECCD0957EE7702CB8EDA39 ft=1 fh=1ceb5dde0aba1b1a vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="D:\Download\7ZipSetup.exe"

sh=FE9359516FA55300B562B1420688325A2E8D15E7 ft=1 fh=9894438ea4698d80 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Download\Driver_Genius_9_Professional_DE_TREI.exe"

sh=B25DFC38B84D9E21F4ECE88E942AAF3CC22EAB8E ft=1 fh=cda1cbd4b2e6ebee vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Download\FreeYouTubeToMP333Converter.exe"

sh=783CB45B45F1E16BA05B78D8C627A0F39A765508 ft=1 fh=7ba0aa57f97fb48a vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="D:\Download\Kernel-for-.NSF-to-.PST-Setup.exe"

sh=D039CBE0EF3C5F37F1219821DCA4373CB4E709A8 ft=1 fh=39d64ba8a4558427 vn="Win32/Somoto.E evtl. unerwünschte Anwendung" ac=I fn="D:\Download\m4a-to-mp3-converter.exe"

sh=7B92C851AC36737438C28AA5A7E755CD51CEF177 ft=1 fh=f64f4ef24fe22554 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="D:\Download\Setup_672FreeFlvConverter.exe"

sh=CF28A90A604164C6D5397999D5D90280E293A2B0 ft=1 fh=250619b7bcd7cedf vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="D:\Download\Setup_FreeFlvConverter.exe"

sh=1C999472E39C704F2B00EA9775F557691997352B ft=1 fh=2dc57db237c94986 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="D:\Download\SoftonicDownloader22472.exe"

sh=0238FB680B63A2AC9EBA884F2ACF0FFE5799E02E ft=1 fh=1d2633e8f30ad5da vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="D:\Download\SoftonicDownloader_fuer_simple-shutdown-timer.exe"

sh=293AB4A921722CA21C383F52D69E698AFAE46F7D ft=1 fh=7fadb4f30f5f569d vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="D:\Download\SoftonicDownloader_fuer_simpleocr.exe"

sh=5D3218D285840FA36B3EE6024AD10AD22F0158AA ft=1 fh=04cfe840dd6a5f90 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="D:\Download\SoftonicDownloader_fuer_thunderbird-portable.exe"

sh=4C881464B6883C7F2F39635EE52333A223E140E7 ft=1 fh=8d045fa86aec17d2 vn="Win32/SoftonicDownloader.D evtl. unerwünschte Anwendung" ac=I fn="D:\Download\SoftonicDownloader_fuer_winrar.exe"

sh=F81FEB1E740D78E3EC4DFB9AB9B481A4A89A99A8 ft=1 fh=812c06ca71e19a21 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="D:\Download\Games\SoftonicDownloader_fuer_battlefield-2.exe"

sh=A553BC5341F2B872663B2D5596036B63D91689C0 ft=1 fh=5dfa5d0ce795c0db vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="D:\Download\Iphone\WhatsApp-Xtract-lnstall.exe"

sh=1832144A2FED5729A07E5BF5CEA940A26E7F704B ft=1 fh=26ea658a48229432 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="D:\Download\Screensavers\SoftonicDownloader_for_3d-tropical-aquarium-screensaver.exe"

sh=D6660D2EFF2BB6B2A86E5AC9300D544EF58F599B ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB Trojaner" ac=I fn="D:\Homepages\Themen\arclite.zip"

sh=790DEF24F2B32AEB59A0013102CD0FC6A40CCCD8 ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB Trojaner" ac=I fn="D:\Homepages\Themen\arclite\arclite\footer.php"

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-11-2014
Ran by Daniel (administrator) on ESSPRESSO on 22-11-2014 05:19:27
Running from D:\Download\trojanerboard
Loaded Profiles: Daniel & UpdatusUser (Available profiles: Daniel & Test Nigg & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(IBM) C:\Program Files (x86)\IBM\Notes\nsd.exe
() C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(IBM Corp) C:\Program Files (x86)\IBM\Notes\SUService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(IBM Corp) C:\Program Files (x86)\IBM\Notes\ntmulti.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Wuala Dokan\mounter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(LG Electronics) C:\Users\Daniel\Bluebirds\BlueBirds.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
() C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Dyn, Inc.) C:\Program Files (x86)\DynDNS Updater\DynTray.exe
(Dropbox, Inc.) C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(LaCie) C:\Users\Daniel\AppData\Roaming\Wuala\Wuala.exe
() C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(BitLeader) C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [LaCie Desktop Manager Launcher] => "C:\Program Files\LaCie\Desktop Manager\lacie_launcherd.exe"
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519408 2013-07-18] (Acronis)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [600928 2014-01-17] (Copyright 2013 SAMSUNG)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-26] (Bitleader)
HKLM-x32\...\Run: [Corel Photo Downloader] => C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [532808 2008-08-08] (Corel, Inc.)
HKLM-x32\...\Run: [Corel File Shell Monitor] => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [16712 2008-08-08] ()
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-07-16] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-09-28] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2010-07-20] (Analog Devices, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [Bonus.SSR.FR10] => C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe [941320 2010-10-15] (ABBYY.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-14] (InstallShield Software Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7843744 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104616 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2711576 2014-10-03] (Sony Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\Run: [bluebirds] => C:\Users\Daniel\Bluebirds\BlueBirds.exe [270336 2009-04-29] (LG Electronics)
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1840424 2008-12-12] (Nero AG)
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\Run: [LaCie Desktop Manager Startup] => C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe [3441664 2012-04-05] ()
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll => C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll => C:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dyn Updater Tray Icon.lnk
ShortcutTarget: Dyn Updater Tray Icon.lnk -> C:\Program Files (x86)\DynDNS Updater\DynTray.exe (Dyn, Inc.)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk
ShortcutTarget: Wuala.lnk -> C:\Users\Daniel\AppData\Roaming\Wuala\Wuala.exe (LaCie)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {1F7935EF-4F47-43CF-8582-44EFFC86721E} => C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {1F7935EF-4F47-43CF-8582-44EFFC86721E} => C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3622117705-1755725411-2992989562-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-3622117705-1755725411-2992989562-1001 -> DefaultScope {D09ECB80-1010-4E22-8D47-1C4A10DBB733} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKU\S-1-5-21-3622117705-1755725411-2992989562-1001 -> {D09ECB80-1010-4E22-8D47-1C4A10DBB733} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
BHO: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\..\Interfaces\{21B4DB2A-C7B2-4BAE-9A5F-AD9B407E1B15}: [NameServer] 8.8.8.8,8.8.4.4,195.186.1.162,195.86.4.162

FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\1nthujid.default-1405679983043
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3622117705-1755725411-2992989562-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Daniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3622117705-1755725411-2992989562-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\t9b3uhph.Dani\searchplugins\google-schweiz.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\1nthujid.default-1405679983043\searchplugins\google-schweiz---aus-der-schweiz.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\1nthujid.default-1405679983043\searchplugins\google-schweiz.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\1nthujid.default-1405679983043\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\1nthujid.default-1405679983043\searchplugins\wikipedia-deutsch.xml
FF Extension: Firebug - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\1nthujid.default-1405679983043\Extensions\firebug@software.joehewitt.com.xpi [2014-07-18]
FF Extension: Menu Editor - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\1nthujid.default-1405679983043\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2014-07-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-07-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-07-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-07-23]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-02-06]

Chrome: 
=======
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Professional.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [814344 2010-07-22] (ABBYY)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2010-07-20] (Andrea Electronics Corporation)
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806704 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [994096 2014-10-07] (Avira Operations GmbH & Co. KG)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
S2 Dyn Updater; C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe [95608 2011-11-15] (Dyn, Inc.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-10-25] (Macrovision Europe Ltd.) [File not signed]
R2 IBM Notes Diagnostics; C:\Program Files (x86)\IBM\Notes\nsd.exe [5164136 2013-10-15] (IBM)
R2 LaCieDesktopManagerService; C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe [1227776 2012-04-05] () [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 LNSUSvc; C:\Program Files (x86)\IBM\Notes\SUService.exe [1654376 2013-10-15] (IBM Corp)
R2 Multi-user Cleanup Service; C:\Program Files (x86)\IBM\Notes\ntmulti.exe [38504 2013-10-15] (IBM Corp)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-12-12] (Nero AG)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [485400 2014-10-03] (Sony Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2011-02-16] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [244904 2009-07-02] () [File not signed]
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [609632 2014-01-17] (Copyright 2013 SAMSUNG)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe [93848 2009-07-21] (SiSoftware) [File not signed]
R2 wDokanMounter; C:\Program Files (x86)\Wuala Dokan\mounter.exe [11776 2010-08-11] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2010-06-28] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 LVcKap64; C:\Windows\System32\DRIVERS\LVcKap64.sys [1013024 2007-02-06] (Logitech Inc.)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 lvsels64; C:\Windows\System32\DRIVERS\lvsels64.sys [68064 2010-07-27] (Logitech Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2010-06-28] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
S3 OXSDIDRV_x64; C:\Windows\System32\DRIVERS\OXSDIDRV_x64.sys [51760 2009-09-28] ()
S3 PayPen; C:\Windows\System32\Drivers\PayPen.sys [20840 2008-01-14] ()
S3 pendfu; C:\Windows\SysWOW64\Drivers\pendfu.sys [39040 2008-01-25] (Anoto AB)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-02-16] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-02-16] (Acronis International GmbH)
R1 truecrypt; C:\Windows\SysWow64\drivers\truecrypt.sys [222160 2010-06-09] (TrueCrypt Foundation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-05-21] ()
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-02-16] (Acronis International GmbH)
S3 vNICdrv; C:\Windows\System32\DRIVERS\vNICdrv.sys [20024 2011-01-20] (Iomega Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
R2 wDokan; C:\Windows\system32\drivers\wdokan.sys [86392 2010-08-11] ()
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2010-01-12] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-20 19:57 - 2014-11-20 19:57 - 00000622 _____ () C:\Users\Daniel\Desktop\JRT.txt
2014-11-20 07:55 - 2014-11-20 07:55 - 00039463 _____ () C:\ComboFix.txt
2014-11-20 07:39 - 2014-11-20 07:55 - 00000000 ____D () C:\Qoobox
2014-11-20 07:39 - 2014-11-20 07:55 - 00000000 ____D () C:\ComboFix
2014-11-20 07:39 - 2014-11-20 07:53 - 00000000 ____D () C:\Windows\erdnt
2014-11-20 07:39 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-20 07:39 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-20 07:39 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-20 07:39 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-20 07:39 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-20 07:39 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-20 07:39 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-20 07:39 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-20 07:34 - 2014-11-20 07:34 - 00001274 _____ () C:\Users\Daniel\Desktop\Revo Uninstaller.lnk
2014-11-20 07:34 - 2014-11-20 07:34 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-11-19 22:20 - 2014-11-19 22:20 - 00000000 ____D () C:\Windows\ERUNT
2014-11-19 16:43 - 2014-11-20 19:43 - 00000000 ____D () C:\AdwCleaner
2014-11-19 16:20 - 2014-11-20 19:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-19 16:20 - 2014-11-19 16:20 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-19 16:20 - 2014-11-19 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-19 16:20 - 2014-11-19 16:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-19 16:20 - 2014-11-19 16:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-19 16:20 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-19 16:20 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-19 16:20 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-19 06:51 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 06:51 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 06:51 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 06:51 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-17 22:45 - 2014-11-22 05:19 - 00000000 ____D () C:\FRST
2014-11-17 22:44 - 2014-11-17 22:44 - 00000000 _____ () C:\Users\Daniel\defogger_reenable
2014-11-17 22:43 - 2014-11-17 22:39 - 02117120 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2014-11-17 22:43 - 2014-11-17 22:39 - 00380416 _____ () C:\Users\Daniel\Desktop\Gmer-19357.exe
2014-11-17 22:43 - 2014-11-17 22:38 - 00050477 _____ () C:\Users\Daniel\Desktop\Defogger.exe
2014-11-17 22:09 - 2014-11-18 19:51 - 00000000 ___HD () C:\Users\Daniel\AppData\Roaming\Script
2014-11-12 23:53 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 23:53 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 23:53 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 23:53 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 23:53 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 23:53 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 23:53 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 23:53 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 23:53 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 23:52 - 2014-10-26 02:56 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 23:52 - 2014-10-26 02:56 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 23:52 - 2014-10-26 02:56 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 23:52 - 2014-10-26 02:56 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 23:52 - 2014-10-26 02:55 - 19284480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 23:52 - 2014-10-26 02:55 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 23:52 - 2014-10-26 02:55 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 23:52 - 2014-10-26 02:55 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 23:52 - 2014-10-26 02:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 23:52 - 2014-10-26 02:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 23:52 - 2014-10-26 01:36 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 23:52 - 2014-10-26 01:35 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 23:52 - 2014-10-26 01:35 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 23:52 - 2014-10-26 01:35 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 23:52 - 2014-10-26 01:35 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 23:52 - 2014-10-26 01:35 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 23:52 - 2014-10-26 01:35 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 13758464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 23:52 - 2014-10-26 01:34 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 23:52 - 2014-10-26 01:34 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 23:52 - 2014-10-26 01:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 23:52 - 2014-10-26 01:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 23:52 - 2014-10-26 00:22 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-11-12 23:52 - 2014-10-26 00:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-11-12 23:52 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 23:52 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 23:52 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 23:52 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 23:52 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 23:52 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 23:52 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 23:52 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 23:52 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 23:52 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 23:52 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 23:52 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 23:52 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 23:52 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 23:52 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 23:52 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 23:52 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 23:52 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 23:52 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 23:52 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 23:52 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 23:52 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 23:52 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 23:52 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 23:52 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 23:52 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 23:52 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 23:52 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 23:52 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 23:52 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 23:52 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 23:52 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 23:52 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-01 13:29 - 2014-11-01 13:29 - 00001029 _____ () C:\Users\Public\Desktop\iExplorer.lnk
2014-11-01 13:29 - 2014-11-01 13:29 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Macroplant
2014-11-01 13:29 - 2014-11-01 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer
2014-11-01 13:29 - 2014-11-01 13:29 - 00000000 ____D () C:\Program Files (x86)\iExplorer
2014-10-25 14:38 - 2014-10-25 14:38 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-10-25 14:26 - 2008-04-07 04:38 - 00024416 ____R (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll
2014-10-25 14:25 - 2014-10-25 14:25 - 00002507 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Standard.lnk
2014-10-25 14:25 - 2014-10-25 14:25 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk
2014-10-25 14:25 - 2014-10-25 14:25 - 00002045 _____ () C:\Users\Public\Desktop\Adobe Acrobat 9 Standard.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-22 04:32 - 2012-04-13 05:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-22 04:28 - 2010-06-09 13:35 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-22 03:43 - 2010-06-08 21:57 - 01062491 _____ () C:\Windows\WindowsUpdate.log
2014-11-22 01:46 - 2009-07-14 05:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-22 01:46 - 2009-07-14 05:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-21 19:28 - 2010-06-09 13:35 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-21 19:11 - 2010-06-09 13:58 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\FileZilla
2014-11-21 00:22 - 2010-06-09 00:55 - 00000397 _____ () C:\Windows\lgfwup.ini
2014-11-21 00:22 - 2010-06-09 00:55 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate
2014-11-20 19:52 - 2010-11-18 18:21 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Dropbox
2014-11-20 19:50 - 2010-06-22 11:17 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2014-11-20 19:45 - 2014-01-19 23:00 - 00032804 _____ () C:\SUService.log
2014-11-20 19:45 - 2013-04-15 02:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-20 19:45 - 2012-04-23 21:51 - 00000015 _____ () C:\Windows\system32\deviceAppeared.txt
2014-11-20 19:45 - 2010-06-12 22:06 - 00913394 _____ () C:\Windows\PFRO.log
2014-11-20 19:45 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-20 19:45 - 2009-07-14 05:51 - 00105866 _____ () C:\Windows\setupact.log
2014-11-20 07:55 - 2011-02-27 16:52 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Apps\2.0
2014-11-20 07:55 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-11-20 07:52 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-19 17:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SchCache
2014-11-19 16:19 - 2009-07-14 18:58 - 00714040 _____ () C:\Windows\system32\perfh007.dat
2014-11-19 16:19 - 2009-07-14 18:58 - 00155888 _____ () C:\Windows\system32\perfc007.dat
2014-11-19 16:19 - 2009-07-14 06:13 - 01660572 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-18 18:14 - 2012-04-25 08:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-17 22:44 - 2010-06-08 22:27 - 00000000 ____D () C:\Users\Daniel
2014-11-17 22:17 - 2014-07-23 15:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-15 17:33 - 2010-06-09 00:58 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Adobe
2014-11-15 16:56 - 2010-11-18 18:22 - 00001029 _____ () C:\Users\Daniel\Desktop\Dropbox.lnk
2014-11-15 16:56 - 2010-11-18 18:21 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-13 19:23 - 2010-06-09 13:35 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 19:23 - 2010-06-09 13:35 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 06:53 - 2010-10-25 09:35 - 00325480 _____ () C:\Users\Daniel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-13 06:53 - 2010-06-09 13:15 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Corel
2014-11-13 04:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 03:36 - 2009-07-14 05:45 - 01156136 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 03:16 - 2011-01-04 16:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 03:12 - 2013-08-15 00:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 03:04 - 2010-06-09 01:50 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 18:32 - 2012-04-13 05:49 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 18:32 - 2012-04-13 05:49 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 18:32 - 2011-06-02 07:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-09 21:31 - 2010-06-12 11:45 - 00000000 ____D () C:\Program Files (x86)\LehrerOffice
2014-10-27 16:11 - 2010-06-09 13:14 - 00000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2014-10-26 13:50 - 2012-10-11 14:54 - 00000944 _____ () C:\Users\Daniel\AppData\Roaming\__AvidCloudManager.log
2014-10-26 13:38 - 2012-10-11 14:54 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Avid
2014-10-26 13:19 - 2012-10-11 14:54 - 00000944 _____ () C:\Users\Daniel\AppData\Roaming\__AvidCloudManagerPrevious.log
2014-10-26 12:34 - 2012-08-06 17:37 - 00000000 ____D () C:\Users\Daniel\temp
2014-10-26 11:57 - 2012-10-11 14:54 - 00003682 _____ () C:\Users\Daniel\AppData\Roaming\ESSPRESSO.MTBF.txt
2014-10-26 11:16 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-25 15:15 - 2014-08-17 18:50 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Adobe
2014-10-25 14:26 - 2010-06-09 01:16 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-25 14:24 - 2010-06-09 01:16 - 00000000 ____D () C:\Program Files (x86)\Adobe

Some content of TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\avgnt.exe
C:\Users\Daniel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyoetoo.dll
C:\Users\Daniel\AppData\Local\Temp\proxy_util_w32.dll
C:\Users\Daniel\AppData\Local\Temp\Quarantine.exe
C:\Users\Daniel\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 14:03

==================== End Of Log ============================

--- --- ---

schrauber · 22.11.2014, 18:38

Download Ordner auf D leeren.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

danigg · 24.11.2014, 22:30

Es scheint bereinigt zu sein. Vielen Dank für alles. Super Hilfe die du da geboten hast.

schrauber · 25.11.2014, 17:41

Gern Geschehen

25.11.2014, 17:41	#14
schrauber /// the machine /// TB-Ausbilder	Win7: dos Anhang in zip einer Anwaltsmail geklickt Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Win7: dos Anhang in zip einer Anwaltsmail geklickt

Log-Analyse und Auswertung: Win7: dos Anhang in zip einer Anwaltsmail geklickt