AdwCleaner kann gefundene Daten nicht löschen - Trojaner ?

Motif ES 6 · 09.04.2015, 12:48

Grüß Gott,

nach meinem letzten Besuch hier im Januar und der wirklich grossartigen Hilfe durch Schrauber lasse ich immer wieder den AdwCleaner sowie Malewarebytes Anti-Malware drüber laufen. Heute habe ich vom AdwCleaner folgende Meldung bekommen:

# AdwCleaner v4.201 - Bericht erstellt 09/04/2015 um 13:27:10
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-08.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : XXXXXX-PC
# Gestarted von : C:\Users\XXXXX\Desktop\adwcleaner_4.201.exe
# Option : Suchlauf

***** [ Dienste ] *****

***** [ Dateien / Ordner ] *****

***** [ Geplante Tasks ] *****

***** [ Verknüpfungen ] *****

***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] -
Daten Gefunden : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] -
Wert Gefunden : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Wert Gefunden : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17689

-\\ Mozilla Firefox v36.0.1 (x86 de)

*************************

AdwCleaner[R0].txt - [799 Bytes] - [11/01/2015 01:02:35]
AdwCleaner[R10].txt - [1683 Bytes] - [21/02/2015 11:49:06]
AdwCleaner[R11].txt - [1696 Bytes] - [24/02/2015 12:45:21]
AdwCleaner[R12].txt - [1756 Bytes] - [28/02/2015 13:06:01]
AdwCleaner[R13].txt - [1875 Bytes] - [14/03/2015 16:21:50]
AdwCleaner[R14].txt - [1935 Bytes] - [14/03/2015 16:35:19]
AdwCleaner[R15].txt - [2512 Bytes] - [09/04/2015 13:04:10]
AdwCleaner[R16].txt - [2565 Bytes] - [09/04/2015 13:17:52]
AdwCleaner[R17].txt - [2684 Bytes] - [09/04/2015 13:23:26]
AdwCleaner[R18].txt - [1662 Bytes] - [09/04/2015 13:27:10]
AdwCleaner[R1].txt - [917 Bytes] - [17/01/2015 12:42:14]
AdwCleaner[R2].txt - [1114 Bytes] - [24/01/2015 14:06:51]
AdwCleaner[R3].txt - [1097 Bytes] - [24/01/2015 14:24:21]
AdwCleaner[R4].txt - [1157 Bytes] - [24/01/2015 14:43:38]
AdwCleaner[R5].txt - [1217 Bytes] - [24/01/2015 18:45:24]
AdwCleaner[R6].txt - [1276 Bytes] - [26/01/2015 14:58:55]
AdwCleaner[R7].txt - [1336 Bytes] - [27/01/2015 17:05:30]
AdwCleaner[R8].txt - [1398 Bytes] - [28/01/2015 15:23:30]
AdwCleaner[R9].txt - [1458 Bytes] - [15/02/2015 13:11:18]
AdwCleaner[S0].txt - [859 Bytes] - [11/01/2015 01:04:02]
AdwCleaner[S1].txt - [1176 Bytes] - [24/01/2015 14:11:35]
AdwCleaner[S2].txt - [1519 Bytes] - [15/02/2015 13:26:04]
AdwCleaner[S3].txt - [1744 Bytes] - [21/02/2015 11:52:01]
AdwCleaner[S4].txt - [1817 Bytes] - [28/02/2015 13:08:07]
AdwCleaner[S5].txt - [2340 Bytes] - [09/04/2015 13:13:51]
AdwCleaner[S6].txt - [2393 Bytes] - [09/04/2015 13:19:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R18].txt - [2664 Bytes] ##########

Wie immer dann auf Löschen gedrückt und PC neu gestartet. Aber diese Einträge sind jedesmal wieder da. Obwohl er mir im Bericht anzeigt das sie gelöscht wurden, sind sie nach einem neuen Scandurchgang sofort wieder da. Nun weiss ich leider nicht ob das etwas Böses ist oder ob ich mir keine Sorgen machen muss. Bisher waren die Dinger dann auch immer verschwunden wenn sie gelöscht wurden. Jetzt plötzlich tauchen die Meldungen immer wieder auf und sind trotz Neustart nicht zu eleminieren. Der Scan mit Malewarebytes zeigt keine Bedrohungen an. Komisch.

Hat die Meldung vom AdwCleaner irgendeine schlechte Bedeutung ?
Über eine kurze Hilfe würde ich mich sehr freuen.

Danke und Gruß

schrauber · 09.04.2015, 12:53

hi,

schauen wir mal

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Motif ES 6 · 09.04.2015, 13:34

Das ging ja schnell, danke für die direkte Rückmeldung.

Da die Logs für ein Post zuviel wären, muss ich sie auf zweit Antworten aufteilen.

Hier nun das FRST Log:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by xxx (administrator) on xxx-PC on 09-04-2015 14:09:00
Running from C:\Users\xxxx\Desktop
Loaded Profiles: xxx (Available profiles: xxxx)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Shared\Database2\bin\FABS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(KORG Inc.) C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
() I:\Program Files (x86)\IK Multimedia\Sample Tank 3\SampleTank 3\SampleTank 3.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-05-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KORG USB-MIDI Driver] => C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe [393616 2011-03-30] (KORG Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-25170337-1842596019-2157349911-1000\...\RunOnce: [Adobe Speed Launcher] => 1428578484
HKU\S-1-5-21-25170337-1842596019-2157349911-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\shellex.dll (Kaspersky Lab ZAO)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-25170337-1842596019-2157349911-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-25170337-1842596019-2157349911-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://t-online.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-25170337-1842596019-2157349911-1000 -> {1B293868-8F4D-4b37-89CA-75BBD8747680} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
SearchScopes: HKU\S-1-5-21-25170337-1842596019-2157349911-1000 -> {90DC3FD6-1CAD-415a-8ED1-67062890BB03} URL = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-01-03] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-01-03] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-01-03] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll [2015-01-03] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll [2015-01-03] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll [2015-01-03] (Kaspersky Lab ZAO)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\fu0cgvgf.default
FF DefaultSearchUrl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF SelectedSearchEngine: Google
FF Homepage: hxxp://t-online.de/
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-08] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-08] ()
FF Plugin-x32: @ilok.com/iLokHelper,version=3.1.0.7 -> C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll [2010-11-08] ( PACE Anti-Piracy, Inc)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-03] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-03] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-03] ()
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2011-07-21] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-28] (Apple Inc.)
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2015-04-09]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2015-04-09]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2015-04-09]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2015-04-09]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2015-04-09]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2015-04-09]
FF HKLM-x32\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: Google Toolbar for Firefox - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010-02-06]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-03]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-03]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-03]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Shared\Database2\bin\FABS.exe [1155072 2008-12-16] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Shared\Database2\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-19] ()
R2 LanmanWorkstation; C:\Windows\System32\aptwj1dm3.dll [289280 2012-04-21] (Works Ltd.) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5018624 2010-03-25] (Native Instruments GmbH) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 PSEXESVC; C:\Windows\PSEXESVC.exe [189792 2015-01-03] (Sysinternals)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 UPnPService; C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [548864 2008-10-21] (Magix AG) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -s [X]
S2 TryAndDecideService; "C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [85048 2009-12-14] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66104 2009-12-14] (Infowatch)
S2 cvintdrv; C:\Windows\SysWow64\Drivers\cvintdrv.sys [7140 2003-07-29] ()
S3 Fw1082; C:\Windows\System32\Drivers\Fw1082x64.sys [228864 2010-03-03] (TASCAM)
S3 Fw1082WdmService; C:\Windows\System32\Drivers\FW1082Wdmx64.sys [70144 2010-03-16] (TASCAM)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-01-04] ()
R3 hypaudio; C:\Windows\System32\DRIVERS\hypaudio64.sys [1484800 2010-11-30] (Universal Audio, Inc.)
R3 hypkern; C:\Windows\System32\drivers\hypkern64.sys [225792 2010-11-30] ()
R3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25808 2013-04-11] ()
R3 iLokDrvr; C:\Windows\SysWOW64\DRIVERS\iLokDrvr.sys [54328 2009-12-02] (PACE Anti-Piracy, Inc.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-01-03] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-14] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-01-03] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 KORGUMDS; C:\Windows\System32\Drivers\KORGUM64.SYS [33656 2011-03-30] (KORG INC.)
S3 MADFUFTU; C:\Windows\System32\DRIVERS\MAudioFastTrackUltra_DFU.sys [45832 2009-09-25] (M-Audio)
S3 MAUSBFASTTRACKULTRA; C:\Windows\System32\DRIVERS\MAudioFastTrackUltra.sys [180496 2013-06-18] (M-Audio)
R3 mlkumidi; C:\Windows\System32\drivers\mlkumidi.sys [55856 2014-08-30] (MusicLab, Inc.)
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [111696 2012-01-21] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 paeusbaudio; C:\Windows\System32\DRIVERS\paeusbaudio_x64.sys [252280 2012-05-24] ()
S3 paeusbaudiodsp; C:\Windows\System32\DRIVERS\paeusbaudiodsp_x64.sys [71544 2012-05-24] ()
S3 paeusbaudioks; C:\Windows\System32\DRIVERS\paeusbaudioks_x64.sys [53112 2012-05-24] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2010-08-16] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2010-08-16] ()
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.)
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [142120 2007-04-27] (SafeNet, Inc.)
R3 SynUSB64; C:\Windows\System32\DRIVERS\SynUSB64.sys [30352 2009-06-26] (Steinberg Media Technologies GmbH)
R0 Tpkd; C:\Windows\SysWow64\Drivers\Tpkd.sys [86528 2008-07-02] (PACE Anti-Piracy, Inc.) [File not signed]
R3 UAD2System; C:\Windows\System32\DRIVERS\UAD2System.sys [58368 2010-11-30] (Universal Audio Inc.)
R3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [51496 2013-04-04] (Yamaha Corporation)
R3 ysusb64; C:\Windows\System32\drivers\ysusb64.sys [132200 2013-12-17] (Yamaha Corporation)
S3 BEHRINGER_2902; System32\Drivers\BUSB2902.sys [X]
S3 BUSB_AUDIO_WDM; system32\drivers\busbwdm.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [X]
S3 GMSIPCI; \??\H:\INSTALL\GMSIPCI.SYS [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP3\WNt500x64\Sandra.sys [X]
S3 TASCAM_US1800; System32\Drivers\tus1800u.sys [X]
S3 TASCAM_US1800_MIDI; system32\drivers\tus1800m.sys [X]
S3 TASCAM_US1800_WDM; system32\drivers\tus1800a.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-09 14:09 - 2015-04-09 14:09 - 00023476 _____ () C:\Users\x\Desktop\FRST.txt
2015-04-09 14:08 - 2015-04-09 14:09 - 00000000 ____D () C:\FRST
2015-04-09 14:05 - 2015-04-09 14:05 - 02095616 _____ (Farbar) C:\Users\x\Desktop\FRST64.exe
2015-04-09 14:03 - 2015-04-09 14:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-09 13:59 - 2012-08-29 12:23 - 00348160 _____ (Microsoft Corporation) C:\Windows\msvcr71.dll
2015-04-09 13:11 - 2015-04-09 13:11 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-09 13:11 - 2015-04-09 13:11 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-09 13:07 - 2014-11-22 12:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-04-09 13:07 - 2014-11-22 12:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-04-09 12:57 - 2015-04-09 12:57 - 02217984 _____ () C:\Users\xx\Desktop\adwcleaner_4.201.exe
2015-03-21 14:45 - 2015-03-21 14:45 - 00000000 ____D () C:\Users\xx\Downloads\Superior_Drummer_WIN
2015-03-21 14:44 - 2015-03-02 16:35 - 00000000 ____D () C:\Users\xxx\Downloads\TT121_EZX_FunkMasters_Update
2015-03-21 14:43 - 2015-03-21 14:43 - 92026707 _____ () C:\Users\xxx\Downloads\TT118_Superior_Drummer_WIN_242.zip
2015-03-21 14:42 - 2015-03-21 14:42 - 27614906 _____ () C:\Users\xxx\Downloads\TT121_EZX_FunkMasters_Update_WIN_152.zip
2015-03-21 14:38 - 2015-03-21 14:38 - 00000000 ____D () C:\Users\xxx\Downloads\EZdrummer_Update_WIN
2015-03-21 14:08 - 2015-03-21 14:08 - 00000943 _____ () C:\Users\xxx\Desktop\Downloads - Verknüpfung.lnk
2015-03-21 14:07 - 2015-03-21 14:08 - 34353968 _____ (Steinberg Media Technologies GmbH) C:\Users\xxx\Downloads\eLicenserControlSetup.exe
2015-03-14 16:33 - 2015-03-14 16:33 - 00000846 _____ () C:\Users\xxx\Desktop\Elektrik Piano 1.5.lnk
2015-03-14 16:26 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-14 16:26 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-14 16:26 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-14 16:26 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-14 16:26 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-14 16:26 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-14 16:26 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-14 16:26 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-14 16:26 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-14 16:26 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-14 16:26 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-14 16:26 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-14 16:26 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-14 16:26 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-14 16:26 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-14 16:26 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-14 16:26 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-14 16:26 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-14 16:26 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-14 16:26 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-14 16:26 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-14 16:26 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-14 16:26 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-14 16:26 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-14 16:26 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-14 16:26 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-14 16:26 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-14 16:26 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-14 16:26 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-14 16:26 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-14 16:26 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-14 16:26 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-14 16:26 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-14 16:26 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-14 16:26 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-14 16:26 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-14 16:26 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-14 16:26 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-14 16:26 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-14 16:26 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-14 16:26 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-14 16:26 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-14 16:26 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-14 16:26 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-14 16:26 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-14 16:26 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-14 16:26 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-14 16:26 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-14 16:26 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-14 16:26 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-14 16:26 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-14 16:26 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-14 16:26 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-14 16:26 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-14 16:26 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-14 16:26 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-14 16:26 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-14 16:26 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-14 16:26 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-14 16:26 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-14 16:26 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-14 16:26 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-14 16:26 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-14 16:26 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-14 16:26 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-14 16:26 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-14 16:26 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-14 16:26 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-14 16:26 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-14 16:26 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-14 16:26 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-14 16:26 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-14 16:26 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-14 16:26 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-14 16:26 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-14 16:26 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-14 16:26 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-14 16:26 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-14 16:26 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-14 16:26 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-14 16:26 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-14 16:26 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-14 16:26 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-14 16:26 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-14 16:26 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-14 16:26 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-14 16:26 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-14 16:26 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-14 16:26 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-14 16:26 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-14 16:25 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-14 16:25 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-14 16:25 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-14 16:25 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-14 16:25 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-14 16:25 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-14 16:25 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-14 16:25 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-14 16:25 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-14 16:25 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-14 16:25 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-14 16:25 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-14 16:25 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-14 16:25 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-14 16:25 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-14 16:25 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-14 16:25 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-14 16:25 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-14 16:25 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-14 16:25 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-14 16:25 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-14 16:25 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-14 16:25 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-14 16:25 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-14 16:25 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-14 16:25 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-14 16:25 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-14 16:25 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-14 16:25 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-14 16:25 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-14 16:25 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-14 16:25 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-14 16:25 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-14 16:25 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-14 16:25 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-14 16:25 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-14 16:25 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-14 16:25 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-14 16:25 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-14 16:25 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-14 16:25 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-14 16:25 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-14 16:25 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-14 16:25 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-14 16:25 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-14 16:25 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-14 16:25 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-14 16:25 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-14 16:25 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-14 16:25 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-14 16:25 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-14 16:25 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-14 16:25 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-14 16:25 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-14 16:25 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-14 16:25 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-14 16:25 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-14 16:25 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-14 16:25 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-14 16:25 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-14 16:25 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-14 16:25 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-14 16:25 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-14 16:25 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-14 16:25 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-14 16:25 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-14 16:25 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-14 16:25 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-14 16:25 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-14 16:25 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-14 16:25 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-14 16:25 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-14 16:25 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-14 16:25 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-14 16:25 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-14 16:25 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-14 16:25 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-14 16:25 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-14 16:25 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-14 16:25 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-14 16:25 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-14 16:25 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-14 16:25 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-14 16:25 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-14 16:25 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-14 16:25 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-14 16:25 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-14 16:25 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-14 16:25 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-14 16:25 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-14 16:25 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-14 16:25 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-14 16:25 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-14 16:25 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-14 16:25 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-14 16:25 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-14 16:25 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-14 16:25 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-14 16:25 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-14 16:25 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-14 16:25 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-14 16:25 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-14 16:25 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-14 16:25 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-14 16:25 - 2015-01-31 05:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-14 16:25 - 2015-01-31 05:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-14 16:25 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-14 16:25 - 2015-01-31 01:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-14 16:25 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-14 16:25 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-14 16:20 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-14 16:20 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-09 14:03 - 2012-04-27 10:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-09 14:00 - 2015-01-10 18:50 - 00000096 _____ () C:\Users\xxx\AppData\Roaming\msregsvv.dll
2015-04-09 14:00 - 2011-05-28 13:11 - 00000000 ____D () C:\Users\xxx\Documents\IK Multimedia
2015-04-09 13:59 - 2013-01-06 15:02 - 00001220 _____ () C:\Users\xxx\Desktop\Custom Shop.lnk
2015-04-09 13:59 - 2011-10-04 15:58 - 00000000 ____D () C:\Program Files\Common Files\VST3
2015-04-09 13:59 - 2010-02-15 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
2015-04-09 13:55 - 2014-01-23 18:03 - 00000000 ____D () C:\ProgramData\Slate Digital
2015-04-09 13:29 - 2009-07-14 06:45 - 00025808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-09 13:29 - 2009-07-14 06:45 - 00025808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-09 13:27 - 2015-01-11 01:02 - 00000000 ____D () C:\AdwCleaner
2015-04-09 13:27 - 2009-07-14 19:58 - 11912340 _____ () C:\Windows\system32\perfh007.dat
2015-04-09 13:27 - 2009-07-14 19:58 - 03660752 _____ () C:\Windows\system32\perfc007.dat
2015-04-09 13:27 - 2009-07-14 07:13 - 00006340 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-09 13:25 - 2015-01-04 16:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-09 13:24 - 2015-01-10 13:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-09 13:22 - 2015-01-24 14:02 - 00010078 _____ () C:\Windows\setupact.log
2015-04-09 13:22 - 2012-02-12 15:02 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-09 13:20 - 2013-08-11 14:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-09 13:20 - 2012-09-17 14:14 - 00083800 _____ () C:\Windows\mlkumidi.log
2015-04-09 13:20 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-09 13:19 - 2013-07-12 13:41 - 01191571 _____ () C:\Windows\WindowsUpdate.log
2015-04-09 13:08 - 2014-01-18 13:36 - 00000000 ____D () C:\Users\xxx\AppData\Local\NVIDIA Corporation
2015-04-09 13:07 - 2010-02-06 20:51 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-28 05:44 - 2014-06-04 13:02 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-03-28 05:44 - 2013-11-23 13:53 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-03-28 05:43 - 2014-06-04 13:02 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-03-28 05:43 - 2013-11-23 13:53 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-03-21 14:39 - 2014-05-07 16:13 - 00002016 _____ () C:\Users\Public\Desktop\EZdrummer.lnk
2015-03-21 14:39 - 2010-02-14 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toontrack
2015-03-21 14:38 - 2014-05-07 14:47 - 00001996 _____ () C:\Users\Public\Desktop\EZdrummer-64.lnk
2015-03-21 14:38 - 2012-12-08 19:07 - 00000000 ____D () C:\Program Files\Steinberg
2015-03-21 14:09 - 2015-02-28 13:23 - 00033554 _____ () C:\Windows\DPINST.LOG
2015-03-21 14:09 - 2010-01-30 19:34 - 00000049 _____ () C:\Windows\SysWOW64\SYNSOPOS.exe.cfg
2015-03-21 14:09 - 2010-01-30 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser
2015-03-21 13:49 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-21 13:46 - 2009-07-14 06:45 - 04927024 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-14 16:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-14 16:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-14 16:43 - 2010-02-05 20:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-14 16:39 - 2013-07-14 16:54 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-14 16:33 - 2010-01-31 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2015-03-14 16:32 - 2010-01-25 19:22 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-14 16:31 - 2013-08-03 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XLN Audio
2015-03-14 16:31 - 2011-08-05 16:00 - 00000000 ____D () C:\Program Files (x86)\VstPlugIns
2015-03-14 16:06 - 2014-08-20 19:04 - 00819896 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys

==================== Files in the root of some directories =======

2010-02-26 23:57 - 2010-02-27 00:28 - 0054976 _____ () C:\Program Files\uninstal.log
2011-08-05 15:12 - 2011-08-05 15:12 - 0054976 _____ () C:\Program Files\uninstal.log~O80NQEMQ
2010-02-27 00:16 - 2010-02-27 00:16 - 0032725 _____ () C:\Program Files (x86)\uninstal.log
2011-09-23 01:29 - 2013-03-29 15:27 - 0000132 _____ () C:\Users\xxx\AppData\Roaming\Adobe BMP Format CS5 Prefs
2013-05-30 18:16 - 2013-05-30 18:16 - 0000132 _____ () C:\Users\xxx\AppData\Roaming\Adobe PNG Format CS5 Prefs
2010-03-06 10:44 - 2010-03-06 10:44 - 0143124 _____ () C:\Users\xxx\AppData\Roaming\AvidAAEMP_Install.log
2010-03-06 10:46 - 2010-03-06 10:47 - 1005720 _____ () C:\Users\xxx\AppData\Roaming\AvidLogExchange_Install.log
2013-07-01 15:30 - 2013-07-04 16:50 - 0000124 _____ () C:\Users\xxx\AppData\Roaming\Camdata.ini
2013-07-01 15:30 - 2013-07-04 16:50 - 0000408 _____ () C:\Users\xxx\AppData\Roaming\CamLayout.ini
2013-07-01 15:30 - 2013-07-04 16:50 - 0000408 _____ () C:\Users\xxx\AppData\Roaming\CamShapes.ini
2013-07-01 15:30 - 2013-07-04 16:50 - 0004521 _____ () C:\Users\xxx\AppData\Roaming\CamStudio.cfg
2013-07-04 13:02 - 2013-07-04 13:02 - 0000000 _____ () C:\Users\xxx\AppData\Roaming\CamStudio.Producer.Data.ini
2013-07-04 13:02 - 2013-07-04 13:02 - 0001206 _____ () C:\Users\xxx\AppData\Roaming\CamStudio.Producer.ini
2010-03-06 10:57 - 2010-03-06 10:57 - 1352970 _____ () C:\Users\xxx\AppData\Roaming\EDLManager_Install.log
2010-03-06 10:58 - 2010-03-06 10:59 - 1815324 _____ () C:\Users\xxx\AppData\Roaming\FilmScribe_Install.log
2013-07-04 11:19 - 2015-02-15 14:07 - 0000268 ___RH () C:\Users\xxx\AppData\Roaming\Hybrid Basic
2013-07-04 11:20 - 2015-02-15 14:08 - 0000268 ___RH () C:\Users\xxx\AppData\Roaming\Hybrid Chords
2013-07-04 11:19 - 2015-02-15 14:07 - 0000268 ___RH () C:\Users\xxx\AppData\Roaming\Hybrid Morph
2013-07-04 11:18 - 2015-02-15 14:04 - 0000000 _____ () C:\Users\xxx\AppData\Roaming\Internet Plug-Ins
2010-03-06 11:00 - 2010-03-06 11:00 - 2829656 _____ () C:\Users\xxx\AppData\Roaming\MediaLog_Install.log
2010-03-06 11:02 - 2010-03-06 11:02 - 2537772 _____ () C:\Users\xxx\AppData\Roaming\MetaSync_Install.log
2015-01-10 18:50 - 2015-04-09 14:00 - 0000096 _____ () C:\Users\xxx\AppData\Roaming\msregsvv.dll
2010-03-06 11:40 - 2010-03-06 11:40 - 0323424 _____ () C:\Users\xxx\AppData\Roaming\PACEDrivers_Install.log
2010-09-10 15:02 - 2010-09-10 15:02 - 0019676 _____ () C:\Users\xxx\AppData\Local\internal.grp
2010-02-06 21:48 - 2014-10-28 11:23 - 0007614 _____ () C:\Users\xxx\AppData\Local\Resmon.ResmonCfg
2012-02-04 15:16 - 2012-02-04 15:16 - 0017408 _____ () C:\Users\xxx\AppData\Local\WebpageIcons.db
2010-02-21 15:47 - 2014-11-23 21:13 - 0000098 _____ () C:\ProgramData\.vsldaemon_path
2010-02-21 15:47 - 2015-02-28 18:20 - 0000114 _____ () C:\ProgramData\.vslscantool_path
2011-05-28 13:21 - 2015-02-28 15:04 - 0000096 _____ () C:\ProgramData\autobk.inc
2015-02-15 14:04 - 2015-02-15 14:04 - 0000000 _____ () C:\ProgramData\Hybrid Basic
2015-02-15 14:07 - 2015-02-15 14:07 - 0000268 ___RH () C:\ProgramData\Icons
2015-02-15 14:08 - 2015-02-15 14:08 - 0000268 ___RH () C:\ProgramData\Image Capture
2015-02-15 14:07 - 2015-02-15 14:07 - 0000268 ___RH () C:\ProgramData\Image Manipulation
2015-02-15 14:04 - 2015-02-15 14:04 - 0000000 _____ () C:\ProgramData\Instrument Library
2013-07-04 13:26 - 2013-07-04 13:26 - 0004917 _____ () C:\ProgramData\nolecicr.ofg
2013-07-04 11:18 - 2015-02-15 14:04 - 0000000 ____H () C:\ProgramData\PKP_DLeo.DAT
2013-07-04 11:20 - 2015-02-15 14:08 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2013-07-04 11:19 - 2015-02-15 15:03 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2013-07-04 11:19 - 2015-02-15 15:02 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2013-07-04 16:37 - 2013-07-04 16:37 - 0004970 _____ () C:\ProgramData\xgneqrwu.hrx

Files to move or delete:
====================
C:\Users\xxx\SOFTUBE PLUG-INS CONTROL.EXE


Some content of TEMP:
====================
C:\Users\xxx\AppData\Local\Temp\Nv3DVisionIePlugin.dll
C:\Users\xxx\AppData\Local\Temp\Nv3DVisionIePlugin64.dll
C:\Users\xxx\AppData\Local\Temp\Nv3DVStreaming.dll
C:\Users\xxx\AppData\Local\Temp\Nv3DVStreaming64.dll
C:\Users\xxx\AppData\Local\Temp\Nv3DVStreamingIePlugin.dll
C:\Users\xxx\AppData\Local\Temp\Nv3DVStreamingIePlugin64.dll
C:\Users\xxx\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\xxx\AppData\Local\Temp\nvStInst.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-26 16:41

==================== End Of Log ============================

--- --- ---

Motif ES 6 · 09.04.2015, 13:35

Nun noch das Addition Log:

Code:

ATTFilter

xxxAdditional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by xxx at 2015-04-09 14:09:36
Running from C:\Users\xxx\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Total Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.24 - GIGABYTE)
Acronis*True*Image*Home 2012 (HKLM-x32\...\{C1FDF2F0-2136-42D8-8A64-2B45BBF2C19E}Visible) (Version: 15.0.7119 - Acronis)
Acronis*True*Image*Home 2012 (x32 Version: 15.0.7119 - Acronis) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Creative Suite 5 Production Premium (HKLM-x32\...\{626B3D60-A661-4444-AAF5-6C75E55936E8}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AmpegSVX (HKLM-x32\...\{CF1D7323-8A0A-49C7-83B0-088DB90721E2}) (Version: 1.1.3 - IK Multimedia)
AmpliTube 3 (HKLM-x32\...\{5DD152A8-BFB3-439E-90CD-5C00C2116E23}) (Version: 3.0.0 - IK Multimedia)
AmpliTube 3 version 3.14.0 (HKLM\...\{DA5202AC-12BF-4330-B8EA-BC77F991FA1C}_is1) (Version: 3.14.0 - IK Multimedia)
AmpliTube Fender (HKLM-x32\...\{B178BACA-880B-4D20-85F9-522F7F2DECBE}) (Version: 1.1.0 - IK Multimedia)
AmpliTube Jimi Hendrix (HKLM-x32\...\{66BA35B0-1911-47EF-B170-1DCFFDA362F1}) (Version: 1.0.3 - IK Multimedia)
AmpliTube2 (HKLM-x32\...\{C95AACD4-9507-4F5C-9D53-22B1ACCFECD1}) (Version: 2.1.4 - IK Multimedia)
Antares Autotune VST RTAS TDM v5.08 (HKLM-x32\...\Antares Autotune VST RTAS TDM_is1) (Version:  - Team AiR 2007)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARC System 2 version 2.2.1 (HKLM\...\{4952A610-D484-4F6A-B1B4-33797CFDB821}_is1) (Version: 2.2.1 - IK Multimedia)
ArcSoft Panorama Maker 6 (HKLM-x32\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
AutoGreen B12.0206.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.0206.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Basic FX Suite (HKLM-x32\...\InstallShield_{45BBAD53-80DB-4DD2-9C50-B5E09EFFAEA7}) (Version: 1.0.0 - Yamaha Corporation)
Basic FX Suite (Version: 1.0.0 - Yamaha Corporation) Hidden
Best Service Engine 1.0.4 64bit (HKLM-x32\...\Best Service Engine 1.0.4 64bit) (Version:  - )
Best Service Galaxy II (HKLM-x32\...\Best Service Galaxy II) (Version:  - )
Best Service Galaxy Vintage D (HKLM-x32\...\Best Service Galaxy Vintage D) (Version:  - Best Service)
Best Service Galaxy Vintage D (Version: 1.0.0.001 - Best Service) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Boris Continuum Complete 7 Adobe CS5 (HKLM\...\{A31D5812-F0AA-4AFA-B584-C2C4AC141518}) (Version: 7.00.0000 - Boris FX, Inc.)
Canon MP110 (HKLM\...\{B3467C74-0678-459a-9180-722763E0AFDE}) (Version:  - )
Canon ScanGear Starter (HKLM-x32\...\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}) (Version:  - )
CS-80V2 2.5.4 (HKLM-x32\...\CS-80V2_is1) (Version: 2.5.4 - Arturia)
CSR (HKLM-x32\...\{648C1BFD-6A70-46D8-B855-F84D95C2DC34}) (Version: 1.1.1 - IK Multimedia)
Custom Shop version 1.6.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.6.0 - IK Multimedia)
DVD-lab PRO 2.3 (HKLM-x32\...\DVD-lab PRO 2.3_is1) (Version:  - Mediachance)
East West Boesendorfer 290 (HKLM-x32\...\East West Boesendorfer 290) (Version:  - )
East West EWQLSO Silver Edition (HKLM-x32\...\East West EWQLSO Silver Edition) (Version:  - )
East West Hardcore Bass (HKLM-x32\...\East West Hardcore Bass) (Version:  - )
East West Hardcore Bass XP (HKLM-x32\...\East West Hardcore Bass XP) (Version:  - )
Easy Tune 6 B12.0402.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B12.0402.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Electronic EZmix pack (HKLM-x32\...\{6450F55E-EE0F-4203-A90D-D533EE3F88E4}) (Version: 1.0.0 - Toontrack)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.8.5.1163 - Steinberg Media Technologies GmbH)
ELS Vocoder (HKLM-x32\...\ELS Vocoder_is1) (Version: 1.6.0 - Eiosis, Inc.)
EZdrummer (HKLM-x32\...\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}) (Version: 1.3.2 - Toontrack)
EZdrummer 2 32-bit (HKLM-x32\...\{7E36EB5B-0739-4DA7-BF26-E63DD2BECA76}) (Version: 2.0.0 - Toontrack)
EZdrummer 2 32-bit Update (HKLM-x32\...\{CDE1FC7E-3E9A-48BA-BBB9-65C2026CA0A2}) (Version: 2.1.0 - Toontrack)
EZdrummer 2 64-bit (HKLM\...\{B9217824-0EBE-49C7-98A0-A76CC46BBB7D}) (Version: 2.0.0 - Toontrack)
EZdrummer 2 64-bit Update (HKLM\...\{11CC8964-9CB0-46E6-9218-CD39ED4A554D}) (Version: 2.1.0 - Toontrack)
EZDrummer 64 bit (HKLM\...\{6CEFB8E2-2B47-49AB-B97E-AA1ACF6595E5}) (Version: 1.3.0 - Toontrack)
EZDrummer 64-bit (HKLM\...\{80E801DB-5288-4447-AAC2-27F329B61C6E}) (Version: 1.3.2 - Toontrack)
EZkeys Classic Electrics 64 (HKLM\...\{2F547D3F-AB60-4319-8513-80DBD3896BA8}) (Version: 1.0.1 - Toontrack)
EZkeys Player 64-bit (HKLM\...\{35E5BAC5-47A5-449C-9244-C40659362DCF}) (Version: 1.2.0 - Toontrack)
EZmix 32-bit (HKLM-x32\...\{B5AB1F3A-136C-4C87-BB49-0E3ACD5B9F7C}) (Version: 2.0.9 - Toontrack)
EZmix 64-bit (HKLM\...\{3D83CC9F-E2E1-47AE-B1AF-F6D3A8825196}) (Version: 2.0.9 - Toontrack)
EZXAmericana (HKLM-x32\...\{7DB4839F-DFA6-49D2-907F-740CE65B2D10}) (Version: 1.0.0 - Toontrack)
EZXClaustrophobic (HKLM-x32\...\{8094F7AE-CA21-4AF2-A256-BC918CE0E796}) (Version: 1.1.3 - Toontrack)
EZXCocktail (HKLM-x32\...\{147567F0-8575-4BE0-B5B3-62706C67FA5A}) (Version: 1.3.0 - Toontrack)
EZXFunkmasters (HKLM-x32\...\{BB5A44CB-3045-43E2-BEB0-B64E477D4633}) (Version: 1.0.0 - Toontrack)
EZXJazz (HKLM-x32\...\{EED8D44F-CEBB-4298-8D0E-E01AF6AC0663}) (Version: 1.0.0 - Toontrack)
EZXVintage (HKLM-x32\...\{430399DC-98BC-4A7F-8F8E-77981CABAE05}) (Version: 1.2.0 - Toontrack)
FG-X (HKLM\...\Slate Digital FG-X_is1) (Version:  - Slate Digital)
FG-X Virtual Mastering Console (HKLM\...\FG-X Virtual Mastering Console_is1) (Version:  - Slate Digital)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{19666E73-D9E5-44D4-8F33-037ED151ECBC}) (Version: 2.1.22.0 - MAGIX AG)
FXpansion BFD3 (HKLM-x32\...\FXpansion BFD3) (Version: 3.0.3 - FXpansion Audio UK Ltd)
Garritan Jazz Big Band (HKLM-x32\...\Garritan Jazz Big Band) (Version:  - )
Garritan Personal Orchestra (HKLM-x32\...\Garritan Personal Orchestra) (Version:  - )
Garritan Personal Orchestra KP2 (HKLM-x32\...\Garritan Personal Orchestra KP2) (Version:  - )
Gigabyte Raid Configurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0001 - GIGABYTE Technologies, Inc.)
Halls Of Fame Free -  Origami Edition 2.5.2 (HKLM-x32\...\Halls Of Fame Free -  Origami Edition 2.5.2) (Version:  - )
High-Definition Video Playback (x32 Version: 11.1.11500.4.273 - Nero AG) Hidden
IK Multimedia Authorization Manager version 1.0.12 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.12 - IK Multimedia)
iLok Client Helper (HKLM-x32\...\InstallShield_{DEA491FB-48BC-4B6B-8902-FCD4BAB069BE}) (Version: 5.9.1 - PACE Anti-Piracy, Inc.)
iLok Client Helper (x32 Version: 5.9.1 - PACE Anti-Piracy, Inc.) Hidden
iLok Client Helper x32x64 (HKLM-x32\...\InstallShield_{27F0B084-8305-4891-B9FD-4F2E3EDF98D4}) (Version: 5.8.12 - PACE Anti-Piracy)
iLok Client Helper x32x64 (x32 Version: 5.8.12 - PACE Anti-Piracy) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Incomedia WebSite X5 v9 - Evolution (HKLM-x32\...\{64392EEB-38EF-45FD-822D-5C75CA136860}_is1) (Version: 9.0.0.1597 - Incomedia s.r.l.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.9.1 - PACE Anti-Piracy, Inc.)
iZotope Nectar Elements (HKLM-x32\...\iZotope Nectar Elements_is1) (Version: 1.00 - iZotope, Inc.)
iZotope Nectar Mirrorball Style Pack (HKLM-x32\...\iZotope Nectar Mirrorball Style Pack_is1) (Version: 1.00 - iZotope, Inc.)
iZotope Nectar Style Pack 1 (HKLM-x32\...\iZotope Nectar Style Pack 1_is1) (Version: 1.00 - iZotope, Inc.)
iZotope Nectar Utility Pack 1 (HKLM-x32\...\iZotope Nectar Utility Pack 1_is1) (Version: 1.00 - iZotope, Inc.)
iZotope Ozone 3 (HKLM-x32\...\iZotope Ozone 3_is1) (Version: 3.05 - iZotope, Inc.)
iZotope Ozone 4 (HKLM-x32\...\iZotope Ozone 4_is1) (Version: 4.03 - iZotope, Inc.)
iZotope Spectron (HKLM-x32\...\iZotope Spectron_is1) (Version: 1.05 - iZotope, Inc.)
iZotope Stutter Edit (HKLM-x32\...\iZotope Stutter Edit_is1) (Version: 1.04 - iZotope, Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jazz and Big Band KP2 (HKLM-x32\...\Jazz and Big Band KP2) (Version:  - )
JBridge (HKLM-x32\...\JBridge) (Version:  - JBridge)
Jupiter-8V2 2.5.5 (HKLM-x32\...\jupiter8v25_is1) (Version: 2.5.5 - Arturia)
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
K-Lite Codec Pack 6.4.5 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 6.4.5 - )
K-Lite Mega Codec Pack 8.9.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.9.5 - )
KORG padKONTROL Editor Librarian (HKLM-x32\...\{D77332DD-FA53-4E49-9F4B-3863B8D56196}) (Version: 1.01.0010 - KORG Inc.)
KORG USB-MIDI Driver Tools for Windows (HKLM-x32\...\{B3CB5BA3-3E98-4E85-944E-B03D055F8450}) (Version: 1.13.0601 - Korg Inc.)
LatencyMon 6.00 (HKLM\...\LatencyMon_is1) (Version:  - Resplendence Software Projects Sp.)
LightScribe System Software (HKLM-x32\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
Magic Bullet Looks (HKLM-x32\...\InstallShield_{595AC242-897D-494C-A278-2A2781403824}) (Version: 1.4.1 - Red Giant Software)
Magic Bullet Looks (Version: 1.4.1 - Red Giant Software) Hidden
Magic Bullet Mojo (HKLM-x32\...\InstallShield_{40E89076-E040-421E-AEB7-D931F8B07401}) (Version: 1.2.0 - Red Giant Software)
Magic Bullet Mojo (Version: 1.2.0 - Red Giant Software) Hidden
MAGIX 3D Maker (embeded) (HKLM-x32\...\MAGIX 3D Maker D) (Version: 6.0.0.3 - MAGIX AG)
MAGIX Foto Manager 8 6.0.1.457 (D) (HKLM-x32\...\MAGIX Foto Manager 8 D) (Version: 6.0.1.457 - MAGIX AG)
MAGIX Foto Premium 3.1.0.11 (D) (HKLM-x32\...\MAGIX Foto Premium D) (Version: 3.1.0.11 - MAGIX AG)
MAGIX Fotobuch 3.6 (HKLM-x32\...\MAGIX Fotobuch) (Version: 3.6 - MAGIX AG)
MAGIX MP3 Maker 15 10.0.0.257 (D) (HKLM-x32\...\MAGIX MP3 Maker 15 D) (Version: 10.0.0.257 - MAGIX AG)
MAGIX Online Druck Service 3.4.3.0 (D) (HKLM-x32\...\MAGIX Online Druck Service D) (Version: 3.4.3.0 - MAGIX AG)
MAGIX Screenshare 4.3.6.1987 (D) (HKLM-x32\...\MAGIX Screenshare D) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Website Maker 4 1.13.0.112 (D) (HKLM-x32\...\MAGIX Website Maker 4 D) (Version: 1.13.0.112 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaInfo 0.7.69 (HKLM\...\MediaInfo) (Version: 0.7.69 - MediaArea.net)
Melodyne 3.2 (HKLM-x32\...\{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}) (Version: 3.2.0202 - Celemony Software GmbH)
Melodyne 3.2 (x32 Version: 3.2.0202 - Celemony Software GmbH) Hidden
Melodyne Runtime 4.1 (x64) (HKLM\...\{53EE2829-E9DB-4913-B3EA-96F10F84E98B}) (Version: 1.0.1 - Celemony Software GmbH)
Melodyne singletrack (HKLM-x32\...\{16DF894D-FC3F-4B87-908D-671E201CD7A8}) (Version: 2.01.0045 - Celemony Software GmbH)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM-x32\...\WMV9_VCM) (Version:  - )
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mini V 2.5.5 (HKLM-x32\...\miniv2_5_is1) (Version: 2.5.5 - Arturia)
minimoog V 1.6 (HKLM-x32\...\minimoog V_is1) (Version:  - Arturia)
minimoog V2 2.0 (HKLM-x32\...\minimoog V2_is1) (Version:  - Arturia)
Miroslav Philharmonik (HKLM-x32\...\{BA0D0121-A3BA-487D-9C78-7AB0E676C722}) (Version: 1.1.2 - IK Multimedia)
Modular V 2.6.3 (HKLM-x32\...\MMV_2.6.0_is1) (Version: 2.6.3 - Arturia)
Moog Modular V 2.5 (HKLM-x32\...\Moog Modular V 2_is1) (Version:  - Arturia)
Movavi Screen Capture Studio 4 (HKLM-x32\...\Movavi Screen Capture Studio 4) (Version: 4.3.3 - MOVAVI)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
mp3-2-wav converter 1.14 (HKLM-x32\...\mp3-2-wav) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MusicLab RealGuitar (32-bit) (x32 Version: 3.1.0.7127 - MusicLab, Inc.) Hidden
MusicLab RealGuitar (64-bit) (Version: 3.1.0.7127 - MusicLab, Inc.) Hidden
MusicLab RealGuitar (HKLM-x32\...\{4c7ab715-e30c-4db5-ae25-da050dd80533}) (Version: 3.1.0.7127 - MusicLab, Inc.)
MusicLab RealGuitar Sound Bank (x32 Version: 3.1.0.7127 - MusicLab, Inc.) Hidden
MusicLab RealLPC (32-bit) (x32 Version: 3.1.0.7127 - MusicLab, Inc.) Hidden
MusicLab RealLPC (64-bit) (Version: 3.1.0.7127 - MusicLab, Inc.) Hidden
MusicLab RealLPC (HKLM-x32\...\{a55070fb-e9c5-4a41-b693-7f439a4d02cc}) (Version: 3.1.0.7127 - MusicLab, Inc.)
MusicLab RealLPC Sound Bank (x32 Version: 3.1.0.7127 - MusicLab, Inc.) Hidden
MusicLab RealStrat (32-bit) (x32 Version: 3.1.0.7127 - MusicLab, Inc.) Hidden
MusicLab RealStrat (64-bit) (Version: 3.1.0.7127 - MusicLab, Inc.) Hidden
MusicLab RealStrat (HKLM-x32\...\{85520ea4-3eee-4096-89b7-6df88a92032e}) (Version: 3.1.0.7127 - MusicLab, Inc.)
MusicLab RealStrat Sound Bank (x32 Version: 3.1.0.7127 - MusicLab, Inc.) Hidden
MusicLab Virtual Midi Driver (64-bit) (HKLM\...\{2B019162-86C7-4D14-AED0-2CB5110BA4FF}) (Version: 2.0.2.0 - MusicLab, Inc.)
Native Instruments Abbey Road 60s Drummer (HKLM-x32\...\Native Instruments Abbey Road 60s Drummer) (Version:  - Native Instruments)
Native Instruments Abbey Road 60s Drums (HKLM-x32\...\Native Instruments Abbey Road 60s Drums) (Version:  - Native Instruments)
Native Instruments Abbey Road 60s Drums 1.1 (HKLM-x32\...\Native Instruments Abbey Road 60s Drums 1.1) (Version:  - Native Instruments)
Native Instruments Abbey Road 70s Drummer (HKLM-x32\...\Native Instruments Abbey Road 70s Drummer) (Version:  - Native Instruments)
Native Instruments Abbey Road 70s Drums (HKLM-x32\...\Native Instruments Abbey Road 70s Drums) (Version:  - Native Instruments)
Native Instruments Abbey Road 70s Drums 1.1 (HKLM-x32\...\Native Instruments Abbey Road 70s Drums 1.1) (Version:  - Native Instruments)
Native Instruments Abbey Road Modern Drums (HKLM-x32\...\Native Instruments Abbey Road Modern Drums) (Version:  - Native Instruments)
Native Instruments Alicias Keys (HKLM-x32\...\Native Instruments Alicias Keys) (Version: 1.5.0.1 - Native Instruments)
Native Instruments Battery 3 (HKLM-x32\...\Native Instruments Battery 3) (Version:  - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)
Native Instruments Driver (HKLM-x32\...\Native Instruments Driver) (Version: 1.0.1.288 - Native Instruments)
Native Instruments DrumMicA (HKLM-x32\...\Native Instruments DrumMicA) (Version:  - Native Instruments)
Native Instruments Elektrik Piano (HKLM-x32\...\Native Instruments Elektrik Piano) (Version:  - )
Native Instruments Elektrik Piano 1.5 (HKLM-x32\...\Native Instruments Elektrik Piano 1.5) (Version:  - )
Native Instruments Guitar Rig 3 (HKLM-x32\...\Native Instruments Guitar Rig 3) (Version:  - Native Instruments)
Native Instruments Guitar Rig 4 (HKLM-x32\...\Native Instruments Guitar Rig 4) (Version:  - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.4.2.245 - Native Instruments)
Native Instruments Kontakt Factory Library (HKLM-x32\...\Native Instruments Kontakt Factory Library) (Version: 1.1.0.6 - Native Instruments)
Native Instruments Replika (HKLM-x32\...\Native Instruments Replika) (Version: 1.2.1.713 - Native Instruments)
Native Instruments Retro Machines Mk2 (HKLM-x32\...\Native Instruments Retro Machines Mk2) (Version: 1.3.0.3 - Native Instruments)
Native Instruments Scarbee Funk Guitarist (HKLM-x32\...\Native Instruments Scarbee Funk Guitarist) (Version:  - Native Instruments)
Native Instruments Scarbee Pre-Bass Amped (HKLM-x32\...\Native Instruments Scarbee Pre-Bass Amped) (Version:  - Native Instruments)
Native Instruments Scarbee Vintage Keys (HKLM-x32\...\Native Instruments Scarbee Vintage Keys) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments)
Native Instruments Session Horns (HKLM-x32\...\Native Instruments Session Horns) (Version:  - Native Instruments)
Native Instruments Session Strings (HKLM-x32\...\Native Instruments Session Strings) (Version:  - Native Instruments)
Native Instruments Studio Drummer (HKLM-x32\...\Native Instruments Studio Drummer) (Version:  - Native Instruments)
Native Instruments Vintage Organs (HKLM-x32\...\Native Instruments Vintage Organs) (Version: 1.4.0.5 - Native Instruments)
Nero 10 ClipartPack (HKLM-x32\...\{96ED4B78-300E-4033-AE6C-C115CEB4DF07}) (Version: 10.6.10000.11.0 - Nero AG)
Nero 10 Kwik Themes 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.6.10000.1.0 - Nero AG)
Nero 10 Kwik Themes 2 (HKLM-x32\...\{70F19404-B96C-4EBB-AD2B-3574F8736197}) (Version: 10.6.10000.2.0 - Nero AG)
Nero 10 Menu TemplatePack 1 (HKLM-x32\...\{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}) (Version: 10.6.10000.0.0 - Nero AG)
Nero 10 Menu TemplatePack 2 (HKLM-x32\...\{E712C273-7564-4C8E-AA59-0FA19BC35117}) (Version: 10.6.10000.0.0 - Nero AG)
Nero 10 Menu TemplatePack 3 (HKLM-x32\...\{92146419-AE44-4C8B-A48B-0ABB1B5EC026}) (Version: 10.6.10000.1.0 - Nero AG)
Nero 10 Sample ImagePack (HKLM-x32\...\{ACD15FDF-FC42-4175-B477-576F92FF2256}) (Version: 10.6.10000.11.0 - Nero AG)
Nero 10 Sample Videos (HKLM-x32\...\{92A10E9D-EA00-4A46-8F22-EEA660992D61}) (Version: 10.6.10000.11.0 - Nero AG)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10600.6.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.6.10700.5.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10400.2.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.6.10600.4.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10800.6.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10300.1.100 - Nero AG)
Nero Kwik Media (HKLM-x32\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.16600.75.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.11200 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.10.10700.5.100 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.10.10500.4.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.4.11000.9.100 - Nero AG)
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.10.10700.6.100 - Nero AG)
NF VST 64-bit Installer (HKLM-x32\...\NF VST 64-bit Installer3.0) (Version: 3.0 - Nomad Factory)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.1 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.2 - Nikon)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9745 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
PACE License Support Win64 (HKLM-x32\...\InstallShield_{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.7.0852 - PACE Anti-Piracy, Inc.)
PACE License Support Win64 (Version: 2.4.7.0852 - PACE Anti-Piracy, Inc.) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Picture Control Utility 2 (HKLM\...\{D4893C47-704F-4B84-8486-9DE4974ACA6F}) (Version: 2.0.2 - Nikon)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.12 - Nikon)
Plus Pack für Acronis True Image Home 2012 (HKLM-x32\...\{A8EFC6C1-DF0C-4F51-8779-EAC4CDB440A4}) (Version: 15.0.6131 - Acronis)
Prophet-V2 2.5.3 (HKLM-x32\...\prophetv2_5_is1) (Version: 2.5.3 - Arturia)
PSP VintageMeter 32bit (HKLM-x32\...\PSP VintageMeter 32bit) (Version: 1.0.0 32bit - PSPaudioware.com)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6554 - Realtek Semiconductor Corp.)
ReValver HPSE x64 (HKLM\...\ReValver HPSE x64_is1) (Version:  - )
Roots Sticks MIDI (HKLM-x32\...\{0EEAD139-1ABB-43B9-BBA1-5ECF9C6CCF8B}) (Version: 1.0.0 - Toontrack)
SampleMoog (HKLM-x32\...\{218AA20E-F016-4385-9F74-04FF8E596FB2}) (Version: 1.0.2 - IK Multimedia)
SampleTank 2 (HKLM-x32\...\{6559654F-2F38-491F-8411-211517C3E635}) (Version: 2.5.4 - IK Multimedia)
SampleTank 3 version 3.5.0 (HKLM\...\{4A5CE684-33A5-4EE6-AB22-4B92D92D37D8}_is1) (Version: 3.5.0 - IK Multimedia)
Sentinel Protection Installer 7.4.0 (HKLM-x32\...\{5A180ED5-0AC1-410A-B790-5E0319CD0A93}) (Version: 7.4.0 - SafeNet, Inc.)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Softube Plug-Ins (VST 32-bit) (HKLM-x32\...\Softube Plug-Ins (VST 32-bit)) (Version:  - )
Softube Plug-Ins (VST 64-bit) (HKLM\...\Softube Plug-Ins (VST 64-bit)) (Version:  - )
Softube Plug-Ins (VST AAX 64-bit) (HKLM\...\Softube Plug-Ins (VST AAX 64-bit)) (Version:  - )
SONiVOX Vocalizer (HKLM-x32\...\SONiVOX Vocalizer_is1) (Version:  - )
Sonnox Restoration Tools for Wavelab VST v1.0.0 (32-bit) (HKLM-x32\...\Sonnox Restoration Tools for Wavelab VST v1.0.0 (32-bit)_is1) (Version: 1.0.0 - Sonnox Ltd, Oxford, UK)
Sonnox Restoration Tools for Wavelab VST v1.0.2 (32-bit) (HKLM-x32\...\Sonnox Restoration Tools for Wavelab VST v1.0.2 (32-bit)_is1) (Version: 1.0.2 - Sonnox Ltd, Oxford, UK)
Spark Vintage Drum Machines 1.7.2 (HKLM-x32\...\Spark Vintage Drum Machines_is1) (Version:  - Arturia)
SPL TwinTube 1.3.1 (HKLM-x32\...\SPL TwinTube_is1) (Version:  - SPL)
SPL Vitalizer MK2-T 1.3 (HKLM-x32\...\SPL Vitalizer MK2-T_is1) (Version:  - SPL)
Splashtop Connect for Firefox (HKLM-x32\...\{EF25F71D-F3E8-42A3-8B5A-DBF83C4B942F}) (Version: 2.0.5.2 - Splashtop Inc.)
Splashtop Connect for IE (HKLM-x32\...\{E2B086BD-75A9-45D1-A675-151624B259A1}) (Version: 2.0.5.1 - Splashtop Inc.)
SSD Sampler (HKLM-x32\...\SSD4) (Version: 1.1 - Yellow Matter Entertainment)
StartUpProject (HKLM-x32\...\{4ABFED1A-0DE9-4864-A89F-1117DECFF672}) (Version: 3.5.0 - Avid Technology, Inc.)
Steinberg CC121 Extension 64bit (HKLM-x32\...\{1D111953-3C70-48E3-BB62-B669C724585C}) (Version: 1.7.6 - Yamaha Corporation)
Steinberg Cubase 7.5 64bit (HKLM\...\{C75E8AD9-C89F-4505-5E87-CFCCEBE284FA}) (Version: 7.5.40 - Steinberg Media Technologies GmbH)
Steinberg Cubase 8 64bit (HKLM\...\{C806BE81-01DE-4EFA-33AC-34635B3EAB4A}) (Version: 8.0.10 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 2.0.0.0 - Steinberg Media Technologies GmbH)
Steinberg EDM Toolbox MIDI Loops (HKLM-x32\...\{8C9B2EA8-9A30-4347-95E9-10E919C4F32E}) (Version: 1.1.0 - Steinberg Media Technologies GmbH)
Steinberg Eucon Adapter 6.5 64bit (HKLM\...\{95D90857-61C2-4927-85FF-A317E46E7351}) (Version: 6.5.2 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Allen Morgan Signature Drums (HKLM-x32\...\{611A7035-0172-4B9B-8BB6-5046F6867D8A}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\...\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent SE 64bit (HKLM\...\{A5AB0D21-21BD-4DB8-F097-02E8FC8C486A}) (Version: 4.1.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent SE Acoustic Agent (HKLM-x32\...\{F34EA13C-F078-4003-AE21-43EAB2680EC5}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent SE Content (HKLM-x32\...\{AFC9D1CE-F050-437C-35A5-62DEDB262DC7}) (Version: 1.2.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent SE Rock Pop Toolbox Drums (HKLM-x32\...\{E9BFA009-DD72-4F2A-84CB-6DF46472B563}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 2.0.2 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE Content (HKLM-x32\...\{A5051ABF-A497-4C3C-85EA-F7A4D5C19B82}) (Version: 2.0.0 - Steinberg Media Technologies GmbH)
Steinberg HALionOne 64bit (HKLM\...\{743C5D75-6BC8-4881-BF7D-E7DF29F155F4}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Additional Content Set 01 (HKLM-x32\...\{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Expression Set (HKLM-x32\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 2.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content 2 (HKLM-x32\...\{88C337F0-4CF2-4098-BDC0-D94859ECA2B4}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg Midi Loop Library (HKLM-x32\...\{89DE2651-6DD9-4C15-AC94-8348362D456C}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg Padshop 64bit (HKLM\...\{75F15019-C0C2-4047-AA45-97B4BD313719}) (Version: 1.1.0 - Steinberg Media Technologies GmbH)
Steinberg Retrologue 64bit (HKLM\...\{4D65ECE6-131D-4B5F-8470-2750D3161619}) (Version: 1.1.0 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 2.0.1.000 - Steinberg Media Technologies GmbH)
Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Steinberg UR44 Applications (HKLM-x32\...\InstallShield_{37619421-E7D8-44C2-85A3-486C97E6A0D4}) (Version: 2.1.0 - Yamaha Corporation)
Steinberg UR44 Applications (Version: 2.1.0 - Yamaha Corporation) Hidden
Steinberg VST Amp Rack Content 01 (HKLM-x32\...\{8CBA7E47-48DA-47DC-8E98-6984BA830295}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Steinberg VST Bass Amp Content (HKLM-x32\...\{A2FC1750-B90F-4948-9D6E-DDDA155C6EC8}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg VST Classics 1 64bit (HKLM\...\{AA322103-FC2B-4D86-BA6C-67D4DDB4209C}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg VST Classics 2 64bit (HKLM\...\{AC07B5F9-BF11-4221-9E85-87A6F33BCBB3}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Stutter Edit Expansion 1 (HKLM-x32\...\Stutter Edit Expansion 1_is1) (Version: 1.00 - iZotope, Inc.)
Stutter Edit Expansion 2 (HKLM-x32\...\Stutter Edit Expansion 2_is1) (Version: 1.00 - iZotope, Inc.)
Subtitle Workshop 2.51 (HKLM-x32\...\SubtitleWorkshop) (Version:  - )
Superior Drummer 32-bit (HKLM-x32\...\{8752CE2D-F312-499D-AE46-4AD80506A890}) (Version: 2.4.2 - Toontrack)
Superior Drummer 64-bit (HKLM\...\{0E54CF79-AE40-409E-9253-9563418C730C}) (Version: 2.4.2 - Toontrack)
Toontrack solo (HKLM-x32\...\{5866520C-8857-4986-833A-039F4584C3F7}) (Version: 1.3.2 - Toontrack)
Toontrack solo 64 bit (HKLM\...\{FA9D0D8C-FDD1-45C2-8291-079FBA72D2CB}) (Version: 1.3.2 - Toontrack)
T-RackS 1.x (HKLM-x32\...\{37BCCAE2-A3AD-4E03-B4FD-A1BE1FE6365A}) (Version: 1.3.0 - IK Multimedia)
T-RackS 3 Standard (HKLM-x32\...\{A78D0A87-8C6E-4726-84D7-C4CAC122617D}) (Version: 3.1.1 - IK Multimedia)
T-RackS CS version 4.7.1 (HKLM\...\{E931EBCC-55F9-4D67-BA0E-D57C4A893A44}_is1) (Version: 4.7.1 - IK Multimedia)
UAD Powered Plug-Ins (HKLM-x32\...\UAD Powered Plug-Ins) (Version:  - )
Ulead COOL 360 1.0 (HKLM-x32\...\{3CEA4CA8-CDD4-451C-B673-E8F17BE01B15}) (Version:  - )
Ulead Photo Explorer 8.6 (HKLM-x32\...\{025C3792-E9C6-432A-92C1-661F99D021CA}) (Version: 8.6 - Ulead Systems, Inc.)
Ulead PhotoImpact 11 (HKLM-x32\...\{C8550C86-A712-4219-AD4C-038C9FD1D149}) (Version: 11.0 - Ulead System)
UninstallTpkdx64 (HKLM\...\Tpkdx64_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Vienna Instruments 2.0 (HKLM\...\Vienna Instruments_is1) (Version:  - Vienna Symphonic Library)
Vienna Instruments Software 1.11 (HKLM-x32\...\Vienna Instruments Software_is1) (Version:  - Vienna Symphonic Library)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.10.3 - Nikon)
Vir2 Instruments Acoustic Legends HD (HKLM-x32\...\Vir2 Instruments Acoustic Legends HD) (Version:  - )
Vir2 Instruments BASiS (HKLM-x32\...\Vir2 Instruments BASiS) (Version:  - )
Visual C++ 64-bit Redistributables (HKLM-x32\...\InstallShield_{FB03650C-B373-4B20-ACA5-B7BA1A8EEE33}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
Visual C++ Redistributables (HKLM-x32\...\InstallShield_{C2AF7B2D-7018-414B-9B8B-D3C9F3BED04F}) (Version: 1.00.0000 - PACE Anti-Piracy, Inc.)
Visual C++ Redistributables (HKLM-x32\...\InstallShield_{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
VKFX 2.2.5 (HKLM\...\{C270463E-8DF0-45c7-AB1F-2695E822E344}_is1) (Version: 2.2.5 - Overloud)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VMR Complete Bundle (HKLM\...\Slate Digital VMR Complete Bundle_is1) (Version:  - Slate Digital)
WAV to AC3 Encoder 5.0 (HKLM-x32\...\WAV to AC3 Encoder_is1) (Version:  - Wieslaw Soltes)
WaveLab 8.5 (64 bit) (HKLM\...\WaveLabPro8_5_64) (Version: 8.5.0.849 - Steinberg)
Waves Complete V9r21 (HKLM-x32\...\{93000001-C561-4E32-99EB-3C5AD3683A70}) (Version: 9.3.21 - Waves)
Wavpack4Wavelab6 (HKLM-x32\...\{D2CB5A07-DF85-4CFD-8E76-EB23B77730F3}) (Version: 1.0.0 - RIL)
Windows Driver Package - Universal Audio Inc. (UAD2Pcie) UAD2DSP  (11/30/2010 ) (HKLM\...\D6464B370822574865708071F3E87D186FAC7BA4) (Version: 11/30/2010  - Universal Audio Inc.)
Windows Driver Package - Universal Audio Inc. (UAD2System) UAD2DSP  (11/30/2010 ) (HKLM\...\072DA3D1AC97714EA927A1A5770099D1AB131FD5) (Version: 11/30/2010  - Universal Audio Inc.)
WinRAR 4.10 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
Wurlitzer V 1.0.6 (HKLM-x32\...\Wurlitzer V_is1) (Version:  - Arturia)
XLN Online Installer (HKLM\...\XLN Online Installer Inno Setup ID_is1) (Version:  - )
XLN Online Installer (HKLM\...\XLN Online Installer) (Version:  - XLN Audio AB)
Yamaha Steinberg USB Driver (HKLM-x32\...\InstallShield_{89A4C956-539C-438D-8D3B-B9C054FD0DDE}) (Version: 1.8.5 - Yamaha Corporation)
Yamaha Steinberg USB Driver (Version: 1.8.5 - Yamaha Corporation) Hidden
Yamaha USB-MIDI Driver (HKLM-x32\...\InstallShield_{71E75F05-930E-41BA-BDBC-15E3134DD45B}) (Version: 3.1.3.3 - Yamaha Corporation)
Yamaha USB-MIDI Driver (Version: 3.1.3.3 - Yamaha Corporation) Hidden
yellow tools Independence Pro 2.5.4 Software Suite 64bit (HKLM-x32\...\yellow tools Independence Pro 2.5.4 Software Suite 64bit) (Version:  - )
Zero-G Vocal Forge (HKLM-x32\...\Zero-G Vocal Forge) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-25170337-1842596019-2157349911-1000_Classes\CLSID\{CE4DC330-BD45-4D58-89D8-213C0487778D}\InprocServer32 -> C:\Program Files\MusicLab\RealStrat 3\RealStratView.dll ()
CustomCLSID: HKU\S-1-5-21-25170337-1842596019-2157349911-1000_Classes\CLSID\{FEEC32C4-894D-4B59-B6ED-8AC7B1C84295}\InprocServer32 -> C:\Program Files\MusicLab\RealGuitar 3\RealGuitarView.dll ()

==================== Restore Points  =========================

11-01-2015 00:25:47 Ende der Bereinigung
17-01-2015 12:47:09 Windows Update
17-01-2015 13:40:35 Windows Update
17-01-2015 14:16:30 Installed EZkeys Player 64-bit.
17-01-2015 14:31:27 Installed Superior Drummer 64-bit.
17-01-2015 14:32:49 Installed Superior Drummer 32-bit.
24-01-2015 13:49:14 Windows Update
24-01-2015 13:54:19 Removed Steinberg Cubase 8 64bit
15-02-2015 13:17:10 Windows Update
15-02-2015 14:03:07 Removed ViewNX 2.
15-02-2015 14:04:27 Removed Nikon Movie Editor.
15-02-2015 14:06:16 Installiert "ViewNX 2"
21-02-2015 11:51:11 Windows Update
21-02-2015 12:35:24 Installiert Yamaha USB-MIDI Driver
21-02-2015 12:36:45 Installiert Steinberg CC121 Extension 64bit
21-02-2015 12:58:59 Configured PACE License Support Win64
25-02-2015 14:32:19 Windows Update
14-03-2015 16:27:27 Windows Update
09-04-2015 13:10:35 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-01-04 13:41 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1061FDDF-FD38-4434-923F-B01E4FE9EA0B} - System32\Tasks\{29175965-F787-4528-B3C8-F57146EBD8E8} => C:\Users\xxx\Downloads\DriverSetup.exe
Task: {142BD87F-4E9D-4DD7-BD37-30E762B767FB} - System32\Tasks\{85839F60-C55D-4A03-ADA4-CFBFF70913F4} => pcalua.exe -a "C:\Users\xxx\Downloads\Waves_Complete_V9r18.exe" -d "C:\Users\xxx\Downloads"
Task: {18EB1E95-16A9-4E8D-AEE7-597328A1D8FE} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {19ABA4F3-17E6-4F42-AB05-A96F73B41FA8} - System32\Tasks\{BB11460A-50B3-494F-9819-514E591A0F96} => pcalua.exe -a Q:\Downloads\Tascam\FW-1082_DR_Win_v170\FW1082_Win_1.70.exe -d Q:\Downloads\Tascam\FW-1082_DR_Win_v170
Task: {19FE1324-E749-4E42-AF49-7C829D936723} - System32\Tasks\{DA2C2281-7022-46CA-9B16-D35E131E183B} => C:\Users\xxxr\Downloads\DriverSetup.exe
Task: {1DD7E5BB-F8FF-4979-AB40-75A0ACE435F4} - System32\Tasks\{29DBEDF4-CF87-46A4-B759-506861DE03D9} => C:\Users\xxx\Downloads\DriverSetup.exe
Task: {1E879F1F-9418-45B8-A47C-1E96C550DA07} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-25170337-1842596019-2157349911-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {23F870EA-19D1-47A4-88EA-D94C1A6C1ECF} - System32\Tasks\{4866F09B-B790-40EA-BF5E-BECC5DA41AE1} => C:\Users\xxx\Downloads\Waves_Complete_V9r18.exe
Task: {24235CED-6D6E-4576-8077-0B7DE26822E1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {26AEF134-8686-4622-ACE9-13CD77C4229F} - System32\Tasks\{CD71D5AF-98B4-41C1-ABF5-E88C19526654} => pcalua.exe -a Q:\Downloads\Steinberg\WaveLabAspi.exe -d Q:\Downloads\Steinberg
Task: {26B0B279-DF8C-4CFE-9069-73402524C30C} - System32\Tasks\{ADB300C0-352F-4357-89B4-6DD70CC70B1B} => C:\Users\xxx\Downloads\DriverSetup.exe
Task: {298B857C-0B65-4FF1-974A-56F1C6FA985C} - System32\Tasks\{438F3EF0-DDAA-4675-A999-E7A0FD922E27} => Q:\Downloads\Tascam\FW-1082_DR_Win_v170\FW1082_Win_1.70.exe
Task: {29948ADB-C48B-4D26-928D-AB21C21FAFE0} - System32\Tasks\{40D901C2-504F-4FFA-B15A-16A9F99DEB99} => Q:\Downloads\J-Bridge\jBridgev1.19Setup_xxx\jBridgev1.19Setup_xxx.exe
Task: {29FB761E-3D1C-4660-9107-8982B85C70AE} - System32\Tasks\{412B8675-D7A0-4674-AD88-F0B1B16B8122} => Q:\Downloads\Tascam\FW-1082_DR_Win_v170\FW1082_Win_1.70.exe
Task: {2DF5DD56-FBEA-49CD-9443-9D46DEEEF944} - System32\Tasks\{D1C71F96-9AAB-4054-87C3-8673B64EA10B} => Q:\Downloads\Tascam\FW-1082_DR_Win_v170\FW1082_Win_1.70.exe
Task: {322F7B8A-43DE-4669-8405-F9FEE4815575} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {3D5576D7-F137-456F-ACF7-4E6951BCAAAE} - System32\Tasks\{5F9DF423-7D3C-427E-81DF-1C0A3089E864} => Q:\Downloads\Tascam\FW-1082_DR_Win_v170\FW1082_Win_1.70.exe
Task: {41368CA6-1030-4804-9223-B2434974F72B} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {45D8E408-144E-40D2-9CC8-945D0CC76826} - System32\Tasks\{B7775B54-F6E5-4832-B4BE-E877DE2F3B45} => Q:\Downloads\Tascam\FW-1082_DR_Win_v170\FW1082_Win_1.70.exe
Task: {4BAC4AD4-0AFA-4599-BF47-E4110BB1E66E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {5B264934-42F3-47ED-9C17-6F2E191D271D} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {5D8AAF0F-B35F-44DF-940F-949DD8FB752C} - System32\Tasks\{81C7480D-65DF-4F3C-ADE7-3B3D3A21A13A} => Q:\Downloads\Tascam\FW-1082_DR_Win_v170\FW1082_Win_1.70.exe
Task: {67A2DD0A-7E44-4505-9669-67B017F40EEE} - System32\Tasks\{626B8230-16CC-48CF-A490-58CEED8E21A8} => pcalua.exe -a "C:\Users\xxx\Desktop\Kontakt 4 Factory Content Setup PC.exe" -d "C:\Users\xxx\Desktop"
Task: {6979BE22-4880-466F-8848-52BABB0D5DE6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {6B31B445-731D-4169-8747-370AC6CE856E} - System32\Tasks\{2AD3E5CD-846C-454C-8F5E-66F9BD146432} => Q:\Downloads\Tascam\FW-1082_DR_Win_v170\FW1082_Win_1.70.exe
Task: {78468091-1F8B-4889-88B6-09283C587F7A} - System32\Tasks\{5746D425-FB45-49FB-89AC-6D718D8AAB96} => pcalua.exe -a H:\setup.exe -d H:\
Task: {7ABB794D-4402-4F4B-AAE6-A683947D3A5F} - System32\Tasks\{2CBFBC4B-2D9E-4357-AF11-0F0709DF2A74} => Q:\Downloads\Tascam\FW-1082_DR_Win_v170\FW1082_Win_1.70.exe
Task: {83BF8E31-F091-46C7-90E7-5ABBACBBFB90} - System32\Tasks\{4898AA0A-DFAB-4D6E-90A0-A8B280D99E75} => C:\Users\xxx\Downloads\DriverSetup.exe
Task: {894932C1-A298-4A4C-BCDD-E4BA7387C27F} - System32\Tasks\AdobeAAMUpdater-1.0-xxx-PC-xxx => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-05-16] (Adobe Systems Incorporated)
Task: {95398875-A3E3-45A8-A3A4-1F8424E8D14C} - System32\Tasks\{BFAD21FD-87DD-4D57-8435-CAF757D6A11F} => pcalua.exe -a H:\windows\german\pm\personal\Setup.exe -d H:\windows\german\pm\personal
Task: {9C84F1F2-3512-4CE1-A371-B703568C1E31} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {A3B740FE-B024-42AE-8090-69BF33EA3B3A} - System32\Tasks\{5853299B-4259-442D-85A5-8CC6580067B3} => C:\Users\xxx\Downloads\DriverSetup.exe
Task: {A5428D3A-522E-4698-818D-012D47A16CB5} - System32\Tasks\{07A01D39-F62B-4A0F-A2E0-E53256F212E9} => Q:\Downloads\Tascam\FW-1082_DR_Win_v170\FW1082_Win_1.70.exe
Task: {ABA56809-A401-4F32-874C-F1A51A3589C4} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-25170337-1842596019-2157349911-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {ABE5DB4C-EC69-4E54-A15A-A495205ACB52} - System32\Tasks\{B76EAEE9-550E-4B96-99EA-F859C946EBCA} => Q:\Downloads\J-Bridge\jBridgev1.19Setup_xxx\jBridgev1.19Setup_xxx.exe
Task: {ABECAB4D-8FF9-45AF-A0D9-51D2A67D355F} - System32\Tasks\{C8AE0818-88F1-4A18-A57B-B441BE68ECA4} => pcalua.exe -a "D:\Retro ADpak Installer.exe" -d D:\
Task: {B076D6CE-39BD-4472-985B-7919F96AAB82} - System32\Tasks\{7C16986C-0877-491D-ABB6-88470C77EE5B} => pcalua.exe -a "G:\Downloads\Universal Audio\UAD-Win-v580.exe" -d "G:\Downloads\Universal Audio"
Task: {B4148331-B027-4713-AE36-D5E9929070D7} - System32\Tasks\{51E7D79B-2CAA-4FFC-ABD0-363FA9548361} => Q:\Downloads\Tascam\FW-1082_DR_Win_v170\FW1082_Win_1.70.exe
Task: {BA31E6FA-43E9-4DD4-9608-A8C89C69160B} - System32\Tasks\{D1FC40E7-6029-4CC3-A406-CD8EBE42631A} => Q:\Downloads\J-Bridge\jBridgev1.19Setup_xxx\jBridgev1.19Setup_xxx.exe
Task: {BA347F6F-00F2-472A-AF65-19A3D1DFB2A3} - System32\Tasks\{06423D2D-E9C1-4F33-B81A-82C715621358} => pcalua.exe -a "H:\Alicias Keys Setup PC.exe" -d H:\
Task: {BC37EC53-D032-424F-A403-D85B9824E3F9} - System32\Tasks\{B04DD4E4-4CDD-43D9-8750-AF953E20A112} => pcalua.exe -a "O:\Program Files (x86)\VSL\Vienna Instruments\LibraryInstaller.exe" -d "O:\Program Files (x86)\VSL\Vienna Instruments"
Task: {BD10712F-BDCC-40A6-9840-FF84C52BE6FD} - System32\Tasks\{2C46918F-A593-4956-88DE-8F999A59AE9C} => pcalua.exe -a "H:\Independence Pro 2.5.4 Software Suite 64 E-License.exe" -d H:\
Task: {BF7ABB10-6A68-409E-8008-EB534F8F8705} - System32\Tasks\{D398A544-CFB3-46E8-B5DF-626FF232C43B} => pcalua.exe -a "C:\Users\xxx\Downloads\install_flash_player.exe" -d "C:\Users\xxx\Downloads"
Task: {C18139FF-A0AB-4047-8DDD-39525E452E10} - System32\Tasks\{6904D156-3764-4007-AEC4-9544A7DA37E0} => C:\Users\xxx\Downloads\DriverSetup.exe
Task: {C37AE386-CBA9-43AE-9844-B2CE7224BE33} - System32\Tasks\{1D409CDB-4184-4914-A0E6-97AD74AC8C6D} => H:\windows\german\pm\personal\Setup.exe
Task: {C58B58B4-3DE9-45F0-9B11-850C7FDD27B0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-08] (Adobe Systems Incorporated)
Task: {C667DE3E-8FA6-443B-9CCC-7B757AB7C2C4} - System32\Tasks\{85AF413A-1425-4DA2-BFA3-8E5B4A8E3B8B} => pcalua.exe -a "D:\Cubase 7 for Windows\Setup.exe" -d "D:\Cubase 7 for Windows"
Task: {C73A72CF-5138-48BE-BF08-78546B184472} - System32\Tasks\{0BCE0B9C-45A2-40B0-9941-9F39BDACB669} => Q:\Downloads\J-Bridge\jBridgev1.19Setup_xxx\jBridgev1.19Setup_xxx.exe
Task: {C92F3D73-0DF8-4A42-8396-F321B5E87D9A} - System32\Tasks\{EFB4A033-2F63-4013-82D3-FEDE6E7A8D55} => C:\Windows\System32\SoftLcd1082.exe
Task: {CA870B03-DCDD-48C0-98C2-D714511B21F1} - System32\Tasks\{C14BF85D-4129-4CE4-AD72-D630D327CC26} => Q:\Downloads\J-Bridge\jBridgev1.19Setup_xxx\jBridgev1.19Setup_xxx.exe
Task: {D0CB62B8-3961-4DED-AC91-4AE23D264B6B} - System32\Tasks\{9B31F731-5050-4586-98EF-74A01C60D886} => Q:\Downloads\Tascam\FW-1082_DR_Win_v170\FW1082_Win_1.70.exe
Task: {D401F2A2-731E-4682-BF5A-9AC9585DE606} - System32\Tasks\{674EA2D3-4F3C-4EA3-8749-2D08682045A0} => pcalua.exe -a "C:\Users\xxx\Downloads\DriverSetup.exe" -d "C:\Users\xxx\Downloads"
Task: {D57D1B7C-1831-4FAD-BF64-203A05D8D136} - System32\Tasks\{E6A7A111-7169-4964-9496-AA39C0C5D697} => pcalua.exe -a H:\Autorun.exe -d H:\
Task: {DF1EB108-2A31-441E-971D-1CD931F8A30E} - System32\Tasks\{C4C278E8-DFDC-4D88-A004-A03664E2C937} => C:\Program Files\Steinberg\Asio\asioglldsetup.exe [2010-12-06] (Steinberg Media Technologies)
Task: {E2AD9959-656C-4596-9ABE-C3AB27091F0E} - System32\Tasks\{E3C7FEEC-A48E-4A6B-8D20-9CDC54920125} => Q:\Downloads\Tascam\FW-1082_DR_Win_v170\FW1082_Win_1.70.exe
Task: {E618B9A0-0D06-45B0-BCFA-BF36790B1C72} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {E9E16472-D60C-48EA-B60E-E2548DF10B2B} - System32\Tasks\{B74E7334-75CB-455D-8C95-F754C20EBF68} => Q:\Downloads\Tascam\FW-1082_DR_Win_v170\FW1082_Win_1.70.exe
Task: {EB90BB02-A30C-4C16-A089-2811D2AA2EB7} - System32\Tasks\{665362E6-1AD6-479D-ABD8-BCF17AE72325} => C:\Users\xxx\Downloads\DriverSetup.exe
Task: {F2D8BAA3-CBCA-4E56-B0D4-0E6B5B601F6E} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {FD61B29E-C3EA-4605-9193-7EF307CC5001} - System32\Tasks\{B6B539BF-11D3-4E9C-BB34-34F0B21FCC70} => Q:\Downloads\J-Bridge\jBridgev1.19Setup_xxx\jBridgev1.19Setup_xxx.exe
Task: {FF6AC220-F9ED-43A6-A526-138A6488B389} - System32\Tasks\{8F48DE62-F226-4564-A004-BC06D47FE024} => Q:\Downloads\Tascam\FW-1082_DR_Win_v170\FW1082_Win_1.70.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2013-08-11 14:11 - 2015-02-04 04:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-06-13 01:10 - 2010-01-19 04:31 - 00072304 _____ () C:\Windows\SysWOW64\XSrvSetup.exe
2012-02-04 23:28 - 2012-01-09 20:44 - 00193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-09-25 14:01 - 2015-03-10 16:20 - 05523456 _____ () I:\Program Files (x86)\IK Multimedia\Sample Tank 3\SampleTank 3\SampleTank 3.exe
2014-09-25 14:01 - 2015-03-24 17:26 - 12895744 _____ () I:\Program Files (x86)\IK Multimedia\Sample Tank 3\SampleTank 3\SampleTank 3.vpa
2014-08-30 18:12 - 2014-08-30 18:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\kpcengine.2.3.dll
2015-04-09 13:08 - 2015-03-28 05:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2012-04-27 18:33 - 2012-04-27 18:33 - 00435552 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
2012-06-13 01:09 - 2011-12-16 10:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-08-30 18:12 - 2015-01-03 23:31 - 00332584 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
2014-08-30 18:12 - 2015-01-03 23:31 - 00459048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-08-30 18:12 - 2015-01-03 23:31 - 00587048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2012-04-27 22:21 - 2012-04-27 22:21 - 13005104 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll
2012-04-27 19:09 - 2012-04-27 19:09 - 00018784 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Program Files\Common Files\System:bkJR4Q5ekubuEytkHOHN9FDldZk
AlternateDataStreams: C:\ProgramData\Microsoft:0JpKqUFDcPdEORJ8qNFp8w
AlternateDataStreams: C:\ProgramData\Microsoft:5hYrtYXv4RFuvoGmPrGD2NLHTREw
AlternateDataStreams: C:\ProgramData\Microsoft:5KfNWpWNPX1wbFxFO3E9ImnmfLp
AlternateDataStreams: C:\ProgramData\Microsoft:9kl92Sfgv9VOx5y487Gb
AlternateDataStreams: C:\ProgramData\Microsoft:e6QV9RBqH5tBpkOJ825uc44
AlternateDataStreams: C:\ProgramData\Microsoft:EmZUO1ghceEFEfgohiyQTSr
AlternateDataStreams: C:\ProgramData\Microsoft:FIzD2p7hRpzMsiWzLU4FWAu4DG2Y
AlternateDataStreams: C:\ProgramData\Microsoft:gEDtHGZl5VBhyUDsChb
AlternateDataStreams: C:\ProgramData\Microsoft:iBRVEzFW1llEoLZcS3VLEeVCW
AlternateDataStreams: C:\ProgramData\Microsoft:JFbsLoAG7ylh6FO5F5B
AlternateDataStreams: C:\ProgramData\Microsoft:lJgRnpcsZyHzZ9RcWOe669vqjX
AlternateDataStreams: C:\ProgramData\Microsoft:mzLKEwry2nZIbRjOEIHNQyz
AlternateDataStreams: C:\ProgramData\Microsoft:P2kNTjY7GAAENqAnpY
AlternateDataStreams: C:\ProgramData\Microsoft:PbjOONTVgtPL20OMMjQAGQFm
AlternateDataStreams: C:\ProgramData\Microsoft:pyWUynYKzFVcmjsLti7Jn2f
AlternateDataStreams: C:\ProgramData\Microsoft:qpD21ezWETolKR7zxZN132
AlternateDataStreams: C:\ProgramData\Microsoft:rTbZl3fuV0KA1SBvenaKkXxQGQGGNo
AlternateDataStreams: C:\ProgramData\Microsoft:u8EGYeTR5GuwkeSSaotMc8NQ1BG3Tt
AlternateDataStreams: C:\ProgramData\Microsoft:V7JFxnYuTdgxFTad71b7riK9u2
AlternateDataStreams: C:\Users\xxx\Cookies:0HxNukw9hQPeAlOyhj
AlternateDataStreams: C:\Users\xxx\Cookies:2sTxxI2AoieXEXStwlc
AlternateDataStreams: C:\Users\xxx\Cookies:fqAY3vHSNIV8wb0vtZQlu58L1sO
AlternateDataStreams: C:\Users\xxx\Cookies:maNpXg26EfLhAYLVCg5bm9NQ
AlternateDataStreams: C:\Users\xxx\Lokale Einstellungen:9C8oVTTJe0Mg4r6XIib3b
AlternateDataStreams: C:\Users\xxx\Lokale Einstellungen:9CsZiNQcryUE7kqO6ZBBdG5
AlternateDataStreams: C:\Users\xxx\Lokale Einstellungen:GGSz4VHky0otQFX6En2N1VP
AlternateDataStreams: C:\Users\xxx\Lokale Einstellungen:To2ogLfHDD3i7B2vbeAdv7PjjFaB
AlternateDataStreams: C:\Users\xxx\Lokale Einstellungen:WvM0t3Ek5IOBgKzW9cw7l
AlternateDataStreams: C:\Users\xxx\Lokale Einstellungen:XMujKqO45NECvrUh7LWwPD
AlternateDataStreams: C:\Users\xxx\AppData\Local:9C8oVTTJe0Mg4r6XIib3b
AlternateDataStreams: C:\Users\xxx\AppData\Local:9CsZiNQcryUE7kqO6ZBBdG5
AlternateDataStreams: C:\Users\xxx\AppData\Local:GGSz4VHky0otQFX6En2N1VP
AlternateDataStreams: C:\Users\xxx\AppData\Local:To2ogLfHDD3i7B2vbeAdv7PjjFaB
AlternateDataStreams: C:\Users\xxx\AppData\Local:WvM0t3Ek5IOBgKzW9cw7l
AlternateDataStreams: C:\Users\xxx\AppData\Local:XMujKqO45NECvrUh7LWwPD
AlternateDataStreams: C:\Users\xxx\AppData\Local\Anwendungsdaten:9C8oVTTJe0Mg4r6XIib3b
AlternateDataStreams: C:\Users\xxx\AppData\Local\Anwendungsdaten:9CsZiNQcryUE7kqO6ZBBdG5
AlternateDataStreams: C:\Users\xxx\AppData\Local\Anwendungsdaten:GGSz4VHky0otQFX6En2N1VP
AlternateDataStreams: C:\Users\xxx\AppData\Local\Anwendungsdaten:To2ogLfHDD3i7B2vbeAdv7PjjFaB
AlternateDataStreams: C:\Users\xxx\AppData\Local\Anwendungsdaten:WvM0t3Ek5IOBgKzW9cw7l
AlternateDataStreams: C:\Users\xxx\AppData\Local\Anwendungsdaten:XMujKqO45NECvrUh7LWwPD
AlternateDataStreams: C:\Users\xxx\AppData\Local\Temp:EkLl8viNdpZaDt5BtyibJZWv
AlternateDataStreams: C:\Users\xxx\AppData\Local\Temp:O3Gupa96puwZsDBndwL
AlternateDataStreams: C:\Users\xxx\AppData\Local\Temp:SulGbcoM5k5htOkrT6oFYFHf
AlternateDataStreams: C:\Users\xxx\AppData\Local\Temp:ughxnTcu7B6kj3rj
AlternateDataStreams: C:\Users\xxx\AppData\Local\Temp:VTgSC9p3AXvhXEs6X1UKGxWVvAyMr
AlternateDataStreams: C:\Users\xxx\AppData\Local\Temporary Internet Files:0L9d5Wklr9wAn9cdrskJuAF6
AlternateDataStreams: C:\Users\xxx\AppData\Local\Temporary Internet Files:fhI0qFS4NI538e7huuTv8eRfF
AlternateDataStreams: C:\Users\xxx\AppData\Local\Temporary Internet Files:xe6TJQ53vIYg0hq1z2ARUrHBzOpe

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-25170337-1842596019-2157349911-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DigidesignMMERefresh => C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: StartFw1082Panel => fw1082panel.exe H
MSCONFIG\startupreg: STCAgent => "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
MSCONFIG\startupreg: Ulead AutoDetector v2 => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe
MSCONFIG\startupreg: ZyngaGamesAgent => "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"

==================== Accounts: =============================

28D925BEF4154602B49E (S-1-5-21-25170337-1842596019-2157349911-1005 - Limited - Enabled)
Administrator (S-1-5-21-25170337-1842596019-2157349911-500 - Administrator - Disabled)
E14ACD8B9526477D8048 (S-1-5-21-25170337-1842596019-2157349911-1003 - Limited - Enabled)
Gast (S-1-5-21-25170337-1842596019-2157349911-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-25170337-1842596019-2157349911-1008 - Limited - Enabled)
xxx (S-1-5-21-25170337-1842596019-2157349911-1000 - Administrator - Enabled) => C:\Users\xxx

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/09/2015 02:03:56 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" in Zeile  WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition: WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (04/09/2015 01:27:23 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (04/09/2015 01:27:23 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (04/09/2015 01:27:23 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (04/09/2015 01:22:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Name des fehlerhaften Moduls: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000004e920f
ID des fehlerhaften Prozesses: 0xcb4
Startzeit der fehlerhaften Anwendung: 0xNvStreamNetworkService.exe0
Pfad der fehlerhaften Anwendung: NvStreamNetworkService.exe1
Pfad des fehlerhaften Moduls: NvStreamNetworkService.exe2
Berichtskennung: NvStreamNetworkService.exe3

Error: (04/09/2015 01:21:49 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" in Zeile  WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition: WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (04/09/2015 01:16:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Name des fehlerhaften Moduls: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000004e920f
ID des fehlerhaften Prozesses: 0xa34
Startzeit der fehlerhaften Anwendung: 0xNvStreamNetworkService.exe0
Pfad der fehlerhaften Anwendung: NvStreamNetworkService.exe1
Pfad des fehlerhaften Moduls: NvStreamNetworkService.exe2
Berichtskennung: NvStreamNetworkService.exe3

Error: (04/09/2015 01:04:28 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "S:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (04/09/2015 01:03:38 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" in Zeile  WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition: WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (04/09/2015 01:03:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.1.5542, Zeitstempel: 0x54f851c0
Name des fehlerhaften Moduls: mozalloc.dll, Version: 36.0.1.5542, Zeitstempel: 0x54f8437e
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001e02
ID des fehlerhaften Prozesses: 0xf28
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3


System errors:
=============
Error: (04/09/2015 01:21:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Acronis Try And Decide Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/09/2015 01:20:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Digidesign MME Refresh Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/09/2015 01:20:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Sentinel64" ist vom Dienst "Treiber für parallelen Anschluss" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (04/09/2015 01:20:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "cvintdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (04/09/2015 01:20:56 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cvintdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (04/09/2015 01:19:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Acronis Sync Agent Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%109

Error: (04/09/2015 01:19:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/09/2015 01:19:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.

Error: (04/09/2015 01:19:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/09/2015 01:19:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-01-04 12:35:45.929
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-04 12:35:45.902
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-08-05 17:18:25.747
  Description: Windows konnte die Abbildintegrität der Datei "\Device\CdRom0\NTGLM7X.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-08-05 17:18:25.716
  Description: Windows konnte die Abbildintegrität der Datei "\Device\CdRom0\NTGLM7X.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-08-05 17:18:23.173
  Description: Windows konnte die Abbildintegrität der Datei "\Device\CdRom0\Install\GMSIPCI.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-08-05 17:18:23.157
  Description: Windows konnte die Abbildintegrität der Datei "\Device\CdRom0\Install\GMSIPCI.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 17%
Total physical RAM: 16346.31 MB
Available physical RAM: 13562.08 MB
Total Pagefile: 32690.81 MB
Available Pagefile: 29561.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Win7 System) (Fixed) (Total:467.64 GB) (Free:252.89 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Lokales Laufwerk ) (Fixed) (Total:99.82 GB) (Free:90.87 GB) NTFS
Drive f: (W7 Cubase/WaveLab) (Fixed) (Total:467.64 GB) (Free:357.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (W7 Adobe/Daten/Sonstiges) (Fixed) (Total:463.87 GB) (Free:311.36 GB) NTFS
Drive i: (Plug Ins 2) (Fixed) (Total:463.87 GB) (Free:110.77 GB) NTFS
Drive k: (Lokales Laufwerk) (Fixed) (Total:123.68 GB) (Free:70.04 GB) NTFS
Drive o: (W7 Plug Ins) (Fixed) (Total:708.01 GB) (Free:341.4 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B0C5A5B3)
Partition 1: (Active) - (Size=467.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=463.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1A679F39)
Partition 1: (Not Active) - (Size=123.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=708 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=99.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 88618861)
Partition 1: (Not Active) - (Size=463.9 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=467.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 09.04.2015, 18:04

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

reg: reg query HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings /s

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Motif ES 6 · 09.04.2015, 18:24

Hallo schrauber,

hier das Fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by xxx at 2015-04-09 19:20:35 Run:1
Running from C:\Users\xxx\Desktop
Loaded Profiles: xxx (Available profiles: xxx)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
reg: reg query HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings /s
         
*****************


========= reg query HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings /s =========

FEHLER: Ungltige Syntax.
Geben Sie "REG QUERY /?" ein, um die Syntax anzuzeigen.


========= End of Reg: =========


==== End of Fixlog 19:20:36 ====

schrauber · 10.04.2015, 07:54

Nochmal bitte:

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

reg: reg query "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /s

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Motif ES 6 · 10.04.2015, 12:00

Hmmm, keine Ahnung was ich beim ersten Mal falsch gemacht habe. Auf jeden Fall sieht das Logfix jetzt nach etwas aus. Wird kein Fehler mehr angezeigt:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by xxx at 2015-04-10 12:55:33 Run:2
Running from C:\Users\xxx\Desktop
Loaded Profiles: xxx (Available profiles: xxx)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
reg: reg query "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /s
         
*****************


========= reg query "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /s =========


HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    EnableNegotiate    REG_DWORD    0x1
    User Agent    REG_SZ    Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    IE5_UA_Backup_Flag    REG_SZ    5.0
    ZonesSecurityUpgrade    REG_BINARY    B6A118893F04CA01
    ProxyEnable    REG_DWORD    0x0
    ProxyServer    REG_SZ    
    ProxyOverride    REG_SZ    

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
    Signature    REG_SZ    Client UrlCache MMF Ver 5.2
    Version    REG_DWORD    0x1
    ContentLimit    REG_DWORD    0xfa
    TotalContentLimit    REG_DWORD    0x0
    AppContainerTotalContentLimit    REG_DWORD    0x3e8
    AppContainerContentLimit    REG_DWORD    0x32

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
    CachePrefix    REG_SZ    
    CacheLimit    REG_DWORD    0xc800

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
    CachePrefix    REG_SZ    Cookie:
    CacheLimit    REG_DWORD    0x2000

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld
    CachePath    REG_EXPAND_SZ    %APPDATA%\Microsoft\Windows\IETldCache
    CachePrefix    REG_SZ    ietld:
    CacheLimit    REG_DWORD    0x2000
    CacheOptions    REG_DWORD    0x9
    CacheRepair    REG_DWORD    0x0

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
    CachePrefix    REG_SZ    Visited:
    CacheLimit    REG_DWORD    0x2000

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
    CachePrefix    REG_SZ    
    CacheLimit    REG_DWORD    0x3e800

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
    CachePrefix    REG_SZ    Cookie:
    CacheLimit    REG_DWORD    0x1

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
    CachePrefix    REG_SZ    Visited:
    CacheLimit    REG_DWORD    0x1

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings    REG_BINARY    460000004B0300000900000028000000687474703D3132372E302E302E313A383839373B68747470733D3132372E302E302E313A383839371B0000003C2D6C6F6F706261636B3E3B7777772E6A6F6F736F66742E636F6D000000000500000000000000B2B337FEC22ECE010000000000000000000000000200000002000000C0A802660000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000200100009D386AB8048C19FCAF79EA450000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    DefaultConnectionSettings    REG_BINARY    46000000700100000900000028000000687474703D3132372E302E302E313A383839373B68747470733D3132372E302E302E313A383839371B0000003C2D6C6F6F706261636B3E3B7777772E6A6F6F736F66742E636F6D000000000500000000000000B2B337FEC22ECE010000000000000000000000000400000017000000000000002003005BED0FF90052E549FFFEEE6D92000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000017000000000000002003005BED0FF900553146C2A55F62ED000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8026E0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000200100005EF579FD300B3D8D2606C4730000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
    (Standard)    REG_SZ    
    DisplayName    REG_SZ    Computer
    PMDisplayName    REG_SZ    Computer [Protected Mode]
    Description    REG_SZ    Your computer
    Icon    REG_SZ    shell32.dll#0016
    LowIcon    REG_SZ    inetcpl.cpl#005422
    CurrentLevel    REG_DWORD    0x0
    Flags    REG_DWORD    0x21
    1200    REG_DWORD    0x3
    1400    REG_DWORD    0x1

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
    (Standard)    REG_SZ    
    DisplayName    REG_SZ    Local intranet
    PMDisplayName    REG_SZ    Local intranet [Protected Mode]
    Description    REG_SZ    This zone contains all Web sites that are on your organization's intranet.
    Icon    REG_SZ    shell32.dll#0018
    LowIcon    REG_SZ    inetcpl.cpl#005423
    CurrentLevel    REG_DWORD    0x0
    Flags    REG_DWORD    0x143
    1200    REG_DWORD    0x3
    1400    REG_DWORD    0x1

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
    (Standard)    REG_SZ    
    DisplayName    REG_SZ    Trusted sites
    PMDisplayName    REG_SZ    Trusted sites [Protected Mode]
    Description    REG_SZ    This zone contains Web sites that you trust not to damage your computer or data.
    Icon    REG_SZ    inetcpl.cpl#00004480
    LowIcon    REG_SZ    inetcpl.cpl#005424
    CurrentLevel    REG_DWORD    0x0
    Flags    REG_DWORD    0x21
    1200    REG_DWORD    0x3
    1400    REG_DWORD    0x1

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
    (Standard)    REG_SZ    
    DisplayName    REG_SZ    Internet
    PMDisplayName    REG_SZ    Internet [Protected Mode]
    Description    REG_SZ    This zone contains all Web sites you haven't placed in other zones
    Icon    REG_SZ    inetcpl.cpl#001313
    LowIcon    REG_SZ    inetcpl.cpl#005425
    CurrentLevel    REG_DWORD    0x0
    Flags    REG_DWORD    0x21
    1200    REG_DWORD    0x3
    1400    REG_DWORD    0x1

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
    (Standard)    REG_SZ    
    DisplayName    REG_SZ    Restricted sites
    PMDisplayName    REG_SZ    Restricted sites [Protected Mode]
    Description    REG_SZ    This zone contains Web sites that could potentially damage your computer or data.
    Icon    REG_SZ    inetcpl.cpl#00004481
    LowIcon    REG_SZ    inetcpl.cpl#005426
    CurrentLevel    REG_DWORD    0x0
    Flags    REG_DWORD    0x21
    1200    REG_DWORD    0x3
    1400    REG_DWORD    0x3

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport\LowDAMap

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1c-c6-3c-96-7b-40
    WpadDecisionReason    REG_DWORD    0x1
    WpadDecisionTime    REG_BINARY    70187714CC72D001
    WpadDecision    REG_DWORD    0x0

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D2EED541-2D60-49F0-9225-B28A3F0A2B94}
    WpadDecisionReason    REG_DWORD    0x1
    WpadDecisionTime    REG_BINARY    70187714CC72D001
    WpadDecision    REG_DWORD    0x0
    WpadNetworkName    REG_SZ    Netzwerk  4

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D2EED541-2D60-49F0-9225-B28A3F0A2B94}\1c-c6-3c-96-7b-40

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
    (Standard)    REG_SZ    
    UNCAsIntranet    REG_DWORD    0x0
    AutoDetect    REG_DWORD    0x1

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
    (Standard)    REG_SZ    

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
    (Standard)    REG_SZ    
    http    REG_DWORD    0x3
    https    REG_DWORD    0x3
    ftp    REG_DWORD    0x3
    file    REG_DWORD    0x3
    @ivt    REG_DWORD    0x1
    shell    REG_DWORD    0x0

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges
    (Standard)    REG_SZ    

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
    (Standard)    REG_SZ    
    SelfHealCount    REG_DWORD    0x1
    SecuritySafe    REG_DWORD    0x1

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    (Standard)    REG_SZ    
    DisplayName    REG_SZ    Computer
    PMDisplayName    REG_SZ    Computer [Protected Mode]
    Description    REG_SZ    Your computer
    Icon    REG_SZ    shell32.dll#0016
    LowIcon    REG_SZ    inetcpl.cpl#005422
    CurrentLevel    REG_DWORD    0x0
    Flags    REG_DWORD    0x21
    1200    REG_DWORD    0x0
    1400    REG_DWORD    0x0

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    (Standard)    REG_SZ    
    DisplayName    REG_SZ    Local intranet
    PMDisplayName    REG_SZ    Local intranet [Protected Mode]
    Description    REG_SZ    This zone contains all Web sites that are on your organization's intranet.
    Icon    REG_SZ    shell32.dll#0018
    LowIcon    REG_SZ    inetcpl.cpl#005423
    CurrentLevel    REG_DWORD    0x10500
    Flags    REG_DWORD    0x143
    1200    REG_DWORD    0x0
    1400    REG_DWORD    0x0
    2500    REG_DWORD    0x3

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    (Standard)    REG_SZ    
    DisplayName    REG_SZ    Trusted sites
    PMDisplayName    REG_SZ    Trusted sites [Protected Mode]
    Description    REG_SZ    This zone contains Web sites that you trust not to damage your computer or data.
    Icon    REG_SZ    inetcpl.cpl#00004480
    LowIcon    REG_SZ    inetcpl.cpl#005424
    CurrentLevel    REG_DWORD    0x11000
    Flags    REG_DWORD    0x47
    1200    REG_DWORD    0x0
    1400    REG_DWORD    0x0

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    (Standard)    REG_SZ    
    DisplayName    REG_SZ    Internet
    PMDisplayName    REG_SZ    Internet [Protected Mode]
    Description    REG_SZ    This zone contains all Web sites you haven't placed in other zones
    Icon    REG_SZ    inetcpl.cpl#001313
    LowIcon    REG_SZ    inetcpl.cpl#005425
    CurrentLevel    REG_DWORD    0x11500
    Flags    REG_DWORD    0x1
    1200    REG_DWORD    0x0
    1400    REG_DWORD    0x0

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    (Standard)    REG_SZ    
    DisplayName    REG_SZ    Restricted sites
    PMDisplayName    REG_SZ    Restricted sites [Protected Mode]
    Description    REG_SZ    This zone contains Web sites that could potentially damage your computer or data.
    Icon    REG_SZ    inetcpl.cpl#00004481
    LowIcon    REG_SZ    inetcpl.cpl#005426
    CurrentLevel    REG_DWORD    0x12000
    Flags    REG_DWORD    0x3
    1200    REG_DWORD    0x3
    1400    REG_DWORD    0x3



========= End of Reg: =========


==== End of Fixlog 12:55:34 ====

schrauber · 10.04.2015, 18:51

Nee, ich hatte beim ersten Mal nen Fehler im Script

So, die Funde von Adw kannste ignorieren

Motif ES 6 · 10.04.2015, 19:04

Hallo schrauber,

Das heisst, es ist nichts Böses ? Is immer noch so, nach jedem Neustart sind die Dinger wieder da. War bisher nie der Fall. Also keine Schnüffel Trojaner ? Und wie bekomme ich das FRST noch mal deinstalliert ? Reicht einfaches löschen def Datei vom Desktop ?

Gruss

schrauber · 11.04.2015, 07:33

ICh geb Dir gleich den Baustein zum Aufräumen. Adw hat da nen Fehler und meckert das vorhandensein der Schlüssel an. Die stehen aber auf 0, also nicht aktiv. Ich leite das mal weiter.

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Motif ES 6 · 11.04.2015, 11:24

Zunächst einmal vielen vielen Dank bis hierher für deine schnelle Hilfe. Liegt der Fehler an Adw selbst oder sind das trotzdem gefährliche Keys, die halt nicht aktiv sind (zur Zeit) ? Oder interpretiert die der Adw nur falsch ? Mich machen diese Proxy Einträge nur etwas nervös.

Ach, hab nochwas vergessen. Meinst du es macht Sinn die Premium Version von Malwarebytes zu kaufen oder ist man mit der Freeversion einigermassen gut aufgestellt ?

Gruß

schrauber · 11.04.2015, 18:20

Die Keys hat jeder Rechner. Entscheidend ist ob an oder aus. Adw hat den Fehler die reine Präsenz anzumeckerrn.

MBAM ist als Free ausreichend, mit Echtzeitschutz dann eben Premium, aber Du brauchst trotzdem ein AV Programm.

Motif ES 6 · 13.04.2015, 17:51

Hallo schrauber,

vielen Dank für deine Hilfe und deine Tips. Ich werde das mit den Keys mal im Auge behalten. Dann Danke nochmal für deine schnelle und kompetente Hilfe. Wie ich im Januar schon schrobte: Schrauber For President.

Gruss

schrauber · 14.04.2015, 07:07

Gern Geschehen

10.04.2015, 18:51	#9
schrauber /// the machine /// TB-Ausbilder	AdwCleaner kann gefundene Daten nicht löschen - Trojaner ? Nee, ich hatte beim ersten Mal nen Fehler im Script So, die Funde von Adw kannste ignorieren __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

14.04.2015, 07:07	#15
schrauber /// the machine /// TB-Ausbilder	AdwCleaner kann gefundene Daten nicht löschen - Trojaner ? Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

AdwCleaner kann gefundene Daten nicht löschen - Trojaner ?

Plagegeister aller Art und deren Bekämpfung: AdwCleaner kann gefundene Daten nicht löschen - Trojaner ?