Firefox durch Werbung unbrauchbar, viele Internet Explorer Prozesse

NoMW! · 18.04.2015, 18:35

Hallo,
ich habe auf meinem Laptop Windows 7 SP1

Es geht mir ähnlich wie fibi2222 in seinem Thread „Trotz Anti Maleware/Adware - Überflutung von Adware usw.“ und anderen. Anti-Malwareprogramme, wie : Spybot, Malewarebytes Antimalware, CCleaner usw. verhindern nicht, dass im firefox-Browser Werbefenster aufpoppen, der Tag mit einer neuen Adresse verlinkt wird oder ein neues Fenster geöffnet wird. Rücksetzung oder Neuinstallieren von firefox, deinstallieren von Programmen, Add ons löschen, usw. löste das Problem nicht

Es kommen Popups von Ads by name. Fenster von de.efix.com, offers.bycontext.com, mcafeestore.com, luu.lightquartrate.com und anderen werden geöffnet.
Zunächst ging das Arbeiten noch mit dem Internet Explorer bis der PC immer langsamer wurde. Im Tastmanager wird der prozess iexplorer *32 mehrfach neben einem Prozess iexplore gestartet.
Beim 1. Scan mit FRST64.exe blieb dieser mit „Getting Office Session error: 4131“ stecken. Der 2. Scan-Versuch war erfolgreich mit einer FRST.txt und einer Addition.txt.
Logfiles von Malewarebytes Antimalware (Testphase abgelaufen) finde ich nur als xml-Dateien.
Der McAffee-Virenscanner läuft auf dem Laptop (und die sind bei diesen Werbeattacken dabei!).
Wenn gewünscht, kann ich noch diverse Logfiles vom Spybot zur Verfügung stellen.

Ich hoffe sehr, dass mir geholfen werden kann.

Viele Grüße

McAffee kami_ODS.log:

Code:

ATTFilter

10/3/2014	4:36:31 PM	Scan Started: 10/03/2014 04:36:31 PM

10/3/2014	4:55:40 PM	Total objects scanned: 7320

10/3/2014	4:55:40 PM	Objects detected: 0

10/3/2014	4:55:40 PM	Scan Done: 10/03/2014 04:55:40 PM

12/27/2014	3:22:36 PM	Scan Started: 12/27/2014 03:22:36 PM

12/27/2014	3:23:00 PM	Total objects scanned: 237

12/27/2014	3:23:00 PM	Objects detected: 0

12/27/2014	3:23:00 PM	Scan Done: 12/27/2014 03:23:00 PM

1/22/2015	6:49:49 PM	Scan Started: 01/22/2015 06:49:49 PM

1/22/2015	6:58:44 PM	Total objects scanned: 11323

1/22/2015	6:58:44 PM	Objects detected: 0

1/22/2015	6:58:44 PM	Scan Done: 01/22/2015 06:58:44 PM

4/2/2015	6:19:20 PM	Scan Started: 04/02/2015 06:19:20 PM

4/2/2015	6:51:09 PM	Total objects scanned: 9024

4/2/2015	6:51:09 PM	Objects detected: 0

4/2/2015	6:51:09 PM	Scan Done: 04/02/2015 06:51:09 PM

4/10/2015	1:44:00 AM	Scan Started: 04/10/2015 01:44:00 AM

4/10/2015	1:44:02 AM	Total objects scanned: 3

4/10/2015	1:44:02 AM	Objects detected: 0

4/10/2015	1:44:02 AM	Scan Done: 04/10/2015 01:44:02 AM

McAffee OAS.log:

Code:

ATTFilter

7/10/2014	12:55:36 PM	"C:\Users\kami\Downloads\Setup.exe"	"SoftPulse"	"3"

7/10/2014	12:55:38 PM	"C:\Users\kami\Downloads\Setup(1).exe"	"CryptDomaIQ"	"3"

7/10/2014	12:55:38 PM	"C:\Users\kami\Downloads\Setup(2).exe"	"SoftPulse"	"3"

7/10/2014	12:55:40 PM	"C:\Users\kami\Downloads\Setup(3).exe"	"SoftPulse"	"3"

7/10/2014	12:56:50 PM	"C:\Users\kami\Downloads\Setup.exe"	"SoftPulse"	"3"

7/10/2014	12:56:50 PM	"C:\Users\kami\Downloads\Setup(2).exe"	"SoftPulse"	"3"

7/10/2014	12:56:50 PM	"C:\Users\kami\Downloads\Setup(3).exe"	"SoftPulse"	"3"

7/10/2014	12:57:22 PM	"C:\Users\kami\Downloads\Setup(3).exe"	"SoftPulse"	"3"

12/11/2014	4:04:42 PM	"C:\Users\kami\AppData\Local\Temp\nsu7282.tmp\213971"	"Artemis!DCED27297AEA"	"2"

1/21/2015	11:36:02 PM	"C:\Program Files (x86)\Cain\Cain.exe"	"Artemis!80DFBAB8966C"	"3"

1/21/2015	11:36:04 PM	"C:\Program Files (x86)\Cain\Abel.exe"	"Artemis!ECBCBDE87B98"	"3"

1/21/2015	11:38:48 PM	"C:\Program Files (x86)\Cain\Cain.exe"	"Artemis!80DFBAB8966C"	"3"

1/21/2015	11:39:14 PM	"C:\Program Files (x86)\Cain\Cain.exe"	"Artemis!80DFBAB8966C"	"3"

1/21/2015	11:39:43 PM	"C:\Program Files (x86)\Cain\Cain.exe"	"Artemis!80DFBAB8966C"	"3"

4/2/2015	4:10:33 PM	"C:\Program Files (x86)\yellow cabs\yellow_cabs_notification_service.exe"	"Artemis!7016A5D74459"	"2"

4/2/2015	4:10:36 PM	"C:\Program Files (x86)\yellow cabs\yellow_cabs_updating_service.exe"	"Artemis!5F126BD699C6"	"2"

4/7/2015	11:54:06 AM	"C:\Program Files (x86)\Elex-tech\YAC\iSafe.exe"	"Artemis!D69B87F37CEA"	"2"

4/7/2015	11:54:11 AM	"C:\Program Files (x86)\Elex-tech\YAC\iSafe.exe"	"Artemis!D69B87F37CEA"	"2"

4/7/2015	8:29:11 PM	"C:\Users\kami\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OY5BO166\yet_another_cleaner_hdr (1).exe"	"Artemis!E497222C8947"	"2"

4/7/2015	8:29:21 PM	"C:\Users\kami\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OY5BO166\yet_another_cleaner_hdr.exe"	"Artemis!E497222C8947"	"2"

4/8/2015	9:59:15 AM	"C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\Download\{DC365999-6C15-4A44-B257-B988CF650B4B}\1.3.25.27\setup.exe.vir"	"Artemis!D96EEA80426D"	"3"

McAffee System_ODS.log:

Code:

ATTFilter

6/15/2014	8:25:18 PM	Scan Started: 06/15/2014 08:25:18 PM

7/6/2014	10:43:39 AM	Scan Started: 07/06/2014 10:43:39 AM

7/6/2014	11:45:48 PM	Total objects scanned: 472931

7/6/2014	11:45:48 PM	Objects detected: 0

7/6/2014	11:45:48 PM	Scan Done: 07/06/2014 11:45:48 PM

7/13/2014	8:05:24 PM	Scan Started: 07/13/2014 08:05:24 PM

7/14/2014	3:29:52 PM	Total objects scanned: 470227

7/14/2014	3:29:52 PM	Objects detected: 0

7/14/2014	3:29:52 PM	Scan Done: 07/14/2014 03:29:52 PM

7/20/2014	9:01:16 PM	Scan Started: 07/20/2014 09:01:16 PM

7/21/2014	10:20:17 AM	Total objects scanned: 339225

7/21/2014	10:20:17 AM	Objects detected: 0

7/21/2014	10:20:17 AM	Scan Done: 07/21/2014 10:20:17 AM

7/27/2014	1:09:04 PM	Scan Started: 07/27/2014 01:09:04 PM

7/27/2014	2:38:15 PM	Total objects scanned: 157095

7/27/2014	2:38:15 PM	Objects detected: 0

7/27/2014	2:38:15 PM	Scan Done: 07/27/2014 02:38:15 PM

8/3/2014	12:52:29 PM	Scan Started: 08/03/2014 12:52:29 PM

8/3/2014	6:56:30 PM	Total objects scanned: 467940

8/3/2014	6:56:30 PM	Objects detected: 0

8/3/2014	6:56:30 PM	Scan Done: 08/03/2014 06:56:30 PM

8/11/2014	1:34:09 PM	Scan Started: 08/11/2014 01:34:09 PM

8/11/2014	2:36:43 PM	Total objects scanned: 111215

8/11/2014	2:36:43 PM	Objects detected: 0

8/11/2014	2:36:43 PM	Scan Done: 08/11/2014 02:36:43 PM

8/17/2014	1:16:40 PM	Scan Started: 08/17/2014 01:16:40 PM

8/18/2014	3:04:55 PM	Total objects scanned: 468267

8/18/2014	3:04:55 PM	Objects detected: 0

8/18/2014	3:04:55 PM	Scan Done: 08/18/2014 03:04:55 PM

8/25/2014	1:28:22 PM	Scan Started: 08/25/2014 01:28:22 PM

8/25/2014	3:18:46 PM	Total objects scanned: 263518

8/25/2014	3:18:46 PM	Objects detected: 0

8/25/2014	3:18:46 PM	Scan Done: 08/25/2014 03:18:46 PM

8/31/2014	1:57:26 PM	Scan Started: 08/31/2014 01:57:26 PM

8/31/2014	2:01:11 PM	"C:\AdwCleaner\Quarantine\C\Program Files\003\xmkysecqun64.exe.vir"	"Artemis!69CA9A1113F9"	"3"

8/31/2014	2:01:13 PM	"C:\AdwCleaner\Quarantine\C\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe.vir"	"Artemis!6E7EC665F0ED"	"3"

9/19/2014	9:09:19 AM	Scan Started: 09/19/2014 09:09:19 AM

9/19/2014	9:17:05 AM	"C:\AdwCleaner\Quarantine\C\Program Files\003\xmkysecqun64.exe.vir"	"Artemis!69CA9A1113F9"	"3"

9/19/2014	9:17:06 AM	"C:\AdwCleaner\Quarantine\C\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe.vir"	"Artemis!6E7EC665F0ED"	"3"

9/19/2014	10:04:07 AM	Total objects scanned: 71876

9/19/2014	10:04:07 AM	Objects detected: 2

9/19/2014	10:04:07 AM	Scan Done: 09/19/2014 10:04:07 AM

9/26/2014	2:26:14 PM	Scan Started: 09/26/2014 02:26:14 PM

9/26/2014	5:39:20 PM	Total objects scanned: 90537

9/26/2014	5:39:20 PM	Objects detected: 0

9/26/2014	5:39:20 PM	Scan Done: 09/26/2014 05:39:20 PM

10/3/2014	2:07:39 PM	Scan Started: 10/03/2014 02:07:39 PM

10/3/2014	4:35:45 PM	Total objects scanned: 272080

10/3/2014	4:35:45 PM	Objects detected: 0

10/3/2014	4:35:45 PM	Scan Done: 10/03/2014 04:35:45 PM

10/13/2014	1:22:14 PM	Scan Started: 10/13/2014 01:22:14 PM

10/13/2014	1:58:39 PM	Total objects scanned: 63749

10/13/2014	1:58:39 PM	Objects detected: 0

10/13/2014	1:58:39 PM	Scan Done: 10/13/2014 01:58:39 PM

10/17/2014	2:18:29 PM	Scan Started: 10/17/2014 02:18:29 PM

10/17/2014	2:37:55 PM	Total objects scanned: 35901

10/17/2014	2:37:55 PM	Objects detected: 0

10/17/2014	2:37:55 PM	Scan Done: 10/17/2014 02:37:55 PM

10/24/2014	1:55:54 PM	Scan Started: 10/24/2014 01:55:54 PM

10/24/2014	2:00:18 PM	"C:\AdwCleaner\Quarantine\C\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe.vir"	"Adware-RocketTab"	"3"

10/24/2014	5:31:52 PM	Total objects scanned: 316323

10/24/2014	5:31:52 PM	Objects detected: 1

10/24/2014	5:31:52 PM	Scan Done: 10/24/2014 05:31:52 PM

10/31/2014	7:29:08 PM	Scan Started: 10/31/2014 07:29:08 PM

10/31/2014	7:36:52 PM	Total objects scanned: 26213

10/31/2014	7:36:52 PM	Objects detected: 0

10/31/2014	7:36:52 PM	Scan Done: 10/31/2014 07:36:52 PM

11/9/2014	1:38:43 PM	Scan Started: 11/09/2014 01:38:43 PM

11/9/2014	5:28:07 PM	Total objects scanned: 188820

11/9/2014	5:28:07 PM	Objects detected: 0

11/9/2014	5:28:07 PM	Scan Done: 11/09/2014 05:28:07 PM

11/18/2014	7:57:52 PM	Scan Started: 11/18/2014 07:57:52 PM

11/18/2014	8:14:17 PM	Total objects scanned: 31931

11/18/2014	8:14:17 PM	Objects detected: 0

11/18/2014	8:14:17 PM	Scan Done: 11/18/2014 08:14:17 PM

11/23/2014	2:10:33 PM	Scan Started: 11/23/2014 02:10:33 PM

11/24/2014	10:22:31 AM	Total objects scanned: 83032

11/24/2014	10:22:31 AM	Objects detected: 0

11/24/2014	10:22:31 AM	Scan Done: 11/24/2014 10:22:31 AM

11/28/2014	9:55:04 AM	Scan Started: 11/28/2014 09:55:04 AM

11/28/2014	10:12:08 AM	Total objects scanned: 34179

11/28/2014	10:12:08 AM	Objects detected: 0

11/28/2014	10:12:08 AM	Scan Done: 11/28/2014 10:12:08 AM

12/5/2014	1:34:30 PM	Scan Started: 12/05/2014 01:34:30 PM

12/12/2014	10:51:21 AM	Scan Started: 12/12/2014 10:51:21 AM

12/12/2014	11:07:02 AM	Total objects scanned: 36275

12/12/2014	11:07:02 AM	Objects detected: 0

12/12/2014	11:07:02 AM	Scan Done: 12/12/2014 11:07:02 AM

12/19/2014	11:13:23 AM	Scan Started: 12/19/2014 11:13:23 AM

12/19/2014	12:22:01 PM	"C:\Program Files (x86)\Super Radio\utils.exe"	"Artemis!ADA808F1674B"	"2"

12/19/2014	7:23:36 PM	Total objects scanned: 540169

12/19/2014	7:23:36 PM	Objects detected: 1

12/19/2014	7:23:36 PM	Scan Done: 12/19/2014 07:23:36 PM

12/26/2014	7:39:53 PM	Scan Started: 12/26/2014 07:39:53 PM

12/27/2014	3:22:07 PM	Total objects scanned: 66333

12/27/2014	3:22:07 PM	Objects detected: 0

12/27/2014	3:22:07 PM	Scan Done: 12/27/2014 03:22:07 PM

1/2/2015	11:46:21 AM	Scan Started: 01/02/2015 11:46:21 AM

1/2/2015	5:42:19 PM	Total objects scanned: 354127

1/2/2015	5:42:19 PM	Objects detected: 0

1/2/2015	5:42:19 PM	Scan Done: 01/02/2015 05:42:19 PM

1/9/2015	12:57:14 PM	Scan Started: 01/09/2015 12:57:14 PM

1/9/2015	1:32:57 PM	Total objects scanned: 47398

1/9/2015	1:32:57 PM	Objects detected: 0

1/9/2015	1:32:57 PM	Scan Done: 01/09/2015 01:32:57 PM

1/16/2015	10:46:12 AM	Scan Started: 01/16/2015 10:46:12 AM

1/16/2015	5:50:14 PM	Total objects scanned: 484587

1/16/2015	5:50:14 PM	Objects detected: 0

1/16/2015	5:50:14 PM	Scan Done: 01/16/2015 05:50:14 PM

1/23/2015	12:26:32 PM	Scan Started: 01/23/2015 12:26:32 PM

1/23/2015	1:10:30 PM	"C:\Program Files (x86)\Cain\Abel.exe"	"Artemis!ECBCBDE87B98"	"3"

1/24/2015	2:55:00 PM	"E:\BETA\Backup Set 2014-06-15 190003\Backup Files 2014-07-06 190008\Backup files 1.zip"	"CryptDomaIQ"	"3"

1/24/2015	2:55:01 PM	"E:\BETA\Backup Set 2014-06-15 190003\Backup Files 2014-07-06 190008\Backup files 1.zip"	"SoftPulse"	"3"

1/24/2015	2:55:02 PM	"E:\BETA\Backup Set 2014-06-15 190003\Backup Files 2014-07-06 190008\Backup files 1.zip"	"SoftPulse"	"3"

1/24/2015	2:55:03 PM	"E:\BETA\Backup Set 2014-06-15 190003\Backup Files 2014-07-06 190008\Backup files 1.zip"	"SoftPulse"	"3"

1/24/2015	7:07:42 PM	Total objects scanned: 824115

1/24/2015	7:07:42 PM	Objects detected: 2

1/24/2015	7:07:42 PM	Scan Done: 01/24/2015 07:07:42 PM

1/30/2015	10:25:10 AM	Scan Started: 01/30/2015 10:25:10 AM

1/30/2015	4:40:48 PM	Total objects scanned: 77290

1/30/2015	4:40:48 PM	Objects detected: 0

1/30/2015	4:40:48 PM	Scan Done: 01/30/2015 04:40:48 PM

2/6/2015	9:36:34 AM	Scan Started: 02/06/2015 09:36:34 AM

2/6/2015	10:13:37 AM	Total objects scanned: 63657

2/6/2015	10:13:37 AM	Objects detected: 0

2/6/2015	10:13:37 AM	Scan Done: 02/06/2015 10:13:37 AM

2/13/2015	11:07:55 AM	Scan Started: 02/13/2015 11:07:55 AM

2/13/2015	1:10:47 PM	Total objects scanned: 236173

2/13/2015	1:10:47 PM	Objects detected: 0

2/13/2015	1:10:47 PM	Scan Done: 02/13/2015 01:10:47 PM

2/20/2015	1:03:20 PM	Scan Started: 02/20/2015 01:03:20 PM

2/20/2015	3:03:14 PM	Total objects scanned: 199537

2/20/2015	3:03:14 PM	Objects detected: 0

2/20/2015	3:03:14 PM	Scan Done: 02/20/2015 03:03:14 PM

2/27/2015	2:06:39 PM	Scan Started: 02/27/2015 02:06:39 PM

2/27/2015	3:55:33 PM	Total objects scanned: 139930

2/27/2015	3:55:33 PM	Objects detected: 0

2/27/2015	3:55:33 PM	Scan Done: 02/27/2015 03:55:33 PM

3/8/2015	11:56:27 AM	Scan Started: 03/08/2015 11:56:27 AM

3/9/2015	1:58:36 PM	Total objects scanned: 402380

3/9/2015	1:58:36 PM	Objects detected: 0

3/9/2015	1:58:36 PM	Scan Done: 03/09/2015 01:58:36 PM

3/15/2015	2:24:07 PM	Scan Started: 03/15/2015 02:24:07 PM

3/20/2015	10:17:00 PM	Scan Started: 03/20/2015 10:17:00 PM

3/21/2015	0:21:20 AM	Total objects scanned: 29901

3/21/2015	0:21:20 AM	Objects detected: 0

3/21/2015	0:21:20 AM	Scan Done: 03/21/2015 00:21:20 AM

3/27/2015	5:26:34 PM	Scan Started: 03/27/2015 05:26:34 PM

3/29/2015	1:49:07 PM	Total objects scanned: 828343

3/29/2015	1:49:07 PM	Objects detected: 0

3/29/2015	1:49:07 PM	Scan Done: 03/29/2015 01:49:07 PM

4/3/2015	5:25:00 PM	Scan Started: 04/03/2015 05:25:00 PM

4/12/2015	1:34:36 PM	Scan Started: 04/12/2015 01:34:36 PM

4/12/2015	1:46:59 PM	Total objects scanned: 29475

4/12/2015	1:46:59 PM	Objects detected: 0

4/12/2015	1:46:59 PM	Scan Done: 04/12/2015 01:46:59 PM

4/17/2015	1:52:10 PM	Scan Started: 04/17/2015 01:52:10 PM

Defogger:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:08 on 18/04/2015 (kami)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST.txt

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-04-2015 01
Ran by kami (administrator) on BETA on 18-04-2015 18:05:48
Running from C:\Users\kami\Desktop
Loaded Profiles: kami (Available profiles: kami & RF & Vais & Hotel & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(C-Dilla Ltd) C:\Windows\SysWOW64\drivers\CDAC11BA.EXE
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Haufe Mediengruppe) C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskpython.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\xampp\mysql\bin\mysqld.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(XIMETA, Inc.) C:\Program Files\NDAS\System\ndassvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Apache Software Foundation) C:\Program Files (x86)\vtigercrm-5.3.0\apache\bin\Apache.exe
() C:\Program Files (x86)\vtigercrm-5.3.0\mysql\bin\mysqld-nt.exe
(Apache Software Foundation) C:\Program Files (x86)\vtigercrm-5.3.0\apache\bin\Apache.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Smith Micro Software, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(1&1 Internet AG) C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
() C:\Program Files (x86)\Sony Corporation\Image Transfer\SonyTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Smith Micro Software, Inc) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3196272 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [HP Connection Manager.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe [1119048 2010-03-13] (Smith Micro Software, Inc)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-10] ()
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [1&1_1&1 Office-Drive Manager] => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE [993392 2012-09-24] (1&1 Internet AG)
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\MountPoints2: {0b8f30ef-76c2-11e3-8617-70f395d12e69} - H:\LGAutoRun.exe
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\MountPoints2: {34ddf33c-c45e-11e1-9b12-70f395d12e69} - E:\SISetup.exe
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\MountPoints2: {ddb543cf-2706-11e1-8e01-70f395d12e69} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\MountPoints2: {eb9a1205-6382-11e0-bc7c-70f395d12e69} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-18\...\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] => C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90120000-0017-0000-0000-0000000FF1CE}] => C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2014-12-17] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Image Transfer.lnk
ShortcutTarget: Image Transfer.lnk -> C:\Program Files (x86)\Sony Corporation\Image Transfer\SonyTray.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Jubiläumsversion Zahlungserinnerung.lnk
ShortcutTarget: Quicken Jubiläumsversion Zahlungserinnerung.lnk -> C:\Windows\Installer\{A907A713-DA24-4352-8786-96C7A6944646}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation)
ShellIconOverlayIdentifiers: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS64.DLL (1&1 Internet AG)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS.DLL (1&1 Internet AG)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
URLSearchHook: HKLM-x32 - (No Name) - {32361cec-8645-4eea-a02e-406794b05835} - No File
SearchScopes: HKLM -> {72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2479338598-3314396831-1710804073-1003 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2479338598-3314396831-1710804073-1003 -> {0BCB17D6-B352-4483-809A-DE0B5CD02F8F} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE0&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2479338598-3314396831-1710804073-1003 -> {72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D} URL = 
SearchScopes: HKU\S-1-5-21-2479338598-3314396831-1710804073-1003 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2479338598-3314396831-1710804073-1003 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = hxxp://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10140_cnet_150403&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2010-05-06] (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation)
Handler: haufereader - No CLSID Value
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{49B937D5-91CB-4C63-A626-90511A9E92EA}: [NameServer] 192.168.178.1
Tcpip\..\Interfaces\{704C1AD4-1DA1-4F83-B0A1-F0CFB199FA80}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{8951B8BC-2E91-404E-88AE-F86E28012953}: [NameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\c625zout.default
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2011-06-25] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2010-10-28] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2011-06-25] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-12-13] (Nullsoft, Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2010-12-10] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @virtools.com/3DviaPlayer -> C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll [2012-04-05] (Dassault Systèmes)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll [2010-11-01] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-10-22] (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-24]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-09-12]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-15]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon [2011-04-09]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-07-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-06-11]
FF HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\##my-prefs.js [2015-03-25] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\my.cfg [2015-03-25] <==== ATTENTION

Chrome: 
=======
CHR Profile: C:\Users\kami\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SiteAdvisor) - C:\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-08-27]
CHR Extension: (Google Wallet) - C:\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-05]
CHR HKLM-x32\...\Chrome\Extension: [jgfpelakfkbbkkdchaaaknckhoadkcbo] - C:\Program Files (x86)\Mein Gutscheincode Finder\Chrome\chrome-extension.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-04] (ActivIdentity)
R2 Apache2.2; c:\xampp\apache\bin\httpd.exe [24636 2008-12-10] (Apache Software Foundation) [File not signed]
R2 C-DillaCdaC11BA; C:\windows\SysWOW64\drivers\CDAC11BA.EXE [39936 2010-12-14] (C-Dilla Ltd) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2010-02-02] (McAfee, Inc.) [File not signed]
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-12-07] (Hewlett-Packard Ltd)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [90112 2010-06-14] (Hewlett-Packard Company) [File not signed]
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2010-02-02] (McAfee, Inc.)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [298496 2010-05-06] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 HRService; C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe [71024 2012-01-11] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 McAPExe; C:\PROGRAM FILES\MCAFEE\MSC\MCAPEXE.EXE [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-10-08] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mysql; c:\xampp\mysql\bin\mysqld.exe [6562432 2009-03-16] ()
R2 ndassvc; C:\Program Files\NDAS\System\ndassvc.exe [376808 2007-06-29] (XIMETA, Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 QDLService2kHP; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe [1687360 2011-04-29] (QUALCOMM, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SMManager; C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe [82760 2010-03-13] (Smith Micro Software, Inc.)
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9216 2010-12-31] (Vodafone) [File not signed]
R2 vtigercrmApache530; C:\Program Files (x86)\vtigercrm-5.3.0\apache\bin\Apache.exe [20541 2009-05-08] (Apache Software Foundation) [File not signed]
R2 vtigercrmMysql530; C:\Program Files (x86)\vtigercrm-5.3.0\mysql\my.ini [2994 2012-02-14] () [File not signed]
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-02-12] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 XAMPP; c:\xampp\service.exe [60928 2007-12-21] () [File not signed]
S2 HPSLPSVC; C:\Users\kami\AppData\Local\Temp\7zS03A3\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\lgandadb.sys [31744 2010-08-01] (Google Inc)
S3 BioNTDrv; C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\BioNTDrv.SYS [18696 2014-05-19] (Paragon Software Group)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2011-04-09] (Bytemobile, Inc.) [File not signed]
S2 CdaC15BA; C:\windows\SysWOW64\drivers\CDAC15BA.SYS [8864 2012-01-05] () [File not signed]
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [419840 2010-12-31] (Huawei Technologies Co., Ltd.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 lfsfilt; C:\Windows\System32\DRIVERS\lfsfilt.sys [339944 2007-06-29] (XIMETA, Inc.)
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.)
R0 lpx; C:\Windows\System32\DRIVERS\lpx.sys [97256 2007-06-29] (XIMETA, Inc.)
R1 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [107736 2015-03-17] (Malwarebytes Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
S3 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-04] (Marvell Semiconductor, Inc.)
R3 ndasbus; C:\Windows\System32\DRIVERS\ndasbus.sys [108520 2007-06-29] (XIMETA, Inc.)
R1 ndasfat; C:\windows\system32\DRIVERS\ndasfat.sys [537064 2007-06-29] (XIMETA, Inc.)
S3 ndasscsi; C:\Windows\System32\DRIVERS\ndasscsi.sys [235496 2007-06-29] (XIMETA, Inc.)
S3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [602112 2006-11-08] (PixArt Imaging Inc.)
R3 qcfilterhp2k; C:\Windows\System32\DRIVERS\qcfilterhp2k.sys [6400 2011-04-29] (QUALCOMM Incorporated)
R3 qcombushp; C:\Windows\System32\DRIVERS\qcombushp.sys [160328 2011-04-29] (MCCI)
R3 qcusbnethp2k; C:\Windows\System32\DRIVERS\qcusbnethp2k.sys [444416 2011-04-29] (QUALCOMM Incorporated)
R3 qcusbserhp2k; C:\Windows\System32\DRIVERS\qcusbserhp2k.sys [230784 2011-04-29] (QUALCOMM Incorporated)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2010-02-02] (McAfee, Inc.)
R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2010-02-02] (McAfee, Inc.)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2010-02-02] ()
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2010-02-02] (McAfee, Inc.)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2010-02-02] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2010-02-02] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2010-02-02] (McAfee, Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-01-19] ()
R1 tcpipBM; C:\windows\system32\drivers\tcpipBM.sys [39552 2011-04-09] (Bytemobile, Inc.) [File not signed]
R1 ui11drdr; C:\Windows\System32\DRIVERS\ui11drdr.sys [201072 2012-09-24] (1&1 Internet AG)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-05-19] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-05-19] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700296 2014-05-19] ()
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-19] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-19] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-19] (LG Electronics Inc.)
R4 epp64; system32\DRIVERS\epp64.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
S1 iSafeKrnlKit; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [X]
S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X]
S1 iSafeKrnlR3; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [X]
S0 vmci; system32\DRIVERS\vmci.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-18 18:05 - 2015-04-18 18:05 - 00092155 _____ () C:\Users\kami\Desktop\FRST_a.txt
2015-04-18 18:00 - 2015-04-18 18:00 - 00000000 ____D () C:\Users\kami\Desktop\FRST-OlderVersion
2015-04-18 17:23 - 2015-04-18 17:23 - 00380416 _____ () C:\Users\kami\Desktop\Gmer-19357.exe
2015-04-18 17:20 - 2015-04-18 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-04-18 17:11 - 2015-04-18 18:00 - 00076118 _____ () C:\Users\kami\Desktop\Addition.txt
2015-04-18 17:09 - 2015-04-18 18:06 - 00037123 _____ () C:\Users\kami\Desktop\FRST.txt
2015-04-18 17:09 - 2015-04-18 18:05 - 00000000 ____D () C:\FRST
2015-04-18 17:07 - 2015-04-18 17:08 - 00000470 _____ () C:\Users\kami\Desktop\defogger_disable.log
2015-04-18 17:07 - 2015-04-18 17:07 - 00000000 _____ () C:\Users\kami\defogger_reenable
2015-04-18 17:05 - 2015-04-18 17:05 - 00050477 _____ () C:\Users\kami\Downloads\Defogger.exe
2015-04-18 12:24 - 2015-04-18 11:52 - 00450771 ____R () C:\windows\system32\Drivers\etc\hosts.20150418-122415.backup
2015-04-17 18:03 - 2015-04-17 18:03 - 00050477 _____ () C:\Users\kami\Desktop\Defogger.exe
2015-04-17 13:03 - 2015-04-18 18:00 - 02098176 _____ (Farbar) C:\Users\kami\Desktop\FRST64.exe
2015-04-17 11:08 - 2015-04-18 11:49 - 00001983 _____ () C:\Users\kami\Desktop\Malware@firefox.txt
2015-04-16 12:20 - 2015-04-17 22:51 - 00008192 _____ () C:\windows\SysWOW64\WDPABKP.dat
2015-04-16 09:47 - 2015-04-16 09:47 - 00001947 _____ () C:\Users\Public\Desktop\Sonos.lnk
2015-04-16 09:47 - 2015-04-16 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonos
2015-04-16 09:47 - 2015-04-16 09:47 - 00000000 ____D () C:\Program Files (x86)\Sonos
2015-04-16 09:34 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-04-16 09:34 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-04-16 09:34 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-04-16 09:34 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-04-16 09:34 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-04-16 09:34 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-04-16 09:34 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-04-16 09:34 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-04-16 09:34 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-04-16 09:34 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-04-16 09:34 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-04-16 09:34 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-04-16 09:34 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-04-16 09:34 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-04-16 09:34 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-04-16 09:34 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-04-16 09:34 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-04-16 09:33 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-04-16 09:33 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-04-16 09:33 - 2015-03-10 07:29 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-04-16 09:33 - 2015-03-10 07:28 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-04-16 09:33 - 2015-03-10 07:28 - 01409024 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-04-16 09:33 - 2015-03-10 07:28 - 00600576 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 19292672 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 15409152 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 02656256 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-04-16 09:33 - 2015-03-10 07:26 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-04-16 09:33 - 2015-03-10 07:26 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-04-16 09:33 - 2015-03-10 07:26 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 14373376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 02864640 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 01763328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 13767680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-04-16 09:33 - 2015-03-10 05:48 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-04-16 09:33 - 2015-03-10 05:32 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-04-16 09:33 - 2015-03-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-04-16 09:33 - 2015-03-10 05:07 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-04-16 09:33 - 2015-03-10 04:42 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2015-04-16 09:33 - 2015-03-10 04:39 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-04-16 09:33 - 2015-03-10 04:16 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2015-04-16 09:33 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2015-04-16 09:33 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2015-04-16 09:33 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\clfsw32.dll
2015-04-16 09:32 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-04-16 09:32 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-04-16 09:32 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-04-16 09:32 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-04-16 09:32 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-04-16 09:32 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-04-16 09:32 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-04-16 09:32 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-04-16 09:32 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-04-16 09:32 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-04-16 09:32 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-04-16 09:32 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-04-16 09:32 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-04-16 09:32 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-04-16 09:32 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-04-16 09:32 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-04-16 09:32 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-04-16 09:32 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-04-16 09:32 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-04-16 09:32 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-04-16 09:32 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-04-16 09:32 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-04-16 09:32 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-04-16 09:32 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-04-16 09:32 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-04-16 09:32 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-04-16 09:32 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-16 09:31 - 2015-04-18 10:46 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2015-04-16 09:30 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-04-16 09:30 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-04-16 09:30 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-04-16 09:30 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-04-16 09:29 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2015-04-16 09:01 - 2015-04-16 09:02 - 00995568 _____ () C:\windows\Minidump\041615-50325-01.dmp
2015-04-16 09:00 - 2015-04-16 09:00 - 876794833 _____ () C:\windows\MEMORY.DMP
2015-04-14 12:15 - 2015-04-14 12:15 - 00001153 _____ () C:\Users\Public\Desktop\WD My Cloud.lnk
2015-04-14 12:15 - 2015-04-14 12:15 - 00000000 ____D () C:\Users\kami\AppData\Roaming\com.wd.WDMyCloud
2015-04-14 12:14 - 2015-04-14 12:14 - 00000158 _____ () C:\Users\kami\Desktop\WD My Cloud – Öffentliche Freigabe (WCC4E2EJRERE).url
2015-04-14 12:14 - 2015-04-14 12:14 - 00000154 _____ () C:\Users\kami\Desktop\WD My Cloud-Dashboard (WCC4E2EJRERE).url
2015-04-14 12:03 - 2015-04-14 12:03 - 00000000 ____D () C:\Users\kami\AppData\Roaming\WDC
2015-04-14 12:02 - 2015-04-16 09:17 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-14 11:58 - 2015-04-14 12:00 - 00560552 _____ (Oracle Corporation) C:\Users\kami\Downloads\JavaSetup8u40.exe
2015-04-13 22:52 - 2015-04-13 22:52 - 00000000 ____D () C:\ProgramData\launcher
2015-04-13 22:21 - 2015-04-13 22:21 - 00000000 ____D () C:\ProgramData\rmbwizard
2015-04-13 19:37 - 2015-04-13 19:38 - 71601392 _____ () C:\Users\kami\Downloads\mc_windows_setup.exe
2015-04-13 19:08 - 2015-04-13 19:08 - 00000473 _____ () C:\Users\kami\Downloads\WDMyCloud-20150413-1908.conf
2015-04-13 18:29 - 2015-04-13 19:32 - 00000000 ____D () C:\Users\kami\AppData\Local\Western_Digital_Technolog
2015-04-13 18:21 - 2015-04-13 18:24 - 247429605 _____ () C:\Users\kami\Downloads\MyNetViewFull_1_0_12_0.zip
2015-04-13 18:20 - 2015-04-13 18:20 - 00000000 ____D () C:\Program Files\Western Digital
2015-04-13 18:20 - 2015-04-13 18:20 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2015-04-13 18:13 - 2015-04-14 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-04-13 18:13 - 2015-04-14 12:15 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2015-04-13 18:13 - 2015-04-13 18:13 - 00001186 _____ () C:\Users\Public\Desktop\WD Discovery.lnk
2015-04-13 16:53 - 2015-04-13 17:00 - 71601392 _____ () C:\Users\kami\Downloads\mc_windows_setup (1).exe
2015-04-13 16:12 - 2015-04-13 16:12 - 00001083 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2015-04-13 16:12 - 2015-04-13 16:12 - 00001063 _____ () C:\Users\Public\Desktop\PDF24 Fax.lnk
2015-04-13 16:12 - 2015-04-13 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-04-13 12:24 - 2015-04-13 16:12 - 00000000 ____D () C:\Program Files (x86)\PDF24
2015-04-13 11:59 - 2015-04-13 11:59 - 00001274 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk
2015-04-13 11:59 - 2015-04-13 11:59 - 00001262 _____ () C:\Users\Public\Desktop\Absolute Uninstaller.lnk
2015-04-13 11:59 - 2015-04-13 11:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2015-04-13 11:58 - 2015-04-13 11:58 - 04737952 _____ () C:\Users\kami\Downloads\ausetup5.3.1.20.exe
2015-04-13 11:58 - 2015-04-13 11:58 - 00000000 ____D () C:\Program Files (x86)\Glarysoft
2015-04-13 11:46 - 2015-04-13 11:46 - 16342352 _____ (Geek Software GmbH ) C:\Users\kami\Downloads\pdf24-creator-6.9.2 (1).exe
2015-04-12 11:34 - 2015-04-12 11:34 - 16342352 _____ (Geek Software GmbH ) C:\Users\kami\Downloads\pdf24-creator-6.9.2.exe
2015-04-11 20:08 - 2015-04-11 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour-Druckdienste
2015-04-11 20:08 - 2015-04-11 20:08 - 00000000 ____D () C:\Program Files\Bonjour Print Services
2015-04-11 20:02 - 2015-04-14 12:14 - 00000204 _____ () C:\Users\kami\Desktop\Lerncenter WD My Cloud.url
2015-04-11 20:02 - 2015-04-13 18:20 - 00000000 ____D () C:\ProgramData\Western Digital
2015-04-11 20:02 - 2015-04-11 20:02 - 00000158 _____ () C:\Users\kami\Desktop\WD My Cloud – Öffentliche Freigabe.url
2015-04-11 20:02 - 2015-04-11 20:02 - 00000154 _____ () C:\Users\kami\Desktop\WD My Cloud-Dashboard.url
2015-04-11 19:33 - 2015-04-13 18:29 - 00000000 ____D () C:\Users\kami\AppData\Local\Western Digital
2015-04-10 11:35 - 2015-04-10 11:35 - 00000000 ____D () C:\Users\kami\Neuer Ordner
2015-04-10 02:00 - 2015-04-10 02:00 - 00002331 _____ () C:\Users\Public\Desktop\Paragon Backup and Recovery™ 2014 Free.lnk
2015-04-10 02:00 - 2015-04-10 02:00 - 00002163 _____ () C:\Users\Public\Desktop\Paragon Recovery Media Builder™.lnk
2015-04-10 02:00 - 2015-04-10 02:00 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_blockmounter_01_09_00.Wdf
2015-04-10 02:00 - 2015-04-10 02:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup and Recovery™ 2014 Free
2015-04-10 01:59 - 2015-04-10 01:59 - 00000000 ____D () C:\Program Files\Paragon Software
2015-04-10 01:54 - 2015-04-10 01:54 - 00000000 ____D () C:\ProgramData\explauncher
2015-04-10 01:32 - 2015-04-10 01:52 - 417659040 _____ () C:\Users\kami\Downloads\br2014Free101.exe
2015-04-09 22:35 - 2015-04-09 22:35 - 00003110 _____ () C:\windows\System32\Tasks\{046986FD-9DB1-4173-A375-483BF9D48683}
2015-04-09 21:03 - 2015-04-09 21:03 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-04-09 11:46 - 2015-04-09 11:46 - 00022328 _____ () C:\Users\kami\Downloads\hijackthis.log
2015-04-09 10:51 - 2015-04-09 11:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\kami\Downloads\HijackThis.exe
2015-04-09 02:29 - 2015-04-09 02:29 - 00003432 _____ () C:\windows\System32\Tasks\Avira Browser Safety Updater Task
2015-04-09 02:29 - 2015-04-09 02:29 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-09 01:55 - 2015-04-18 17:16 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-04-09 01:55 - 2015-04-16 09:17 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-04-09 01:55 - 2015-04-16 09:17 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-09 01:55 - 2015-04-16 09:17 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-04-09 01:22 - 2015-04-18 15:35 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-04-09 01:13 - 2015-04-09 09:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-09 01:08 - 2015-04-09 01:44 - 00000000 ____D () C:\Users\kami\Entmister-SW
2015-04-08 23:55 - 2015-04-08 23:55 - 16502728 _____ (Malwarebytes Corp.) C:\Users\kami\Downloads\mbar-1.09.1.1004.exe
2015-04-08 22:25 - 2015-04-08 22:25 - 00002037 _____ () C:\Users\Public\Desktop\LightScribe.lnk
2015-04-08 22:25 - 2015-04-08 22:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2015-04-08 19:34 - 2015-04-13 18:20 - 00160620 _____ () C:\windows\DPINST.LOG
2015-04-08 19:32 - 2015-04-08 19:32 - 00002102 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-04-08 19:32 - 2015-04-08 19:32 - 00000000 ____D () C:\ProgramData\Sony
2015-04-08 19:31 - 2015-04-08 19:31 - 28579392 _____ (Sony Mobile Communications ) C:\Users\kami\Downloads\Sony PC Companion_Web.exe
2015-04-08 15:16 - 2015-04-08 15:21 - 00000000 ____D () C:\Users\kami\AppData\Roaming\Mozilla
2015-04-08 15:16 - 2015-04-08 15:16 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-08 15:16 - 2015-04-08 15:16 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-08 15:16 - 2015-04-08 15:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-08 12:50 - 2015-04-08 12:50 - 00243656 _____ () C:\Users\kami\Downloads\Firefox Setup Stub 37.0.1.exe
2015-04-08 11:29 - 2015-04-08 11:29 - 00116528 _____ () C:\Users\kami\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-08 11:15 - 2015-04-17 22:48 - 00003081 _____ () C:\windows\setupact.log
2015-04-08 11:15 - 2015-04-08 11:15 - 00000000 _____ () C:\windows\setuperr.log
2015-04-08 11:14 - 2015-04-16 12:13 - 00010690 _____ () C:\windows\PFRO.log
2015-04-08 11:14 - 2015-04-08 11:15 - 00439280 _____ () C:\windows\system32\FNTCACHE.DAT
2015-04-08 09:38 - 2015-04-08 09:38 - 00000000 ____D () C:\Users\kami\VirtualBox VMs
2015-04-08 09:30 - 2015-04-08 09:30 - 00003144 _____ () C:\windows\System32\Tasks\{BEE6F6BC-7E4E-4156-B456-4BC6B32E9CFC}
2015-04-08 09:27 - 2015-04-13 16:03 - 00000000 ____D () C:\Users\kami\.VirtualBox
2015-04-08 09:25 - 2015-04-08 09:29 - 00001036 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2015-04-08 09:25 - 2015-04-08 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-04-08 09:25 - 2015-03-16 17:36 - 00922704 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxDrv.sys
2015-04-08 09:24 - 2015-04-08 09:24 - 00000000 ____D () C:\Program Files\Oracle
2015-04-08 09:24 - 2015-03-16 17:35 - 00128592 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxUSBMon.sys
2015-04-08 02:22 - 2015-04-08 02:22 - 00000000 ____D () C:\Users\kami\AppData\Local\BVRP Software
2015-04-07 21:40 - 2009-06-10 23:00 - 00000824 _____ () C:\windows\system32\Drivers\etc\hosts.20150407-214026.backup
2015-04-07 21:16 - 2015-04-07 21:16 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-04-07 21:16 - 2015-04-07 21:16 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-04-07 21:16 - 2015-04-07 21:16 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2015-04-07 21:16 - 2015-04-07 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-04-07 21:16 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2015-04-07 21:15 - 2015-04-18 11:38 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-07 21:15 - 2015-04-07 22:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-07 21:09 - 2015-04-07 21:14 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-07 21:09 - 2015-04-07 21:09 - 00002780 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2015-04-07 21:09 - 2015-04-07 21:09 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-07 21:09 - 2015-04-07 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-07 20:40 - 2015-04-07 20:40 - 00005684 _____ () C:\windows\system32\.crusader
2015-04-07 20:20 - 2015-04-07 20:41 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-06 13:21 - 2015-04-07 11:36 - 00000000 ____D () C:\windows\system32\log
2015-04-04 12:49 - 2015-04-04 12:49 - 00000000 ___SD () C:\windows\SysWOW64\GWX
2015-04-04 12:49 - 2015-04-04 12:49 - 00000000 ___SD () C:\windows\system32\GWX
2015-04-03 19:13 - 2015-04-03 19:13 - 00001373 _____ () C:\Users\kami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-03 17:22 - 2015-04-03 17:22 - 01400416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2015-04-03 17:22 - 2015-04-03 17:22 - 01400416 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2015-04-03 17:22 - 2015-04-03 17:22 - 01054720 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00905728 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00719360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00247296 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00232960 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00204800 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00185344 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00173568 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00150528 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00149504 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00138752 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00137216 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00125440 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00117248 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00110592 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2015-04-03 17:22 - 2015-04-03 17:22 - 00073728 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2015-04-03 17:22 - 2015-04-03 17:22 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00041984 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2015-04-03 03:31 - 2015-04-03 03:31 - 00000000 ____D () C:\Users\kami\AppData\Roaming\LavasoftStatistics
2015-04-03 03:31 - 2015-03-12 11:59 - 00373864 _____ (Lavasoft Limited) C:\windows\system32\LavasoftTcpService64.dll
2015-04-03 03:31 - 2015-03-12 11:58 - 00326288 _____ (Lavasoft Limited) C:\windows\SysWOW64\LavasoftTcpService.dll
2015-04-03 01:38 - 2015-04-03 01:38 - 00001381 _____ () C:\Users\kami\Desktop\Internet Explorer (64-bit).lnk
2015-04-02 22:13 - 2015-04-18 11:19 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-02 22:12 - 2015-04-02 22:12 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-02 22:12 - 2015-04-02 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-02 22:12 - 2015-04-02 22:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-02 22:12 - 2015-04-02 22:12 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-02 22:12 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-04-02 22:12 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-04-02 22:12 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-04-02 16:10 - 2015-04-18 16:10 - 00001020 _____ () C:\windows\Tasks\HnmIsEN3HeBGjmHRcutCSbAF6p.job
2015-04-02 16:10 - 2015-04-02 16:10 - 00004036 _____ () C:\windows\System32\Tasks\HnmIsEN3HeBGjmHRcutCSbAF6p
2015-04-02 01:49 - 2015-04-02 17:18 - 00005632 _____ () C:\Users\kami\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-31 10:14 - 2015-03-31 10:14 - 00004387 _____ () C:\Users\kami\AppData\Roaming\HnmIsEN3HeBGjmHRcutCSbAF6p
2015-03-24 12:10 - 2015-04-08 15:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-18 18:02 - 2010-12-07 04:02 - 00000000 ____D () C:\Users\kami\Postfach
2015-04-18 17:53 - 2011-05-11 22:54 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-18 17:40 - 2014-11-14 09:48 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cfffdf66526ee7.job
2015-04-18 17:20 - 2014-06-11 00:04 - 00001804 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2015-04-18 17:11 - 2010-11-13 17:40 - 01629946 _____ () C:\windows\WindowsUpdate.log
2015-04-18 17:07 - 2010-12-02 21:21 - 00000000 ____D () C:\Users\kami
2015-04-18 15:12 - 2010-12-26 11:56 - 00000000 ____D () C:\ProgramData\Lexware
2015-04-18 12:40 - 2014-08-18 17:35 - 00000000 ____D () C:\Users\kami\AppData\Roaming\Opera Software
2015-04-18 12:15 - 2014-06-05 15:36 - 00000000 ____D () C:\temp
2015-04-18 11:26 - 2013-02-17 14:56 - 00003180 _____ () C:\windows\System32\Tasks\HPCeeScheduleForkami
2015-04-18 11:26 - 2013-02-17 14:56 - 00000328 _____ () C:\windows\Tasks\HPCeeScheduleForkami.job
2015-04-18 10:16 - 2010-09-12 22:06 - 05485612 _____ () C:\windows\system32\perfh007.dat
2015-04-18 10:16 - 2010-09-12 22:06 - 01696992 _____ () C:\windows\system32\perfc007.dat
2015-04-18 10:16 - 2009-07-14 07:13 - 00006792 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-18 10:10 - 2011-05-11 22:54 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-18 01:49 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\AppCompat
2015-04-17 22:59 - 2009-07-14 06:45 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-17 22:59 - 2009-07-14 06:45 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-17 22:48 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-17 22:41 - 2010-12-03 03:23 - 00007620 _____ () C:\Users\kami\AppData\Local\Resmon.ResmonCfg
2015-04-17 22:38 - 2011-11-11 23:52 - 00000000 ____D () C:\ProgramData\Avanquest Bluetooth SDK
2015-04-17 18:16 - 2011-05-02 15:09 - 00000000 ____D () C:\Users\kami\Documents\Aktuell
2015-04-17 00:01 - 2011-03-22 23:08 - 00001644 _____ () C:\Users\kami\Desktop\FUS.txt
2015-04-16 23:51 - 2010-12-03 06:13 - 00000000 ____D () C:\windows\rescache
2015-04-16 12:37 - 2010-12-15 14:08 - 00000000 ____D () C:\Users\kami\Documents\Finanzen
2015-04-16 12:20 - 2009-07-27 17:04 - 00000000 ____D () C:\windows\Panther
2015-04-16 12:14 - 2014-12-11 10:22 - 00000000 ____D () C:\windows\system32\appraiser
2015-04-16 12:14 - 2014-07-09 13:10 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-04-16 11:40 - 2010-12-06 22:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-16 09:44 - 2013-08-15 11:37 - 00000000 ____D () C:\windows\system32\MRT
2015-04-16 09:34 - 2010-12-05 18:07 - 128913832 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-04-16 09:28 - 2013-10-22 21:00 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-16 09:27 - 2010-12-12 19:58 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-16 09:01 - 2012-10-10 23:49 - 00000000 ____D () C:\windows\Minidump
2015-04-14 12:01 - 2013-10-22 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-13 18:19 - 2013-03-26 12:05 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-13 17:36 - 2011-12-28 02:35 - 00000000 ____D () C:\Users\kami\AppData\Roaming\HpUpdate
2015-04-13 16:40 - 2010-09-12 22:37 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-04-13 16:32 - 2012-12-07 17:41 - 00002771 _____ () C:\Users\Public\Desktop\Lexware buchhalter.lnk
2015-04-13 16:32 - 2010-12-26 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2015-04-13 14:00 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2015-04-12 11:55 - 2011-06-21 00:16 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2015-04-12 11:37 - 2012-06-29 08:57 - 00000000 ____D () C:\Users\Hotel
2015-04-12 11:37 - 2012-01-11 18:12 - 00000000 ____D () C:\Users\Vais
2015-04-12 11:37 - 2011-11-20 12:17 - 00000000 ____D () C:\Users\Administrator
2015-04-12 11:37 - 2010-12-13 15:25 - 00000000 ____D () C:\Users\RF
2015-04-10 12:05 - 2011-10-13 10:12 - 00000000 ____D () C:\Users\kami\Documents\Bluetooth Exchange Folder
2015-04-10 03:00 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2015-04-10 01:56 - 2010-12-02 21:23 - 00000000 ____D () C:\Users\kami\AppData\Local\Downloaded Installations
2015-04-09 21:50 - 2014-12-11 17:04 - 00000000 ____D () C:\Program Files (x86)\Super Radio
2015-04-09 01:55 - 2014-08-19 13:20 - 00000000 ____D () C:\Users\kami\AppData\Local\Adobe
2015-04-08 23:27 - 2012-06-29 09:03 - 00000000 ____D () C:\Users\Hotel\AppData\Local\Mozilla
2015-04-08 23:25 - 2012-06-29 08:58 - 00000000 ___RD () C:\Users\Hotel\Virtual Machines
2015-04-08 23:24 - 2015-03-05 18:42 - 00001536 __RSH () C:\Users\Hotel\ntuser.pol
2015-04-08 23:02 - 2011-12-15 21:08 - 00113152 ___SH () C:\Users\kami\Documents\Thumbs.db
2015-04-08 19:34 - 2011-05-25 15:15 - 00000000 ____D () C:\Users\kami\AppData\Local\Sony
2015-04-08 19:32 - 2011-05-25 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-04-08 19:32 - 2011-05-25 15:03 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-04-08 19:32 - 2010-09-12 22:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-08 13:08 - 2013-05-29 20:35 - 00006256 _____ () C:\Users\kami\_viminfo
2015-04-08 09:29 - 2012-01-11 18:14 - 00116528 _____ () C:\windows\system32\GDIPFONTCACHEV1.DAT
2015-04-08 03:53 - 2013-07-08 13:46 - 00000000 ____D () C:\Users\kami\AppData\Roaming\DVDVideoSoft
2015-04-08 03:51 - 2013-08-27 23:00 - 00000000 ____D () C:\Program Files (x86)\IGC
2015-04-08 03:21 - 2014-07-07 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
2015-04-08 03:21 - 2013-10-22 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-04-08 03:21 - 2013-05-27 13:36 - 00000000 ____D () C:\Users\kami\Desktop\4Trading
2015-04-08 03:21 - 2013-05-27 13:33 - 00000000 ____D () C:\Users\kami\Desktop\4CAD
2015-04-08 03:21 - 2013-05-27 13:30 - 00000000 ____D () C:\Users\kami\Desktop\4Navi
2015-04-08 03:21 - 2012-03-20 17:11 - 00000000 ____D () C:\Users\kami\AppData\Roaming\Notepad++
2015-04-08 03:21 - 2011-11-01 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenEstate
2015-04-08 03:21 - 2010-12-03 03:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Interactive Brokers
2015-04-08 02:31 - 2013-03-26 17:30 - 00000000 ____D () C:\Users\kami\Documents\Garmin
2015-04-08 02:31 - 2012-06-02 12:42 - 00000000 ____D () C:\Users\kami\AppData\Local\Garmin
2015-04-08 02:31 - 2010-12-09 02:14 - 00000000 ____D () C:\Users\kami\AppData\Roaming\GARMIN
2015-04-08 02:31 - 2010-12-09 01:44 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-04-08 02:31 - 2010-12-08 23:11 - 00000000 ____D () C:\ProgramData\GARMIN
2015-04-08 02:31 - 2010-12-08 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-04-08 02:28 - 2013-02-28 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasternGraphics
2015-04-08 02:28 - 2011-01-29 11:56 - 00000000 ____D () C:\Program Files (x86)\EasternGraphics
2015-04-08 01:09 - 2010-12-10 01:41 - 00000000 ____D () C:\Users\kami\AppData\Roaming\Dropbox
2015-04-08 00:40 - 2010-12-10 01:43 - 00000000 ___RD () C:\Users\kami\Documents\My Dropbox
2015-04-08 00:13 - 2012-08-29 01:12 - 00000000 ____D () C:\Users\kami\Desktop\Alte Firefox-Daten
2015-04-07 21:40 - 2009-07-14 04:34 - 00450771 ____R () C:\windows\system32\Drivers\etc\hosts.20150418-115254.backup
2015-04-07 21:12 - 2011-11-02 21:22 - 00000000 ____D () C:\Users\kami\AppData\Roaming\FileZilla
2015-04-07 21:12 - 2011-08-27 21:49 - 00000000 ____D () C:\Users\kami\AppData\Roaming\Skype
2015-04-07 11:40 - 2014-11-09 19:16 - 00000000 ____D () C:\Program Files (x86)\MINEA
2015-04-07 11:38 - 2013-12-30 15:56 - 00000000 ____D () C:\AdwCleaner
2015-04-07 11:18 - 2015-02-15 16:36 - 00000000 ___HD () C:\ProgramData\{5EE865C2-E8FF-4231-A2B8-0188FEFBCE3D}
2015-04-06 12:58 - 2014-12-11 17:08 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-04-06 12:06 - 2011-12-14 20:11 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-04-03 19:02 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-04-03 02:15 - 2013-12-14 12:10 - 00000000 ____D () C:\windows\PAC7311
2015-04-03 02:12 - 2011-11-17 01:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
2015-04-02 23:07 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\schemas
2015-04-02 22:24 - 2014-12-22 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\psynetic
2015-03-23 15:12 - 2011-11-01 11:58 - 00000000 ____D () C:\Program Files\Java

==================== Files in the root of some directories =======

2010-12-29 13:54 - 2011-06-15 19:55 - 0001854 _____ () C:\Users\kami\AppData\Roaming\GhostObjGAFix.xml
2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Users\kami\AppData\Roaming\HnmIsEN3HeBGjmHRcutCSbAF6p
2014-07-07 22:50 - 2014-07-07 22:50 - 0038444 _____ () C:\Users\kami\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
2014-07-07 22:46 - 2014-07-07 22:46 - 0038441 _____ () C:\Users\kami\AppData\Roaming\Microsoft Excel 97-2003.ADR
2015-04-02 01:49 - 2015-04-02 17:18 - 0005632 _____ () C:\Users\kami\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-08 22:13 - 2013-05-08 22:13 - 0004096 ____H () C:\Users\kami\AppData\Local\keyfile3.drm
2010-12-08 03:36 - 2010-12-08 03:50 - 0448206 _____ () C:\Users\kami\AppData\Local\MODup-Log.txt
2010-12-03 03:23 - 2015-04-17 22:41 - 0007620 _____ () C:\Users\kami\AppData\Local\Resmon.ResmonCfg
2012-12-20 00:05 - 2012-12-20 00:05 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-12-31 12:48 - 2010-12-31 12:48 - 0208552 ____R () C:\ProgramData\DeviceManager.xml.rc4
2010-12-04 12:11 - 2012-11-27 20:04 - 0017022 _____ () C:\ProgramData\hpzinstall.log
2013-01-18 03:59 - 2013-01-18 03:59 - 0000285 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-02-20 23:07 - 2013-02-20 23:07 - 0000115 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Files to move or delete:
====================
C:\Users\kami\REG4DigiFoto_Hilfedatei.reg


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

M-K-D-B · 18.04.2015, 18:39

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Bitte noch die Addition.txt von FRST posten, dann kann es losgehen.

NoMW! · 18.04.2015, 18:54

Hallo Matthias,
vielen Dank für die schnelle Reaktion.
Die Logs haben nicht alle hineingepasst. Nachlieferung:

Addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-04-2015 01
Ran by kami at 2015-04-18 18:06:30
Running from C:\Users\kami\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1&1 Office-Drive Manager (HKLM-x32\...\1&1 Office-Drive Manager) (Version: 2.0.687 - 1&1 Internet AG)
3DVIA player 5.0.0.20 (HKLM-x32\...\{F06365EC-061E-48C3-B761-E1816658D618}) (Version: 5.0.20 - 3DVIA)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
ABBYY FineReader 5.0 Sprint (HKLM-x32\...\{D1696920-9794-4BBC-8A30-7A88763DE5A2}) (Version: 5.0.0.33417 - ABBYY Software House)
ABBYY FineReader 6.0 (HKLM-x32\...\{AF600F7B-67A7-48D9-BA3B-0FF97F35F970}) (Version: 6.0.759.29421 - ABBYY Software House)
Absolute Uninstaller 5.3.1.20 (HKLM-x32\...\Absolute Uninstaller) (Version: 5.3.1.20 - Glarysoft Ltd)
ActivClient x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - )
Agent Ransack 2010 (64-bit) (HKLM\...\Agent Ransack (64-bit)_is1) (Version:  - )
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
ArcSoft PhotoImpression (HKLM-x32\...\{6C5D7191-140A-11D6-B5A0-0050DA208A93}) (Version:  - )
Avery Wizard 3.1 (HKLM-x32\...\{77077FFF-8831-470F-9627-E86F06A50CCD}) (Version: 3.1.8 - Avery)
Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{CA0D2F09-F811-48D4-843E-C87696C6A9D9}) (Version: 3.0.0.2 - Apple Inc.)
Bonjour-Druckdienste (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Broadcom 2070 Bluetooth 2.1 + EDR (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.35 - Broadcom Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
c4200_Help (x32 Version: 82.0.210.000 - Hewlett-Packard) Hidden
C4340 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
CFX Trader (HKLM-x32\...\{AC5E101F-8D42-406B-BFC0-7B906879F705}) (Version: 2.52.12.0 - CFX Broker)
CoP Outlook Plugin (HKLM-x32\...\{CBB9BD2B-C3FA-413F-9913-924EFFCE9CCC}) (Version: 4.11.1 - SMC Software Management Consulting)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Core FTP Server (HKLM-x32\...\CoreFTPServer) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Data Center 2 (HKLM-x32\...\Data Center 2) (Version:  - Sigma Elektro GmbH)
DataCenter2 (HKLM-x32\...\DataCenter2.6A52D17A1C86211F195F60E94C15876515EBE62C.1) (Version: 2.0.2 - Sigma Elektro GmbH)
DataCenter2 (x32 Version: 2.0.2 - Sigma Elektro GmbH) Hidden
DDBAC (HKLM-x32\...\{78F6AFE2-A4F3-4AE1-A710-9FD5758C2EB0}) (Version: 5.3.26 - DataDesign)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Deutsche Post E-Porto (HKLM-x32\...\{5CCF8330-F742-411A-8A04-719806D168B5}) (Version: 2.3.0 - Deutsche Post AG)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.1.9 - Hewlett-Packard)
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Doodle Outlook Connector (HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\33030675DC63B8C8D12A223C2017505053D50B01) (Version: 1.2.0.0 - Doodle AG)
Drive Encryption for HP ProtectTools (HKLM-x32\...\Drive Encryption) (Version: 5.0.6.0 - Hewlett-Packard)
Drive Encryption for HP ProtectTools (Version: 5.0.6.0 - Hewlett-Packard) Hidden
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.0.15910 - Landesfinanzdirektion Thüringen)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
EPSON Copy Utility (HKLM-x32\...\{B69CC1A5-0404-11D6-ABCB-005004C21D30}) (Version:  - )
EPSON Photo Print (HKLM-x32\...\{D379964B-685C-44D5-AE46-C953A9FEEA14}) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON Smart Panel (HKLM-x32\...\{6C11D561-620B-47DA-A693-4C597F3CDF40}) (Version:  - )
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 5.0.1.4 - Hewlett-Packard)
FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Folder Marker v 1.4 (HKLM-x32\...\Folder Marker_is1) (Version: 1.4 - ArcticLine Software)
FreeFileSync 5.6 (HKLM-x32\...\FreeFileSync) (Version: 5.6 - ZenJu)
GALILEOS Viewer 1.9 (HKLM-x32\...\{A1AD28CE-ADDF-46F1-94DC-7D7ACBC1451B}) (Version: 1.9.4368.23293 - SICAT GmbH & Co. KG)
Garmin City Navigator Europe NT 2012.30 Update (HKLM-x32\...\{71401465-5DAD-4E95-BCFC-B13DFDD9771E}) (Version: 15.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2013.30 Update (HKLM-x32\...\{BD9FCA8B-7692-42BD-9AF3-88346B436CB0}) (Version: 16.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT v9 (HKLM-x32\...\{29EA075F-2C61-472F-B01D-80E8D8F023F1}) (Version: 9.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}) (Version: 2.9.3 - Garmin Ltd or its subsidiaries)
Garmin TOPO Deutschland v3 (HKLM-x32\...\{AE255C55-E0CF-4591-AA86-CAA19AA32C53}) (Version: 3.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{CCB71FF8-DE82-469C-8641-44378F4443EB}) (Version: 2.5.4 - Garmin Ltd or its subsidiaries)
Geberit ProPlanner 2013 R2 (HKLM-x32\...\{D06C9C18-D361-486A-9E6D-DBAFF1266028}) (Version: 3.3.000 - Geberit Verwaltungs AG)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Haufe Formular-Manager (HKLM-x32\...\{CE7F2CA3-ADA3-4907-9013-8B61C370B6E4}) (Version: 11.01.03.0001 - Haufe-Lexware GmbH & Co. KG)
Haufe iDesk-Browser (HKLM-x32\...\{0F32914F-A633-4516-B531-7084C8F19F93}) (Version: 10.10.14.0000 - Haufe-Lexware GmbH & Co. KG)
Haufe iDesk-Service (HKLM-x32\...\{F3A444B0-3BF9-11E1-A2DD-005056B12123}) (Version: 12.01.11.8176 - Haufe)
HP 3D DriveGuard (HKLM\...\{299625B9-6C69-462C-9CEA-8E06D878B1C5}) (Version: 4.0.5.1 - Hewlett-Packard Company)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Connection Manager (HKLM-x32\...\{DE637160-7A1C-4F73-B1AB-4300AE2C2DDE}) (Version: 3.1.3 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Documentation (HKLM-x32\...\{4054365C-8CD6-4F08-A2F9-44CADFD7A9D0}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.6.4.1 - Hewlett-Packard Company)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{1241CE77-0B65-40A0-B893-02EA49E35332}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{14BC5667-22B0-4DC4-8205-597053BBDDC9}) (Version: 13.0 - HP)
HP Photosmart C4340 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{20B8FE13-36FB-47A8-B43C-4BD23B36ADB2}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Power Assistant (HKLM\...\{09A06482-FAF9-4DC5-9EC7-D340B394E22A}) (Version: 2.0.6.0 - Hewlett-Packard Company)
HP Power Data (HKLM\...\{5CEE98FB-1963-4662-A780-410DA4533D53}) (Version: 1.0.35.187 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP QuickLook (HKLM\...\{E6BEE2A9-04CF-42FF-B95B-BB70FAD2DC3E}) (Version: 3.3.1.4 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{7861911B-4270-498A-8F7A-FCF0570F4877}) (Version: 1.0.1.62 - DeviceVM, Inc.)
HP QuickWeb (HKLM-x32\...\{7861911B-4270-498A-8F7A-FCF0570F48E3}) (Version: 1.0.1.74 - DeviceVM, Inc.)
HP Setup (HKLM-x32\...\{96AC1B0B-02D1-4FAA-9C1E-C92ECA74921A}) (Version: 8.2.4130.3367 - Hewlett-Packard Company)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP SoftPaq Download Manager (HKLM-x32\...\{2DA697D7-FED3-4DE2-A174-92A2A12F9688}) (Version: 3.0.5.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{18F4179A-385F-40EE-AE2D-FA0E1BE62753}) (Version: 4.5.12.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{04801E42-B1A6-4C52-9F3D-CADB5A050433}) (Version: 7.0.1.6 - Hewlett-Packard Company)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP System Default Settings (HKLM-x32\...\{C4E9E8A4-EEC4-4F9E-B140-520A8B75F430}) (Version: 2.4.1.2 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.26.3 - Roxio)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50012.1 - Sonix)
HP Wireless Assistant (HKLM\...\{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}) (Version: 4.0.10.0 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6300.0 - IDT)
Image Transfer (HKLM-x32\...\{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}) (Version:  - )
ImageMixer for Sony (HKLM-x32\...\{1B4AA674-F5CA-4BB5-831A-CD37B4021959}) (Version:  - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.8 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java Card Security for HP ProtectTools (HKLM\...\{F4477CC0-7293-414A-93BC-20EE897A80F0}) (Version: 5.0.4.1 - Hewlett-Packard)
Java(TM) SE Development Kit 7 Update 1 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170010}) (Version: 1.7.0.10 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexware buchhalter 2013 (HKLM-x32\...\{6AB4E5CD-0062-48E8-96A3-E5B4486DFCB3}) (Version: 18.04.00.0021 - Haufe-Lexware GmbH Co.KG)
Lexware Elster (HKLM-x32\...\{1C227C2E-2295-4820-87B1-4B13E98E6C66}) (Version: 13.15.00.0074 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (HKLM-x32\...\{8AE7E507-BC49-4DF0-A236-26878691AB53}) (Version: 2.90.00.0009 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM-x32\...\{607D1882-6E4E-4861-BAA3-16B12FA21C73}) (Version: 20.00.00.0059 - Haufe-Lexware GmbH Co.KG)
Lexware online banking V 2.39 (HKLM-x32\...\{66017349-81C8-48C3-B0E2-704DB146D70F}) (Version:  - )
LG Bluetooth Drivers (HKLM-x32\...\{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}) (Version: 1.1 - LG Electronics)
LG PC Suite IV (HKLM-x32\...\LG PC Suite IV) (Version: 4.3.80.20121017 - LG Electronics)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics)
LG USB Modem Drivers (HKLM-x32\...\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}) (Version: 4.9.4 - LG Electronics)
LightScribe System Software (HKLM-x32\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
LTplus architektur (HKLM-x32\...\{8E93D569-667D-4845-A677-B9FC54AFE9F2}_is1) (Version:  - ArchitektenInitiative e.V.)
LTplus architektur (HKLM-x32\...\{FAA933B5-F74F-4841-AA49-9735D6DD4256}_is1) (Version:  - ArchitektenInitiative e.V.)
LTplus EnEV 2010 (HKLM-x32\...\{BF024BF3-9FE5-4417-AA04-16A5FF937931}_is1) (Version:  - ArchitektenInitiative e.V.)
LTplus SketchUP Plugin 7.1 (HKLM-x32\...\LTplus SketchUP Plugin 7.1) (Version: 7.1 - ArchitektenInitiative e.V.)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Markets-pro Trading Plattform (HKLM-x32\...\Markets-pro Trading Plattform) (Version: 1.0.0.0 - Information Internet)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Media Go (HKLM-x32\...\{0F895695-33CC-4203-9C47-25EF2AC9441C}) (Version: 1.7.254 - Sony)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{963E5FEB-1367-46B9-851D-A957F1A3747F}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office SharePoint Designer 2007 (HKLM-x32\...\SharePointDesigner) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}) (Version:  - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Tool Web Package : EXCTRLST.EXE (HKLM-x32\...\{B0650E3D-FDCA-4908-B74B-0CC1731BDB93}) (Version: 1.00.0.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{75E2C40C-4345-4DD0-B5B3-B8EB92EEECB5}) (Version: 4.0.1679 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.4 - F.J. Wechselberger)
MySQL Workbench 5.2 CE (HKLM-x32\...\{455D9FD3-2AB6-44E0-BF49-B9E13911401A}) (Version: 5.2.38 - Oracle Corporation)
NDAS-Software 3.20.1523 (64-bit Windows) (HKLM\...\{07C16B8B-AE11-4515-888F-0BD2E0A9F2AD}) (Version: 3.20.1523 - XIMETA, Inc.)
Netzwerkaufzeichnungs-Player (HKLM-x32\...\{77A9065F-823B-4CDD-B28B-F340B69B62E3}) (Version: 28.4.0.14953 - Cisco WebEx LLC)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.34 - Symantec)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.8 - )
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation)
P1670 Referenzhandbuch (HKLM-x32\...\P1670 Referenzhandbuch) (Version:  - )
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Paragon Backup and Recovery™ 2014 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
pdfforge Toolbar v6.6 (HKLM-x32\...\{65739FA2-0444-4AB2-B598-872406539EBD}) (Version: 6.6 - Spigot, Inc.) <==== ATTENTION
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 9.0 - PlotSoft LLC)
Privacy Manager for HP ProtectTools (HKLM\...\{32394B71-1E8E-4233-8958-B84F4CDC8F4D}) (Version: 5.11.814 - Hewlett-Packard Company)
PS_AIO_03_C4340_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_Software_min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Qualcomm Gobi 2000 Package for HP (HKLM-x32\...\{5A771AE0-513F-4EC5-AB09-A7D3D22A2E20}) (Version: 1.1.240 - QUALCOMM)
Quicken 2011 - ServicePack 4 (HKLM-x32\...\{9DC1A9BA-070A-455F-8AC3-62587524ADFB}) (Version: 18.04.00.0123 - Haufe-Lexware GmbH & Co KG)
Quicken DELUXE 2004 (HKLM-x32\...\InstallShield_{00F115CE-9BDD-4729-9122-2476CD02856B}) (Version: 11.00.0000 - Lexware)
Quicken DELUXE 2004 (x32 Version: 11.00.0000 - Lexware) Hidden
Quicken DELUXE Jubiläumsversion (HKLM-x32\...\{A907A713-DA24-4352-8786-96C7A6944646}) (Version: 20.36.00.0134 - Haufe-Lexware GmbH & Co.KG)
Quicken Import Export Server Jubiläumsversion (HKLM-x32\...\{7FE9F5F5-8C9B-49F2-989C-BD885BD79B8D}) (Version: 20.30.00.0099 - Haufe-Lexware GmbH & Co.KG)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Richtig_Kontieren_von_A_Z (HKLM-x32\...\{83F8B710-715B-47B6-AD4D-036280EC269B}) (Version: 16.0.0.0 - Haufe-Lexware GmbH & Co. KG)
RICOH Media Driver (HKLM-x32\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.14.00.05 - RICOH)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SDK (x32 Version: 2.26.012 - Portrait Displays, Inc.) Hidden
Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sigma Data Center 3.2 (HKLM-x32\...\Sigma Data Center3.2) (Version: 3.2 - Sigma Elektro GmbH)
Sigma Data Center 3.3 (HKLM-x32\...\Sigma Data Center3.3) (Version: 3.3 - Sigma Elektro GmbH)
SketchUp 2014 (HKLM-x32\...\{D71C0CA7-A245-4CB7-A958-7DB3377602AE}) (Version: 14.0.4900 - Trimble Navigation Limited)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartTools Publishing • Word Falz & Lochmarken-Assistent (HKLM-x32\...\SmartToolsFalz & Lochmarken-Assistentv7.00) (Version: v7.00 - SmartTools Publishing)
SmartTools Publishing • Word Sonderzeichen-Assistent (HKLM-x32\...\SmartToolsSonderzeichen-Assistentv2.00) (Version: v2.00 - SmartTools Publishing)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Softi FreeOCR (HKLM-x32\...\{ABBACAD2-4DAF-490E-932B-E330B33FCF98}) (Version: 2.6.0 - Softi Software)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 28.1.86200 - Sonos, Inc.)
Sony Ericsson Update Service (HKLM-x32\...\Update Service) (Version: 2.11.5.6 - Sony Ericsson Mobile Communications AB)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.9.201406230908 - Sony Mobile Communications AB)
Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steuer-Spar-Erklärung 2009 (HKLM-x32\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.01.0000 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2010 (HKLM-x32\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.15 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.18 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.28.138 - Akademische Arbeitsgemeinschaft)
Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version:  - )
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{4DF1691E-8012-4E7C-89CF-3F7B9146DA6E}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.12979 - TeamViewer)
Theft Recovery (HKLM-x32\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 5.1.0.21 - Hewlett-Packard)
Theft Recovery (x32 Version: 5.1.0.21 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Trader Workstation (HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Trader Workstation) (Version:  - Interactive Brokers)
Trader Workstation 4.0 (HKLM-x32\...\Trader Workstation 4.0) (Version:  - )
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.73 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.245 - TuneUp Software) Hidden
TZ-EasyBuch Start  (HKLM-x32\...\TZ-EasyBuch Start) (Version:  - Thomas Zeh)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Validity Fingerprint Driver (HKLM\...\{DD966CEF-5EA9-4BA2-B210-490FEBC27EA7}) (Version: 4.0.15.0 - Validity Sensors, Inc.)
VCDS PCI 11.11 (HKLM-x32\...\VCDS PCI) (Version: PCI 11.11 - PCI Diagnosetechnik GmbH & Co. KG)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Vim 7.3 (self-installing) (HKLM\...\Vim 7.3) (Version:  - )
Vodafone Mobile Broadband (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.1.108.29105 - Vodafone)
vtiger CRM Office Plug-in 5.0.4 (HKLM-x32\...\{194D92D9-8A52-4C0D-8C3F-0D12B0DE28D7}) (Version:  - )
vtiger CRM Outlook plugin 2.1 (64-bit) (HKLM\...\vtiger CRM Outlook plugin 2.1 (64-bit)) (Version:  - Vtiger)
vtigercrm-5.3.0 (HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\vtigercrm-5.3.0) (Version:  - )
WD Discovery (HKLM-x32\...\{A80AE043-EF68-4B64-9C6F-088405FED315}) (Version: 102.0.1.10 - Western Digital Technologies, Inc.)
WD My Cloud (HKLM\...\{8F19C800-80A5-4636-B560-39A58112D45B}) (Version: 1.0.4.37 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{BE1B25F9-5A51-4DB8-81FA-CE0CABC14D07}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{FECF90E3-FDEA-4A87-8A06-2683388C69C4}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{647175e1-9944-4a82-bac1-102c95f0a99a}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WEB.DE Club SmartFax (HKLM-x32\...\WEB.DE Club SmartFax) (Version: 2.00.235 - 1&1 Mail & Media GmbH)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wertpapieranalyse 2011 (HKLM-x32\...\{F625701A-E55C-47B4-8FC0-52B4FFE306BB}) (Version: 1.00.0003 - Haufe-Lexware GmbH & Co. KG)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\2DC0AA065FA83047D7ECD51C7000C1620D79A4C5) (Version: 02/17/2009 2.04.16 - FTDI)
Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\51A4D522DD31538335EF5736F0E7F588C70BCB12) (Version: 02/17/2009 2.04.16 - FTDI)
Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02) (HKLM\...\F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443) (Version: 06/16/2010 2.06.02 - Ross-Tech)
Windows-Treiberpaket - SIGMA Elektro GmbH (usbser) Ports  (04/27/2012 5.1.2600.5512) (HKLM\...\DCCAC4C88E429408A2DDF8C0C5BAEB9187FA5713) (Version: 04/27/2012 5.1.2600.5512 - SIGMA Elektro GmbH)
WinRAR 5.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
XAMPP 1.7.1 (HKLM-x32\...\xampp) (Version:  - )
XBRL Tool (HKLM-x32\...\{53A2399A-7ECE-4717-9CD0-1C57FD35BBCA}) (Version: 1.9.0 - ITA Systemhaus GmbH)
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
XMLmind XML Editor Personal Edition 4.6.0 (2010-05-31) (HKLM-x32\...\XMLmind XML Editor_is1) (Version: 4.6.0 - XMLmind)
XMLServiceToolV2 (HKLM-x32\...\{0F72FEF7-6E87-49C5-AB0E-FBAFD0E00EF2}) (Version: 2.0.0 - Bundesanzeiger)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

12-04-2015 13:47:51 Removed PDF Architect
13-04-2015 11:48:42 Windows-Sicherung
13-04-2015 16:55:42 Removed WD My Cloud
13-04-2015 18:12:30 Installed WD Discovery
13-04-2015 18:19:39 WD SmartWare Installer
16-04-2015 09:15:07 Windows Update
16-04-2015 09:45:53 Installed Sonos Controller.
16-04-2015 11:31:08 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-04-18 12:24 - 00450771 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {001933A8-3016-4963-8B69-09B00BD41833} - \Plus-HD-3.8-codedownloader No Task File <==== ATTENTION
Task: {06283FF5-567C-4E7B-902F-4E7A84945D32} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {08498D11-C830-45A6-80E4-B08EC8116490} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {1900BDE0-6E60-458D-9BBD-788CDBC6BE8A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {1BF7F865-DFC4-4BB9-84D0-95A54C4FDCD3} - System32\Tasks\{405953F1-54EC-4820-B1B7-CB52898624C4} => pcalua.exe -a C:\Users\kami\Downloads\USBDrivers_23.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {1CDAC75A-A1BB-4D04-9630-64A18F451B58} - System32\Tasks\GoogleUpdateTaskMachineUA1cfffdf66526ee7 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {1D3A14F6-6594-4D40-A055-303C7DBB67DE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {41DDAF3D-7352-4F37-8E87-8CB214F157FC} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {47811B2F-2343-4CB2-9140-C3E42AD7C1FE} - \Plus-HD-3.8-firefoxinstaller No Task File <==== ATTENTION
Task: {4872684A-CC41-4E96-90EE-23B6B7C308FE} - System32\Tasks\{F6F71C2E-4C20-44B7-9DDD-C0E18F922370} => pcalua.exe -a C:\Users\kami\Downloads\jxpiinstall.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {499D170C-5FEB-4231-8DEE-23C591D5D5D8} - \Plus-HD-3.8-chromeinstaller No Task File <==== ATTENTION
Task: {529BD07D-ACE0-4638-AA71-CA5A93B28ED8} - System32\Tasks\{4E98F3FB-7896-4058-BD13-823D6945B38F} => pcalua.exe -a "C:\Users\kami\Documents\My Projects\Zyste\Kiefer-CT\DV31\DE_DE\SETUPW2K.EXE" -d "C:\Users\kami\Documents\My Projects\Zyste\Kiefer-CT\DV31\DE_DE"
Task: {53BD8261-DF20-4254-A0A5-09F7295623AB} - System32\Tasks\{A20C8E88-8BEE-43D1-80E4-CCA6A63FD689} => pcalua.exe -a C:\Users\kami\Downloads\zumo550_440.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {575A5CCE-D922-435E-8CE5-6B9A47BBA28B} - System32\Tasks\{7EE4D7BA-9010-475C-AD3D-4149B76B04A0} => pcalua.exe -a "C:\Program Files (x86)\ElsterFormular\bin\installationsverwaltung.exe" -d "C:\Program Files (x86)\ElsterFormular\bin" -c --zeigeDlg
Task: {60AEE8DF-D87A-424E-8D37-F357C03B19B1} - System32\Tasks\{BEE6F6BC-7E4E-4156-B456-4BC6B32E9CFC} => pcalua.exe -a C:\Users\kami\Downloads\VirtualBox-4.3.26-98988-Win.exe -d C:\Users\kami\Desktop
Task: {64EE2590-8AD0-4CF8-9776-19F80B91032C} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2011-05-10] (Hewlett-Packard)
Task: {73646A09-01DF-4BEC-8410-7A6AE7C76317} - \Plus-HD-3.8-updater No Task File <==== ATTENTION
Task: {768DF770-0874-4AAD-901E-3FEA36209A02} - System32\Tasks\{3FB10DA3-D217-4D1D-A771-73D471FA49B1} => pcalua.exe -a G:\BMW-Diagnose\LuPeDi-CD\VMware-player-4.0.1-528992.exe -d G:\BMW-Diagnose\LuPeDi-CD
Task: {76A33DD5-687B-4858-B2A4-EF9C08D5F959} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {7B8CFA59-807A-4655-9875-EEDEC70E3777} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {7F761247-E1AF-4456-9207-4A11B453F630} - System32\Tasks\{287FC240-3430-4628-A791-173374ACA4CF} => pcalua.exe -a "C:\VAIS GmbH\Equipment\Nikon Coolpix P500\F-P500-V11W.exe" -d "C:\VAIS GmbH\Equipment\Nikon Coolpix P500"
Task: {88A4FA0C-9E4A-4A24-977F-CE990BA1AA65} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8CF46AA4-9CC9-4A74-A0F9-0F9E299AA524} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {9D6B54ED-177F-47FF-B1EB-95D9CEDEAD34} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {A57C7A01-277D-4D15-A4BA-CA7D721817C4} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2011-07-31] (Haufe-Lexware GmbH & Co. KG)
Task: {A7218D38-69E6-4613-A538-20DD7105C023} - System32\Tasks\{046986FD-9DB1-4173-A375-483BF9D48683} => pcalua.exe -a C:\Users\kami\Downloads\HijackThis.exe -d C:\Users\kami\Desktop
Task: {B0A3A30D-AB38-4825-B792-0C4C23D2141D} - System32\Tasks\{8DD31CD2-8F7C-4809-A0DC-3D78AE6D2EBA} => pcalua.exe -a C:\Users\kami\Downloads\jxpiinstall(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {B6886E16-78D2-4BA2-80D7-69A8EB0BF45A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {B6C8C5F6-F6C7-45BA-9BFC-AF612B65BE58} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-10] (Oracle Corporation)
Task: {B7DBF47E-DC3B-42B5-ADB6-B3864C826B0B} - System32\Tasks\{D977A8D3-C6B2-4D0E-8DEA-C673B3B19161} => pcalua.exe -a C:\Users\kami\Downloads\F-P500-V11W.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {B8D3B2D9-07A9-4875-AE6E-5C18921CDCAE} - System32\Tasks\{05045DF5-9001-44CA-A8E1-54E8DB85B6F1} => pcalua.exe -a C:\Users\kami\Downloads\wrdszch.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {B8EE803A-E92F-43C6-A773-8374447A3E11} - System32\Tasks\{0F2BF6C1-C062-480F-84CD-9A531DDBA372} => pcalua.exe -a C:\LTplusCAD\LTplus.exe -d C:\LTplusCAD -c /B ltsetup.scr
Task: {BCC46F08-5CD5-42CC-9378-327BA4284D62} - System32\Tasks\{5061C3C4-0A3A-474E-918E-D32C552B168C} => pcalua.exe -a C:\Users\kami\Downloads\sp54177.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {C2FBB3EE-F010-4B3C-A201-A91F236DA2EC} - \Plus-HD-3.8-enabler No Task File <==== ATTENTION
Task: {C4A17781-6F9D-4116-8E58-1B051E5EAF86} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {C58C3221-9713-4F19-923F-50E5674D7145} - System32\Tasks\{74EF2365-0D63-4583-9BCC-2FD89228B725} => pcalua.exe -a C:\Users\kami\Downloads\LTplus_SketchUP.exe -d C:\Users\kami\Downloads
Task: {C720A7E1-77FD-4AEF-9B54-2E57F75F3D47} - System32\Tasks\{CBD9BC13-72E0-4024-900F-DB43F8C2D5BF} => C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
Task: {C9DEB7EB-7896-4346-80FA-0274F70206B3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {CFFFD4B8-026B-46E1-967C-E0B39FB0F775} - System32\Tasks\{1543AE92-FCE4-4364-A7D8-1EA7D9234B81} => pcalua.exe -a C:\Users\kami\Downloads\LTplus_SketchUP(1).exe -d C:\Users\kami\Downloads
Task: {E027C661-49DA-4A77-9278-0DBAA1B3D060} - System32\Tasks\{DE6BC2ED-4D34-4602-AE3C-3357C8C96680} => pcalua.exe -a D:\setup_vmc_lite.exe -d D:\ -c /checkApplicationPresence
Task: {E486B4CA-EE16-4464-BD4E-206BF5553C94} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {E4A5226E-5589-477E-960D-4E7D79AB8FC9} - System32\Tasks\HnmIsEN3HeBGjmHRcutCSbAF6p => C:\Users\kami\AppData\Roaming\HnmIsEN3HeBGjmHRcutCSbAF6p.exe <==== ATTENTION
Task: {E9651246-1E99-43D6-9CC2-835C1554CE73} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated)
Task: {E9BD553D-0254-4BBF-9838-026B9A4DD3D6} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG)
Task: {ED2C4FF2-1097-4757-B28C-B590AB00AB0F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {F1174B2C-0522-44F4-ACB9-C9A13ED06D3B} - System32\Tasks\HPCeeScheduleForkami => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {F75C495F-1484-4C60-AF41-CB80528A9C41} - System32\Tasks\{AD831500-7CCF-4C8A-B6EE-42468807CDEE} => pcalua.exe -a C:\Users\kami\Downloads\sp57708.exe -d C:\Users\kami\Downloads
Task: {F769D86F-0104-4FE3-9AE9-F4C5A98E43B5} - System32\Tasks\Trader Workstation Update => C:\Jts\WiseUpdt.exe [2006-11-08] ()
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1cfffdf66526ee7.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HnmIsEN3HeBGjmHRcutCSbAF6p.job => C:\Users\kami\AppData\Roaming\HnmIsEN3HeBGjmHRcutCSbAF6p.exe <==== ATTENTION
Task: C:\windows\Tasks\HPCeeScheduleForkami.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2013-08-23 00:29 - 2006-02-23 11:35 - 00020480 _____ () C:\windows\System32\FritzColorPort64.dll
2013-08-23 00:29 - 2006-02-22 10:39 - 00020480 _____ () C:\windows\System32\FritzPort64.dll
2012-07-03 11:51 - 2011-04-02 16:05 - 00290304 _____ () C:\windows\System32\HP1100LM.DLL
2012-07-03 11:53 - 2011-04-02 16:04 - 00074240 _____ () C:\windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2009-03-16 13:29 - 2009-03-16 13:29 - 06562432 _____ () c:\xampp\mysql\bin\mysqld.exe
2009-05-08 16:41 - 2009-05-08 16:41 - 05750784 _____ () C:\Program Files (x86)\vtigercrm-5.3.0\mysql\bin\mysqld-nt.exe
2011-09-12 18:02 - 2011-09-12 18:02 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-07-18 23:04 - 2011-07-18 23:04 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2011-03-29 21:58 - 2002-10-16 20:20 - 00073728 _____ () C:\Program Files (x86)\Sony Corporation\Image Transfer\SonyTray.exe
2015-03-13 15:54 - 2015-03-13 15:54 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2011-02-03 22:39 - 2010-04-21 10:59 - 00058880 _____ () C:\Program Files (x86)\Hardcopy\HcDLL2_30_x64.dll
2015-04-08 19:32 - 2014-06-23 08:07 - 00113376 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2008-01-18 01:17 - 2008-01-18 01:17 - 00073782 _____ () c:\xampp\apache\bin\zlib1.dll
2007-02-04 11:14 - 2007-02-04 11:14 - 00020687 _____ () C:\xampp\php\zendOptimizer\lib\ZendExtensionManager.dll
2009-02-25 16:54 - 2009-02-25 16:54 - 00166912 _____ () c:\xampp\apache\bin\libmcrypt.dll
2009-02-25 16:54 - 2009-02-25 16:54 - 02076672 _____ () c:\xampp\apache\bin\LIBMYSQL.dll
2009-02-25 16:54 - 2009-02-25 16:54 - 00464172 _____ () c:\xampp\apache\bin\LIBPQ.dll
2007-10-25 10:34 - 2007-10-25 10:34 - 00163840 _____ () c:\xampp\apache\bin\pslib.dll
2007-10-30 14:28 - 2007-10-30 14:28 - 00086016 _____ () c:\xampp\apache\bin\pxlib.dll
2008-01-07 17:47 - 2008-01-07 17:47 - 00721095 _____ () C:\xampp\php\zendOptimizer\lib\Optimizer\php-5.2.x\ZendOptimizer.dll
2012-01-11 01:57 - 2012-01-11 01:57 - 00071024 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\zlib.pyd
2012-01-11 02:05 - 2012-01-11 02:05 - 00103792 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\pywintypes24.dll
2012-01-11 02:05 - 2012-01-11 02:05 - 00032112 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32process.pyd
2012-01-11 02:05 - 2012-01-11 02:05 - 00019312 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32event.pyd
2012-01-11 01:57 - 2012-01-11 01:57 - 00054640 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\_socket.pyd
2012-01-11 01:57 - 2012-01-11 01:57 - 00017264 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\_ssl.pyd
2012-01-11 01:50 - 2012-01-11 01:50 - 00832880 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\LIBEAY32.dll
2012-01-11 01:50 - 2012-01-11 01:50 - 00161136 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\SSLEAY32.dll
2012-01-11 02:05 - 2012-01-11 02:05 - 00075120 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32api.pyd
2012-01-11 02:05 - 2012-01-11 02:05 - 00019312 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32evtlog.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00021360 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\persistent.cPersistence.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00014192 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\persistent.TimeStamp.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00020848 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\persistent.cPickleCache.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00026480 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Acquisition._Acquisition.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00020848 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\ExtensionClass._ExtensionClass.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00010608 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\ComputedAttribute._ComputedAttribute.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00026992 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\AccessControl.cAccessControl.pyd
2012-01-11 04:08 - 2012-01-11 04:08 - 00013168 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Record._Record.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00020336 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\DocumentTemplate.cDocumentTemplate.pyd
2012-01-11 01:57 - 2012-01-11 01:57 - 00140656 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\pyexpat.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00058736 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._OOBTree.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00062832 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._OIBTree.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00062832 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._IOBTree.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00062832 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._IIBTree.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00011120 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Persistence._Persistence.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00010096 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\MethodObject._MethodObject.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00011120 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Missing._Missing.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00011632 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\MultiMapping._MultiMapping.pyd
2012-01-11 01:57 - 2012-01-11 01:57 - 00013680 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\select.pyd
2012-01-11 04:08 - 2012-01-11 04:08 - 00010096 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\ZODB.winlock.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00010096 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Products.ZCTextIndex.stopper.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00010096 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Products.ZCTextIndex.okascore.pyd
2012-01-11 04:08 - 2012-01-11 04:08 - 00341360 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\_jpype.pyd
2012-01-11 04:08 - 2012-01-11 04:08 - 00013168 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\TextIndexNG2\normalizer.pyd
2012-01-11 04:08 - 2012-01-11 04:08 - 00012656 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\TextIndexNG2\indexsupport.pyd
2010-10-14 06:38 - 2010-10-14 06:38 - 00583168 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\OSR32V10.dll
2012-01-11 04:07 - 2012-01-11 04:07 - 00062832 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._fsBTree.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00271728 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\M2Crypto.__m2crypto.pyd
2008-01-18 01:17 - 2008-01-18 01:17 - 00073782 _____ () C:\xampp\apache\bin\zlib1.dll
2009-02-25 16:54 - 2009-02-25 16:54 - 00166912 _____ () C:\xampp\apache\bin\libmcrypt.dll
2009-02-25 16:54 - 2009-02-25 16:54 - 02076672 _____ () C:\xampp\apache\bin\LIBMYSQL.dll
2009-02-25 16:54 - 2009-02-25 16:54 - 00464172 _____ () C:\xampp\apache\bin\LIBPQ.dll
2007-10-25 10:34 - 2007-10-25 10:34 - 00163840 _____ () C:\xampp\apache\bin\pslib.dll
2007-10-30 14:28 - 2007-10-30 14:28 - 00086016 _____ () C:\xampp\apache\bin\pxlib.dll
2015-04-07 21:15 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-07 21:15 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-07 21:15 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2009-05-08 16:41 - 2009-05-08 16:41 - 02076672 _____ () C:\Program Files (x86)\vtigercrm-5.3.0\apache\bin\LIBMYSQL.dll
2010-03-13 05:27 - 2010-03-13 05:27 - 00168280 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMBIOSController.dll
2015-04-07 21:15 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-07 21:15 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-04-08 19:32 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2015-04-08 19:32 - 2014-12-04 14:18 - 00241152 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2013-06-11 09:31 - 2013-06-11 09:31 - 00090112 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CalEngine.dll
2012-04-04 14:33 - 2012-04-04 14:33 - 00139776 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CAgdLNotes.dll
2013-01-08 17:02 - 2013-01-08 17:02 - 00163840 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CAgdOutlook.dll
2012-07-26 11:51 - 2012-07-26 11:51 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VistaCalendar.dll
2015-04-08 19:32 - 2010-01-11 15:44 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
2011-01-05 15:01 - 2011-01-05 15:01 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PimNotes.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2011-03-29 21:58 - 2002-10-16 20:20 - 00012288 _____ () C:\Program Files (x86)\Sony Corporation\Image Transfer\SonyTray.dll
2010-03-13 05:25 - 2010-03-13 05:25 - 00602624 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.UI.ViewModel.dll
2010-03-13 05:25 - 2010-03-13 05:25 - 00355328 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Application.dll
2010-03-13 05:24 - 2010-03-13 05:24 - 00130048 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP.ShinyNoire.UI.dll
2010-03-13 05:27 - 2010-03-13 05:27 - 00136040 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.SharedUI.WPF.dll
2010-03-13 05:24 - 2010-03-13 05:24 - 00015360 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Resources.WPF.dll
2010-03-13 05:24 - 2010-03-13 05:24 - 00014848 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.Resources.WPF.resources.dll
2010-03-13 05:24 - 2010-03-13 05:24 - 01601536 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\en-US\HP.ShinyNoire.UI.resources.dll
2010-03-13 05:26 - 2010-03-13 05:26 - 00311296 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.SharedUI.WPF.resources.dll
2010-03-13 05:24 - 2010-03-13 05:24 - 00483328 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\en-US\SmithMicro.Resources.WPF.resources.dll
2010-03-13 05:25 - 2010-03-13 05:25 - 00059904 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.UI.Models.dll
2010-03-13 05:26 - 2010-03-13 05:26 - 00195584 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.WwanDiagnostics.dll
2010-03-13 05:24 - 2010-03-13 05:24 - 00573440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Message.XmlSerializers.dll
2010-03-13 05:25 - 2010-03-13 05:25 - 00045056 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Application.XmlSerializers.dll
2010-03-13 05:25 - 2010-03-13 05:25 - 00005120 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.Application.resources.dll
2010-03-13 05:25 - 2010-03-13 05:25 - 00015872 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.UI.ViewModel.resources.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2011-03-08 05:44 - 2011-03-23 20:46 - 00466944 _____ () C:\Program Files (x86)\SmartTools\Word Falz & Lochmarken-Assistent\adxloader.dll
2013-12-05 13:08 - 2013-12-05 13:08 - 00495616 _____ () C:\Users\kami\AppData\Local\assembly\dl3\YNQE85JZ.M4J\VJ5OYTVX.MAE\9366e6d6\00f8b38e_8380c901\Interop.Word.DLL
2012-08-05 11:22 - 2011-05-07 03:53 - 00190836 _____ () C:\Program Files (x86)\SmartTools\Word Falz & Lochmarken-Assistent\STP_FuncLib.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\kami\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken 2004 Zahlungserinnerung.lnk => C:\windows\pss\Quicken 2004 Zahlungserinnerung.lnk.CommonStartup
MSCONFIG\startupreg: Iminent => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
MSCONFIG\startupreg: IminentMessenger => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background

==================== Accounts: =============================

Administrator (S-1-5-21-2479338598-3314396831-1710804073-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-2479338598-3314396831-1710804073-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2479338598-3314396831-1710804073-1004 - Limited - Enabled)
Hotel (S-1-5-21-2479338598-3314396831-1710804073-1007 - Limited - Enabled) => C:\Users\Hotel
kami (S-1-5-21-2479338598-3314396831-1710804073-1003 - Administrator - Enabled) => C:\Users\kami
RF (S-1-5-21-2479338598-3314396831-1710804073-1005 - Limited - Enabled) => C:\Users\RF
Sonos (S-1-5-21-2479338598-3314396831-1710804073-1016 - Limited - Enabled)
Vais (S-1-5-21-2479338598-3314396831-1710804073-1006 - Administrator - Enabled) => C:\Users\Vais

==================== Faulty Device Manager Devices =============

Name: YAC Ring3 Driver
Description: YAC Ring3 Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: iSafeKrnlR3
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: YAC Kit Driver
Description: YAC Kit Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: iSafeKrnlKit
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/18/2015 04:22:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.17296 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2fbc

Startzeit: 01d079e0bb1d060b

Endzeit: 26

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID:

Error: (04/18/2015 00:51:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SDImmunize.exe, Version 2.4.40.130 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2634

Startzeit: 01d079bba02b7b6d

Endzeit: 1123

Anwendungspfad: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe

Berichts-ID: 2ea2100d-e5b8-11e4-8c29-70f395d12e69

Error: (04/18/2015 10:16:14 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (04/18/2015 10:16:14 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (04/18/2015 10:16:14 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (04/18/2015 10:10:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (04/18/2015 10:10:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (04/18/2015 01:47:17 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (04/17/2015 10:58:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (04/17/2015 10:58:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.


System errors:
=============
Error: (04/18/2015 05:17:23 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (04/18/2015 05:04:31 PM) (Source: DCOM) (EventID: 10016) (User: Beta)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}BetakamiS-1-5-21-2479338598-3314396831-1710804073-1003LocalHost (unter Verwendung von LRPC)

Error: (04/18/2015 05:04:31 PM) (Source: DCOM) (EventID: 10016) (User: Beta)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}BetakamiS-1-5-21-2479338598-3314396831-1710804073-1003LocalHost (unter Verwendung von LRPC)

Error: (04/18/2015 04:22:20 PM) (Source: DCOM) (EventID: 10016) (User: Beta)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}BetakamiS-1-5-21-2479338598-3314396831-1710804073-1003LocalHost (unter Verwendung von LRPC)

Error: (04/18/2015 04:22:20 PM) (Source: DCOM) (EventID: 10016) (User: Beta)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}BetakamiS-1-5-21-2479338598-3314396831-1710804073-1003LocalHost (unter Verwendung von LRPC)

Error: (04/18/2015 04:10:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Haufe iDesk-Service in C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/18/2015 04:09:47 PM) (Source: DCOM) (EventID: 10016) (User: Beta)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}BetakamiS-1-5-21-2479338598-3314396831-1710804073-1003LocalHost (unter Verwendung von LRPC)

Error: (04/18/2015 04:09:47 PM) (Source: DCOM) (EventID: 10016) (User: Beta)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}BetakamiS-1-5-21-2479338598-3314396831-1710804073-1003LocalHost (unter Verwendung von LRPC)

Error: (04/18/2015 04:06:17 PM) (Source: DCOM) (EventID: 10016) (User: Beta)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}BetakamiS-1-5-21-2479338598-3314396831-1710804073-1003LocalHost (unter Verwendung von LRPC)

Error: (04/18/2015 04:06:17 PM) (Source: DCOM) (EventID: 10016) (User: Beta)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}BetakamiS-1-5-21-2479338598-3314396831-1710804073-1003LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================

NoMW! · 18.04.2015, 18:56

Matthias, ich kann heute wahrscheinlich nicht mehr antworten.

Gmer.txt:

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-18 18:41:36
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PC3O 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\kami\AppData\Local\Temp\pxldqpow.sys


---- Kernel code sections - GMER 2.1 ----

.text  C:\windows\System32\win32k.sys!W32pServiceTable                                                                                                           fffff96000124c00 7 bytes [00, 93, F3, FF, 41, A4, F0]
.text  C:\windows\System32\win32k.sys!W32pServiceTable + 8                                                                                                       fffff96000124c08 3 bytes [00, 07, 02]

---- User code sections - GMER 2.1 ----

.text  C:\windows\system32\taskhost.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                        000000007729de30 6 bytes {JMP QWORD [RIP+0x8ea2200]}
.text  C:\windows\system32\taskhost.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                                 000000007729de40 6 bytes {JMP QWORD [RIP+0x8f021f0]}
.text  C:\windows\system32\taskhost.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                           000000007729df00 6 bytes {JMP QWORD [RIP+0x8ee2130]}
.text  C:\windows\system32\taskhost.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                         000000007729e120 6 bytes {JMP QWORD [RIP+0x8ec1f10]}
.text  C:\windows\system32\taskhost.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                        000000007729e1d0 6 bytes {JMP QWORD [RIP+0x8e61e60]}
.text  C:\windows\system32\taskhost.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                                     000000007729e760 6 bytes {JMP QWORD [RIP+0x8e818d0]}
.text  C:\windows\system32\taskhost.exe[2684] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                   000000007729f100 6 bytes {JMP QWORD [RIP+0x8f20f30]}
.text  C:\windows\system32\taskhost.exe[2684] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                            000007fefd3fa6f5 3 bytes [15, 59, 05]
.text  C:\windows\Explorer.EXE[3100] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                 000000007729de30 6 bytes {JMP QWORD [RIP+0x8ea2200]}
.text  C:\windows\Explorer.EXE[3100] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                                                          000000007729de40 6 bytes {JMP QWORD [RIP+0x8f021f0]}
.text  C:\windows\Explorer.EXE[3100] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                    000000007729df00 6 bytes {JMP QWORD [RIP+0x8ee2130]}
.text  C:\windows\Explorer.EXE[3100] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                  000000007729e120 6 bytes {JMP QWORD [RIP+0x8ec1f10]}
.text  C:\windows\Explorer.EXE[3100] C:\windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                 000000007729e1d0 6 bytes {JMP QWORD [RIP+0x8e61e60]}
.text  C:\windows\Explorer.EXE[3100] C:\windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                                              000000007729e760 6 bytes {JMP QWORD [RIP+0x8e818d0]}
.text  C:\windows\Explorer.EXE[3100] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                            000000007729f100 6 bytes {JMP QWORD [RIP+0x8f20f30]}
.text  C:\windows\Explorer.EXE[3100] C:\windows\system32\kernel32.dll!CreateProcessInternalW                                                                     000000007714dbc0 6 bytes {JMP QWORD [RIP+0x9092470]}
.text  C:\windows\Explorer.EXE[3100] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                     000007fefd3fa6f5 3 bytes [15, 59, 05]
.text  C:\windows\Explorer.EXE[3100] C:\windows\system32\msi.dll!MsiSetInternalUI                                                                                000007feed8d5c70 6 bytes {JMP QWORD [RIP+0x9da3c0]}
.text  C:\windows\Explorer.EXE[3100] C:\windows\system32\msi.dll!MsiInstallProductA                                                                              000007feed952ad4 2 bytes [FF, 25]
.text  C:\windows\Explorer.EXE[3100] C:\windows\system32\msi.dll!MsiInstallProductA + 3                                                                          000007feed952ad7 3 bytes [D5, 91, 00]
.text  C:\windows\Explorer.EXE[3100] C:\windows\system32\msi.dll!MsiInstallProductW                                                                              000007feed96167c 6 bytes {JMP QWORD [RIP+0x92e9b4]}
.text  C:\windows\Explorer.EXE[3100] C:\windows\system32\WINSPOOL.DRV!AddPrintProvidorA                                                                          000007fefaec7b34 6 bytes {JMP QWORD [RIP+0x884fc]}
.text  C:\windows\Explorer.EXE[3100] C:\windows\system32\WINSPOOL.DRV!AddPrintProvidorW                                                                          000007fefaed03c0 6 bytes {JMP QWORD [RIP+0xcfc70]}
.text  C:\windows\Explorer.EXE[3100] C:\windows\system32\WS2_32.dll!WSALookupServiceBeginW                                                                       000007fefe063030 6 bytes {JMP QWORD [RIP+0x158d000]}
.text  C:\windows\Explorer.EXE[3100] C:\windows\system32\WS2_32.dll!connect + 1                                                                                  000007fefe0645c1 5 bytes {JMP QWORD [RIP+0x152ba70]}
.text  C:\windows\Explorer.EXE[3100] C:\windows\system32\WS2_32.dll!listen                                                                                       000007fefe068290 6 bytes {JMP QWORD [RIP+0x1567da0]}
.text  C:\windows\Explorer.EXE[3100] C:\windows\system32\WS2_32.dll!WSAConnect                                                                                   000007fefe08e0f0 6 bytes {JMP QWORD [RIP+0x1521f40]}
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess                                          000000007744fc1c 3 bytes JMP 7178000a
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                      000000007744fc20 2 bytes JMP 7178000a
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile                                   000000007744fc34 3 bytes JMP 716f000a
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                               000000007744fc38 2 bytes JMP 716f000a
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                             000000007744fd60 3 bytes JMP 7172000a
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                         000000007744fd64 2 bytes JMP 7172000a
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                           00000000774500b0 3 bytes JMP 7175000a
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                       00000000774500b4 2 bytes JMP 7175000a
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                                          00000000774501c0 3 bytes JMP 717e000a
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                      00000000774501c4 2 bytes JMP 717e000a
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                       0000000077450a40 3 bytes JMP 717b000a
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                   0000000077450a44 2 bytes JMP 717b000a
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread                                     000000007745191c 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                 0000000077451920 2 bytes [6B, 71]
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW                              0000000076413b93 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                          0000000076413b97 2 bytes [68, 71]
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                              0000000075ea2c9e 4 bytes CALL 71af0000
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\syswow64\WS2_32.dll!WSALookupServiceBeginW                                0000000075ee575a 6 bytes JMP 719c000a
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\syswow64\WS2_32.dll!connect                                               0000000075ee6bdd 6 bytes JMP 71a5000a
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\syswow64\WS2_32.dll!listen                                                0000000075eeb001 6 bytes {JMP QWORD [RIP+0x719e001e]}
.text  C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE[8352] C:\windows\syswow64\WS2_32.dll!WSAConnect                                            0000000075eecc3f 6 bytes {JMP QWORD [RIP+0x71a1001e]}
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess                                           000000007744fc1c 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                       000000007744fc20 2 bytes [77, 71]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile                                    000000007744fc34 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                000000007744fc38 2 bytes [6E, 71]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                              000000007744fd60 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                          000000007744fd64 2 bytes [71, 71]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                            00000000774500b0 3 bytes JMP 7175000a
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                        00000000774500b4 2 bytes JMP 7175000a
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                                           00000000774501c0 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                       00000000774501c4 2 bytes [7D, 71]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                        0000000077450a40 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                    0000000077450a44 2 bytes [7A, 71]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread                                      000000007745191c 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                  0000000077451920 2 bytes [6B, 71]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW                               0000000076413b93 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                           0000000076413b97 2 bytes [68, 71]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                               0000000075ea2c9e 4 bytes {CALL QWORD [RIP+0x71af000a]}
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\USER32.dll!SendMessageW                                           0000000076b09679 6 bytes {JMP QWORD [RIP+0x718c001e]}
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\USER32.dll!PostMessageW                                           0000000076b112a5 6 bytes JMP 7187000a
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\USER32.dll!PostMessageA                                           0000000076b13baa 6 bytes {JMP QWORD [RIP+0x7189001e]}
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\USER32.dll!GetMenu + 412                                          0000000076b151dd 7 bytes JMP 000000011003ac50
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\USER32.dll!PeekMessageA + 407                                     0000000076b1610b 7 bytes JMP 000000011003b000
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\USER32.dll!SendMessageA                                           0000000076b1612e 6 bytes {JMP QWORD [RIP+0x718f001e]}
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamW + 131                       0000000076b1c6c1 7 bytes JMP 000000011003abc0
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\USER32.dll!SendInput                                              0000000076b2ff4a 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\USER32.dll!SendInput + 4                                          0000000076b2ff4e 2 bytes [92, 71]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\USER32.dll!MessageBoxIndirectA + 199                              0000000076b5fc98 7 bytes JMP 000000011003af50
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\USER32.dll!MessageBoxIndirectW + 52                               0000000076b5fcd1 7 bytes JMP 000000011003adf0
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\USER32.dll!MessageBoxExA + 31                                     0000000076b5fcf5 7 bytes JMP 000000011003af00
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\USER32.dll!mouse_event                                            0000000076b6027b 6 bytes {JMP QWORD [RIP+0x7198001e]}
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[8548] C:\windows\syswow64\USER32.dll!keybd_event                                            0000000076b602bf 6 bytes {JMP QWORD [RIP+0x7195001e]}
.text  C:\Program Files (x86)\Sony Corporation\Image Transfer\SonyTray.exe[8700] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW                         0000000076413b93 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Sony Corporation\Image Transfer\SonyTray.exe[8700] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                     0000000076413b97 2 bytes [7A, 71]
.text  C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[9012] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                     000007fefd3fa6f5 3 bytes CALL 0
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess                  000000007744fc1c 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 4              000000007744fc20 2 bytes [89, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile           000000007744fc34 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4       000000007744fc38 2 bytes [80, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                     000000007744fd60 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                 000000007744fd64 2 bytes [83, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                   00000000774500b0 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4               00000000774500b4 2 bytes [86, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                  00000000774501c0 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey + 4              00000000774501c4 2 bytes [8F, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey               0000000077450a40 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4           0000000077450a44 2 bytes [8C, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread             000000007745191c 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread + 4         0000000077451920 2 bytes [7D, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\syswow64\KERNEL32.dll!CreateProcessInternalW      0000000076413b93 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\syswow64\KERNEL32.dll!CreateProcessInternalW + 4  0000000076413b97 2 bytes [7A, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493      0000000075ea2c9e 4 bytes CALL 71af0000
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\syswow64\USER32.dll!SendMessageW                  0000000076b09679 6 bytes {JMP QWORD [RIP+0x719e001e]}
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\syswow64\USER32.dll!PostMessageW                  0000000076b112a5 6 bytes JMP 7199000a
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\syswow64\USER32.dll!PostMessageA                  0000000076b13baa 6 bytes {JMP QWORD [RIP+0x719b001e]}
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\syswow64\USER32.dll!SendMessageA                  0000000076b1612e 6 bytes JMP 71a2000a
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\syswow64\USER32.dll!SendInput                     0000000076b2ff4a 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\syswow64\USER32.dll!SendInput + 4                 0000000076b2ff4e 2 bytes [A4, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\syswow64\USER32.dll!mouse_event                   0000000076b6027b 6 bytes {JMP QWORD [RIP+0x71aa001e]}
.text  C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[9176] C:\windows\syswow64\USER32.dll!keybd_event                   0000000076b602bf 6 bytes {JMP QWORD [RIP+0x71a7001e]}
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess                                           000000007744fc1c 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                       000000007744fc20 2 bytes [77, 71]
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile                                    000000007744fc34 3 bytes JMP 716f000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                000000007744fc38 2 bytes JMP 716f000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                              000000007744fd60 3 bytes JMP 7172000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                          000000007744fd64 2 bytes JMP 7172000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                            00000000774500b0 3 bytes JMP 7175000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                        00000000774500b4 2 bytes JMP 7175000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                                           00000000774501c0 3 bytes JMP 717e000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                       00000000774501c4 2 bytes JMP 717e000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                        0000000077450a40 3 bytes JMP 717b000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                    0000000077450a44 2 bytes JMP 717b000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread                                      000000007745191c 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                  0000000077451920 2 bytes [6B, 71]
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW                               0000000076413b93 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                           0000000076413b97 2 bytes [68, 71]
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\syswow64\WS2_32.dll!WSALookupServiceBeginW                                 0000000075ee575a 6 bytes JMP 719c000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\syswow64\WS2_32.dll!connect                                                0000000075ee6bdd 6 bytes JMP 71a5000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\syswow64\WS2_32.dll!listen                                                 0000000075eeb001 6 bytes {JMP QWORD [RIP+0x719e001e]}
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[9188] C:\windows\syswow64\WS2_32.dll!WSAConnect                                             0000000075eecc3f 6 bytes {JMP QWORD [RIP+0x71a1001e]}
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess                                     000000007744fc1c 3 bytes JMP 716f000a
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                 000000007744fc20 2 bytes JMP 716f000a
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile                              000000007744fc34 3 bytes JMP 7166000a
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                          000000007744fc38 2 bytes JMP 7166000a
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                        000000007744fd60 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                    000000007744fd64 2 bytes [68, 71]
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                      00000000774500b0 3 bytes JMP 716c000a
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                  00000000774500b4 2 bytes JMP 716c000a
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                                     00000000774501c0 3 bytes JMP 7175000a
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                 00000000774501c4 2 bytes JMP 7175000a
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                  0000000077450a40 3 bytes JMP 7172000a
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                              0000000077450a44 2 bytes JMP 7172000a
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread                                000000007745191c 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                            0000000077451920 2 bytes [62, 71]
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW                         0000000076413b93 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                     0000000076413b97 2 bytes [5F, 71]
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\syswow64\WS2_32.dll!WSALookupServiceBeginW                           0000000075ee575a 6 bytes JMP 7193000a
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\syswow64\WS2_32.dll!connect                                          0000000075ee6bdd 6 bytes JMP 719c000a
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\syswow64\WS2_32.dll!listen                                           0000000075eeb001 6 bytes {JMP QWORD [RIP+0x7195001e]}
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1664] C:\windows\syswow64\WS2_32.dll!WSAConnect                                       0000000075eecc3f 6 bytes {JMP QWORD [RIP+0x7198001e]}
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess                                        000000007744fc1c 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                    000000007744fc20 2 bytes [89, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile                                 000000007744fc34 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                             000000007744fc38 2 bytes [80, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                           000000007744fd60 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                       000000007744fd64 2 bytes [83, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                         00000000774500b0 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                     00000000774500b4 2 bytes [86, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                                        00000000774501c0 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                    00000000774501c4 2 bytes [8F, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                     0000000077450a40 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                 0000000077450a44 2 bytes [8C, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread                                   000000007745191c 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                               0000000077451920 2 bytes [7D, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\syswow64\KERNEL32.dll!CreateProcessInternalW                            0000000076413b93 3 bytes [FF, 25, 1E]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\syswow64\KERNEL32.dll!CreateProcessInternalW + 4                        0000000076413b97 2 bytes [7A, 71]
.text  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe[10192] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                            0000000075ea2c9e 4 bytes {CALL QWORD [RIP+0x71af000a]}
.text  C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7176] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                               000000007729de30 6 bytes {JMP QWORD [RIP+0x8ea2200]}
.text  C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7176] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationFile                                        000000007729de40 6 bytes {JMP QWORD [RIP+0x8f021f0]}
.text  C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7176] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile                                                  000000007729df00 6 bytes {JMP QWORD [RIP+0x8ee2130]}
.text  C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7176] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                000000007729e120 6 bytes {JMP QWORD [RIP+0x8ec1f10]}
.text  C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7176] C:\windows\SYSTEM32\ntdll.dll!NtSetValueKey                                               000000007729e1d0 6 bytes {JMP QWORD [RIP+0x8e61e60]}
.text  C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7176] C:\windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                            000000007729e760 6 bytes {JMP QWORD [RIP+0x8e818d0]}
.text  C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7176] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                          000000007729f100 6 bytes {JMP QWORD [RIP+0x8f20f30]}
.text  C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7176] C:\windows\system32\kernel32.dll!CreateProcessInternalW                                   000000007714dbc0 6 bytes {JMP QWORD [RIP+0x9092470]}
.text  C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7176] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                   000007fefd3fa6f5 3 bytes [15, 59, 49]
.text  C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7176] C:\windows\system32\WS2_32.dll!WSALookupServiceBeginW                                     000007fefe063030 6 bytes {JMP QWORD [RIP+0x158d000]}
.text  C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7176] C:\windows\system32\WS2_32.dll!connect + 1                                                000007fefe0645c1 5 bytes {JMP QWORD [RIP+0x152ba70]}
.text  C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7176] C:\windows\system32\WS2_32.dll!listen                                                     000007fefe068290 6 bytes {JMP QWORD [RIP+0x1567da0]}
.text  C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7176] C:\windows\system32\WS2_32.dll!WSAConnect                                                 000007fefe08e0f0 6 bytes {JMP QWORD [RIP+0x1521f40]}
.text  C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[7176] C:\windows\system32\RASAPI32.dll!RasDialW + 1                                             000007fefa8a96f5 5 bytes {JMP QWORD [RIP+0x7693c]}
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess                                              000000007744fc1c 3 bytes JMP 7178000a
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                          000000007744fc20 2 bytes JMP 7178000a
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile                                       000000007744fc34 3 bytes JMP 716f000a
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                   000000007744fc38 2 bytes JMP 716f000a
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                                 000000007744fd60 3 bytes JMP 7172000a
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                             000000007744fd64 2 bytes JMP 7172000a
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                               00000000774500b0 3 bytes JMP 7175000a
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                           00000000774500b4 2 bytes JMP 7175000a
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                                              00000000774501c0 3 bytes JMP 717e000a
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                          00000000774501c4 2 bytes JMP 717e000a
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                           0000000077450a40 3 bytes JMP 717b000a
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                       0000000077450a44 2 bytes JMP 717b000a
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread                                         000000007745191c 3 bytes JMP 716c000a
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                     0000000077451920 2 bytes JMP 716c000a
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW                                  0000000076413b93 3 bytes JMP 7169000a
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                              0000000076413b97 2 bytes JMP 7169000a
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                  0000000075ea2c9e 4 bytes CALL 71af0000
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\USER32.dll!SendMessageW                                              0000000076b09679 6 bytes JMP 718d000a
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\USER32.dll!PostMessageW                                              0000000076b112a5 6 bytes JMP 7187000a
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\USER32.dll!PostMessageA                                              0000000076b13baa 6 bytes JMP 718a000a
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\USER32.dll!SendMessageA                                              0000000076b1612e 6 bytes JMP 7190000a
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\USER32.dll!SendInput                                                 0000000076b2ff4a 3 bytes JMP 7193000a
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\USER32.dll!SendInput + 4                                             0000000076b2ff4e 2 bytes JMP 7193000a
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\USER32.dll!mouse_event                                               0000000076b6027b 6 bytes JMP 7199000a
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\USER32.dll!keybd_event                                               0000000076b602bf 6 bytes JMP 7196000a
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\ADVAPI32.dll!CreateServiceW                                          0000000076a170c4 6 bytes JMP 7181000a
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\ADVAPI32.dll!CreateServiceA                                          0000000076a33264 6 bytes JMP 7184000a
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\WS2_32.dll!WSALookupServiceBeginW                                    0000000075ee575a 6 bytes JMP 719c000a
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\WS2_32.dll!connect                                                   0000000075ee6bdd 6 bytes JMP 71a5000a
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\WS2_32.dll!listen                                                    0000000075eeb001 6 bytes JMP 719f000a
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\WS2_32.dll!WSAConnect                                                0000000075eecc3f 6 bytes JMP 71a2000a
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                  0000000075211401 2 bytes JMP 7642b1ef C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                    0000000075211419 2 bytes JMP 7642b31a C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                  0000000075211431 2 bytes JMP 764a8f09 C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                  000000007521144a 2 bytes CALL 76404885 C:\windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                       * 9
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                     00000000752114dd 2 bytes JMP 764a8802 C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                              00000000752114f5 2 bytes JMP 764a89d8 C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                     000000007521150d 2 bytes JMP 764a86f8 C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                              0000000075211525 2 bytes JMP 764a8ac2 C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                    000000007521153d 2 bytes JMP 7641fc78 C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                         0000000075211555 2 bytes JMP 764268bf C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                  000000007521156d 2 bytes JMP 764a8fc1 C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                    0000000075211585 2 bytes JMP 764a8b22 C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                       000000007521159d 2 bytes JMP 764a86bc C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                    00000000752115b5 2 bytes JMP 7641fd11 C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                  00000000752115cd 2 bytes JMP 7642b2b0 C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                              00000000752116b2 2 bytes JMP 764a8e84 C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[13044] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                              00000000752116bd 2 bytes JMP 764a8651 C:\windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess                         000000007744fc1c 3 bytes JMP 718a000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                     000000007744fc20 2 bytes JMP 718a000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile                  000000007744fc34 3 bytes JMP 7181000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4              000000007744fc38 2 bytes JMP 7181000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                            000000007744fd60 3 bytes JMP 7184000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                        000000007744fd64 2 bytes JMP 7184000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                          00000000774500b0 3 bytes JMP 7187000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                      00000000774500b4 2 bytes JMP 7187000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                         00000000774501c0 3 bytes JMP 7190000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                     00000000774501c4 2 bytes JMP 7190000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey                      0000000077450a40 3 bytes JMP 718d000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                  0000000077450a44 2 bytes JMP 718d000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread                    000000007745191c 3 bytes JMP 717e000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                0000000077451920 2 bytes JMP 717e000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW             0000000076413b93 3 bytes JMP 717b000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4         0000000076413b97 2 bytes JMP 717b000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493             0000000075ea2c9e 4 bytes CALL 71af0000
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\syswow64\USER32.dll!SendMessageW                         0000000076b09679 6 bytes JMP 719f000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\syswow64\USER32.dll!PostMessageW                         0000000076b112a5 6 bytes JMP 7199000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\syswow64\USER32.dll!PostMessageA                         0000000076b13baa 6 bytes JMP 719c000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\syswow64\USER32.dll!SendMessageA                         0000000076b1612e 6 bytes JMP 71a2000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\syswow64\USER32.dll!SendInput                            0000000076b2ff4a 3 bytes JMP 71a5000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\syswow64\USER32.dll!SendInput + 4                        0000000076b2ff4e 2 bytes JMP 71a5000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\syswow64\USER32.dll!mouse_event                          0000000076b6027b 6 bytes JMP 71ab000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\syswow64\USER32.dll!keybd_event                          0000000076b602bf 6 bytes JMP 71a8000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\syswow64\ADVAPI32.dll!CreateServiceW                     0000000076a170c4 6 bytes JMP 7193000a
.text  C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[8536] C:\windows\syswow64\ADVAPI32.dll!CreateServiceA                     0000000076a33264 6 bytes JMP 7196000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                   000000007744fc1c 3 bytes JMP 718a000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                                               000000007744fc20 2 bytes JMP 718a000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile                                                            000000007744fc34 3 bytes JMP 7181000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                                        000000007744fc38 2 bytes JMP 7181000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                                                      000000007744fd60 3 bytes JMP 7184000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                                  000000007744fd64 2 bytes JMP 7184000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                                                    00000000774500b0 3 bytes JMP 7187000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                                00000000774500b4 2 bytes JMP 7187000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                   00000000774501c0 3 bytes JMP 7190000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                                               00000000774501c4 2 bytes JMP 7190000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                                                0000000077450a40 3 bytes JMP 718d000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                                            0000000077450a44 2 bytes JMP 718d000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread                                                              000000007745191c 3 bytes JMP 717e000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                                          0000000077451920 2 bytes JMP 717e000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW                                                       0000000076413b93 3 bytes JMP 717b000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                                                   0000000076413b97 2 bytes JMP 717b000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                       0000000075ea2c9e 4 bytes CALL 71af0000
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\syswow64\USER32.dll!SendMessageW                                                                   0000000076b09679 6 bytes JMP 719f000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\syswow64\USER32.dll!PostMessageW                                                                   0000000076b112a5 6 bytes JMP 7199000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\syswow64\USER32.dll!PostMessageA                                                                   0000000076b13baa 6 bytes JMP 719c000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\syswow64\USER32.dll!SendMessageA                                                                   0000000076b1612e 6 bytes JMP 71a2000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\syswow64\USER32.dll!SendInput                                                                      0000000076b2ff4a 3 bytes JMP 71a5000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\syswow64\USER32.dll!SendInput + 4                                                                  0000000076b2ff4e 2 bytes JMP 71a5000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\syswow64\USER32.dll!mouse_event                                                                    0000000076b6027b 6 bytes JMP 71ab000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\syswow64\USER32.dll!keybd_event                                                                    0000000076b602bf 6 bytes JMP 71a8000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\syswow64\ADVAPI32.dll!CreateServiceW                                                               0000000076a170c4 6 bytes JMP 7193000a
.text  C:\Users\kami\Desktop\Gmer-19357.exe[11964] C:\windows\syswow64\ADVAPI32.dll!CreateServiceA                                                               0000000076a33264 6 bytes JMP 7196000a

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f395d12e69                                                                               
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f395d12e69@001891615130                                                                  0x4E 0xF5 0x71 0xF9 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f395d12e69@001a45be5960                                                                  0xA1 0xA9 0x4D 0x66 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f395d12e69@0016b8f80bac                                                                  0xC0 0x21 0xB3 0x59 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f395d12e69 (not active ControlSet)                                                           
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f395d12e69@001891615130                                                                      0x4E 0xF5 0x71 0xF9 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f395d12e69@001a45be5960                                                                      0xA1 0xA9 0x4D 0x66 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f395d12e69@0016b8f80bac                                                                      0xC0 0x21 0xB3 0x59 ...

---- EOF - GMER 2.1 ----

M-K-D-B · 18.04.2015, 20:53

Servus,

wir beginnen mit ComboFix:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

NoMW! · 18.04.2015, 23:02

Hallo Matthias,

McAffee schickt ComboFix.exe sofort in Quarantäne, weil er den Trojaner Artemis!D84537E13089 erkannt haben will. Ist dieser Link hxxp://download.bleepingcomputer.com/sUBs/ComboFix.exe der Richtige.
Muss ich den Virenscanner vorher deaktivieren?

Viele Grüße

M-K-D-B · 19.04.2015, 11:42

Zitat:

Zitat von NoMW!

McAffee schickt ComboFix.exe sofort in Quarantäne, weil er den Trojaner Artemis!D84537E13089 erkannt haben will. Ist dieser Link hxxp://download.bleepingcomputer.com/sUBs/ComboFix.exe der Richtige.
Muss ich den Virenscanner vorher deaktivieren?

Ja, bitte den Virenscanner vorher deaktivieren.
Das ist nämlich ein Fehlalarm von McAfee.

NoMW! · 19.04.2015, 12:56

Hallo Matthias,

ich finde es großartig, dass du dich auch am Sonntag mit meinem Problem befasst.

Das Programm hat moniert, dass Spybot noch aktiv war. Da ich nicht herausfand, wie er zu deaktivieren ist, habe ich ihn deinstalliert. Jedoch keinen Restart durchgeführt.

Code:

ATTFilter

ComboFix 15-04-16.01 - kami 19.04.2015  13:15:45.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.5935.2117 [GMT 2:00]
ausgeführt von:: c:\users\kami\Desktop\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\0.bak
c:\programdata\1&1
c:\programdata\1&1\1&1 Office-Drive Manager\ULMSettings.xml
C:\Thumbs.db
c:\users\kami\AppData\Local\assembly\tmp
c:\users\kami\AppData\Roaming\1&1
c:\users\kami\AppData\Roaming\1&1\1&1 Office-Drive Manager\ULMSettings.xml
c:\users\kami\AppData\Roaming\Microsoft\Windows\Recent\Rechnung_Hornbach_7201808198_140213_red.pdf
c:\windows\IsUn0407.exe
c:\windows\ST6UNST.000
c:\windows\wininit.ini
G:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-03-19 bis 2015-04-19  ))))))))))))))))))))))))))))))
.
.
2015-04-19 11:30 . 2015-04-19 11:30	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-04-18 15:09 . 2015-04-18 16:05	--------	d-----w-	C:\FRST
2015-04-16 07:47 . 2015-04-16 07:47	--------	d-----w-	c:\program files (x86)\Sonos
2015-04-16 07:33 . 2015-03-23 03:24	227328	----a-w-	c:\windows\system32\aepdu.dll
2015-04-16 07:32 . 2015-03-17 05:22	5557696	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-04-16 07:31 . 2015-04-18 08:46	--------	d-----w-	c:\programdata\Sonos,_Inc
2015-04-16 07:30 . 2015-03-10 03:25	1882624	----a-w-	c:\windows\system32\msxml3.dll
2015-04-16 07:30 . 2015-03-10 03:08	1237504	----a-w-	c:\windows\SysWow64\msxml3.dll
2015-04-16 07:30 . 2015-03-10 03:21	2048	----a-w-	c:\windows\system32\msxml3r.dll
2015-04-16 07:30 . 2015-03-10 03:05	2048	----a-w-	c:\windows\SysWow64\msxml3r.dll
2015-04-16 07:29 . 2015-02-25 03:18	754688	----a-w-	c:\windows\system32\drivers\http.sys
2015-04-16 07:19 . 2015-04-16 07:19	--------	d-----w-	c:\program files (x86)\Common Files\Java
2015-04-14 10:15 . 2015-04-14 10:15	--------	d-----w-	c:\users\kami\AppData\Roaming\com.wd.WDMyCloud
2015-04-14 10:03 . 2015-04-14 10:03	--------	d-----w-	c:\users\kami\AppData\Roaming\WDC
2015-04-14 10:02 . 2015-04-16 07:17	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-04-13 20:52 . 2015-04-13 20:52	--------	d-----w-	c:\programdata\launcher
2015-04-13 20:21 . 2015-04-13 20:21	--------	d-----w-	c:\programdata\rmbwizard
2015-04-13 16:29 . 2015-04-13 17:32	--------	d-----w-	c:\users\kami\AppData\Local\Western_Digital_Technolog
2015-04-13 16:20 . 2015-04-13 16:20	--------	d-----w-	c:\program files\Western Digital
2015-04-13 16:20 . 2015-04-13 16:20	--------	d-----w-	c:\program files\Common Files\Western Digital
2015-04-13 16:13 . 2015-04-14 10:15	--------	d-----w-	c:\program files (x86)\Western Digital
2015-04-13 16:13 . 2015-04-13 16:13	--------	d-----w-	c:\program files (x86)\Common Files\Western Digital
2015-04-13 10:24 . 2015-04-13 14:12	--------	d-----w-	c:\program files (x86)\PDF24
2015-04-13 09:58 . 2015-04-13 09:58	--------	d-----w-	c:\program files (x86)\Glarysoft
2015-04-11 18:08 . 2015-04-11 18:08	--------	d-----w-	c:\program files\Bonjour Print Services
2015-04-11 18:02 . 2015-04-13 16:20	--------	d-----w-	c:\programdata\Western Digital
2015-04-11 17:33 . 2015-04-13 16:29	--------	d-----w-	c:\users\kami\AppData\Local\Western Digital
2015-04-10 09:35 . 2015-04-10 09:35	--------	d-----w-	c:\users\kami\Neuer Ordner
2015-04-09 23:59 . 2015-04-09 23:59	--------	d-----w-	c:\program files\Paragon Software
2015-04-09 23:54 . 2015-04-09 23:54	--------	d-----w-	c:\programdata\explauncher
2015-04-09 19:03 . 2015-04-09 19:03	--------	d-----w-	c:\programdata\Emsisoft
2015-04-09 00:29 . 2015-04-09 00:29	--------	d-----w-	c:\program files (x86)\Avira
2015-04-08 23:55 . 2015-04-16 07:17	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-08 23:55 . 2015-04-16 07:17	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-08 23:22 . 2015-04-19 08:01	--------	d-----w-	c:\program files (x86)\Emsisoft Anti-Malware
2015-04-08 23:13 . 2015-04-09 07:12	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-04-08 23:08 . 2015-04-08 23:44	--------	d-----w-	c:\users\kami\Entmister-SW
2015-04-08 17:32 . 2015-04-08 17:32	--------	d-----w-	c:\programdata\Sony
2015-04-08 13:16 . 2015-04-08 13:16	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2015-04-08 07:38 . 2015-04-08 07:38	--------	d-----w-	c:\users\kami\VirtualBox VMs
2015-04-08 07:27 . 2015-04-13 14:03	--------	d-----w-	c:\users\kami\.VirtualBox
2015-04-08 07:25 . 2015-03-16 15:36	922704	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys
2015-04-08 07:24 . 2015-03-16 15:35	128592	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys
2015-04-08 07:24 . 2015-04-08 07:24	--------	d-----w-	c:\program files\Oracle
2015-04-08 00:22 . 2015-04-08 00:22	--------	d-----w-	c:\users\kami\AppData\Local\BVRP Software
2015-04-07 19:15 . 2015-04-19 11:12	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2015-04-07 19:15 . 2015-04-19 11:12	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2015-04-07 19:09 . 2015-04-07 19:14	--------	d-----w-	c:\program files\CCleaner
2015-04-07 18:20 . 2015-04-07 18:41	--------	d-----w-	c:\programdata\HitmanPro
2015-04-06 11:21 . 2015-04-07 09:36	--------	d-----w-	c:\windows\system32\log
2015-04-04 10:49 . 2015-04-04 10:49	--------	d-s---w-	c:\windows\SysWow64\GWX
2015-04-04 10:49 . 2015-04-04 10:49	--------	d-s---w-	c:\windows\system32\GWX
2015-04-03 01:31 . 2015-04-03 01:31	--------	d-----w-	c:\users\kami\AppData\Roaming\LavasoftStatistics
2015-04-03 01:31 . 2015-03-12 09:59	373864	----a-w-	c:\windows\system32\LavasoftTcpService64.dll
2015-04-03 01:31 . 2015-03-12 09:58	326288	----a-w-	c:\windows\SysWow64\LavasoftTcpService.dll
2015-04-02 20:13 . 2015-04-19 09:28	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-02 20:12 . 2015-04-02 20:12	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2015-04-02 20:12 . 2015-04-02 20:12	--------	d-----w-	c:\programdata\Malwarebytes
2015-04-02 20:12 . 2015-03-17 04:15	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-04-02 20:12 . 2015-03-17 04:15	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-04-02 20:12 . 2015-03-17 04:15	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-18 15:19 . 2013-08-20 20:07	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2015-04-18 15:19 . 2013-08-20 20:07	42168	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2015-04-18 15:19 . 2013-08-06 16:23	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2015-04-16 07:34 . 2010-12-05 16:07	128913832	----a-w-	c:\windows\system32\MRT.exe
2015-04-13 14:37 . 2013-08-06 16:23	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-04-13 14:37 . 2013-08-06 16:23	42168	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-04-12 10:53 . 2013-08-20 20:07	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2015-03-17 04:56 . 2015-04-16 07:32	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-03-16 15:35 . 2015-03-16 15:35	204264	----a-w-	c:\windows\system32\VBoxNetFltNobj.dll
2015-03-16 15:35 . 2015-03-16 15:35	156360	----a-w-	c:\windows\system32\drivers\VBoxNetFlt.sys
2015-03-16 15:35 . 2015-03-16 15:35	141440	----a-w-	c:\windows\system32\drivers\VBoxNetAdp.sys
2015-02-26 03:25 . 2015-03-11 08:57	3204096	----a-w-	c:\windows\system32\win32k.sys
2015-02-20 04:41 . 2015-03-11 08:59	41984	----a-w-	c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-11 08:59	100864	----a-w-	c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-11 08:59	14336	----a-w-	c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-11 08:59	46080	----a-w-	c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-11 08:59	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-11 08:59	10240	----a-w-	c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-11 08:59	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-11 08:59	25600	----a-w-	c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-11 08:59	372224	----a-w-	c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-11 08:59	299008	----a-w-	c:\windows\SysWow64\atmfd.dll
2015-02-17 15:04 . 2015-02-17 15:04	1202848	----a-w-	c:\windows\SysWow64\FM20.DLL
2015-02-13 05:22 . 2015-03-11 08:57	14177280	----a-w-	c:\windows\system32\shell32.dll
2015-02-04 10:23 . 2015-02-04 10:23	875688	----a-w-	c:\windows\SysWow64\msvcr120_clr0400.dll
2015-02-04 10:13 . 2015-02-04 10:13	869536	----a-w-	c:\windows\system32\msvcr120_clr0400.dll
2015-02-04 03:16 . 2015-03-11 08:55	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2015-02-04 02:54 . 2015-03-11 08:55	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2015-02-03 03:34 . 2015-03-11 08:58	693176	----a-w-	c:\windows\system32\winload.efi
2015-02-03 03:34 . 2015-03-11 08:58	94656	----a-w-	c:\windows\system32\drivers\mountmgr.sys
2015-02-03 03:33 . 2015-03-11 08:58	616360	----a-w-	c:\windows\system32\winresume.efi
2015-02-03 03:31 . 2015-03-11 08:59	14632960	----a-w-	c:\windows\system32\wmp.dll
2015-02-03 03:31 . 2015-03-11 08:59	782848	----a-w-	c:\windows\system32\wmdrmsdk.dll
2015-02-03 03:31 . 2015-03-11 08:58	229376	----a-w-	c:\windows\system32\wintrust.dll
2015-02-03 03:31 . 2015-03-11 08:57	1424896	----a-w-	c:\windows\system32\WindowsCodecs.dll
2015-02-03 03:31 . 2015-03-11 08:57	215552	----a-w-	c:\windows\system32\ubpm.dll
2015-02-03 03:31 . 2015-03-11 08:58	5120	----a-w-	c:\windows\system32\msdxm.ocx
2015-02-03 03:31 . 2015-03-11 08:58	5120	----a-w-	c:\windows\system32\dxmasf.dll
2015-02-03 03:31 . 2015-03-11 08:58	63488	----a-w-	c:\windows\system32\setbcdlocale.dll
2015-02-03 03:31 . 2015-03-11 08:59	1574400	----a-w-	c:\windows\system32\quartz.dll
2015-02-03 03:31 . 2015-03-11 08:58	500224	----a-w-	c:\windows\system32\AUDIOKSE.dll
2015-02-03 03:31 . 2015-03-11 08:58	371712	----a-w-	c:\windows\system32\qdvd.dll
2015-02-03 03:31 . 2015-03-11 08:58	188416	----a-w-	c:\windows\system32\pcasvc.dll
2015-02-03 03:31 . 2015-03-11 08:58	37376	----a-w-	c:\windows\system32\pcadm.dll
2015-02-03 03:31 . 2015-03-11 08:58	9728	----a-w-	c:\windows\system32\spwmp.dll
2015-02-03 03:31 . 2015-03-11 08:58	641024	----a-w-	c:\windows\system32\msscp.dll
2015-02-03 03:31 . 2015-03-11 08:58	325632	----a-w-	c:\windows\system32\msnetobj.dll
2015-02-03 03:31 . 2015-03-11 08:58	11264	----a-w-	c:\windows\system32\msmmsp.dll
2015-02-03 03:31 . 2015-03-11 08:58	432128	----a-w-	c:\windows\system32\mfplat.dll
2015-02-03 03:31 . 2015-03-11 08:58	4121600	----a-w-	c:\windows\system32\mf.dll
2015-02-03 03:31 . 2015-03-11 08:58	206848	----a-w-	c:\windows\system32\mfps.dll
2015-02-03 03:30 . 2015-03-11 08:59	631808	----a-w-	c:\windows\system32\evr.dll
2015-02-03 03:30 . 2015-03-11 08:58	284672	----a-w-	c:\windows\system32\EncDump.dll
2015-02-03 03:30 . 2015-03-11 08:59	1202176	----a-w-	c:\windows\system32\drmv2clt.dll
2015-02-03 03:30 . 2015-03-11 08:59	497664	----a-w-	c:\windows\system32\drmmgrtn.dll
2015-02-03 03:30 . 2015-03-11 08:59	1480192	----a-w-	c:\windows\system32\crypt32.dll
2015-02-03 03:30 . 2015-03-11 08:58	1069056	----a-w-	c:\windows\system32\cryptui.dll
2015-02-03 03:30 . 2015-03-11 08:58	82432	----a-w-	c:\windows\system32\cryptsp.dll
2015-02-03 03:30 . 2015-03-11 08:58	140288	----a-w-	c:\windows\system32\cryptnet.dll
2015-02-03 03:30 . 2015-03-11 08:58	187904	----a-w-	c:\windows\system32\cryptsvc.dll
2015-02-03 03:30 . 2015-03-11 08:59	842240	----a-w-	c:\windows\system32\blackbox.dll
2015-02-03 03:30 . 2015-03-11 08:58	680960	----a-w-	c:\windows\system32\audiosrv.dll
2015-02-03 03:30 . 2015-03-11 08:58	296448	----a-w-	c:\windows\system32\AudioSes.dll
2015-02-03 03:30 . 2015-03-11 08:58	440832	----a-w-	c:\windows\system32\AudioEng.dll
2015-02-03 03:30 . 2015-03-11 08:58	32256	----a-w-	c:\windows\system32\appidsvc.dll
2015-02-03 03:30 . 2015-03-11 08:58	58880	----a-w-	c:\windows\system32\appidapi.dll
2015-02-03 03:30 . 2015-03-11 08:58	55808	----a-w-	c:\windows\system32\rrinstaller.exe
2015-02-03 03:30 . 2015-03-11 08:58	9728	----a-w-	c:\windows\system32\pcalua.exe
2015-02-03 03:30 . 2015-03-11 08:58	11264	----a-w-	c:\windows\system32\pcawrk.exe
2015-02-03 03:30 . 2015-03-11 08:58	24576	----a-w-	c:\windows\system32\mfpmp.exe
2015-02-03 03:30 . 2015-03-11 08:58	126464	----a-w-	c:\windows\system32\audiodg.exe
2015-02-03 03:30 . 2015-03-11 08:58	146944	----a-w-	c:\windows\system32\appidpolicyconverter.exe
2015-02-03 03:30 . 2015-03-11 08:58	17920	----a-w-	c:\windows\system32\appidcertstorecheck.exe
2015-02-03 03:30 . 2015-03-11 08:58	12625920	----a-w-	c:\windows\system32\wmploc.DLL
2015-02-03 03:29 . 2015-03-11 08:58	8704	----a-w-	c:\windows\system32\pcaevts.dll
2015-02-03 03:28 . 2015-03-11 08:58	2048	----a-w-	c:\windows\system32\mferror.dll
2015-02-03 03:19 . 2015-03-11 08:59	663552	----a-w-	c:\windows\system32\drivers\PEAuth.sys
2015-02-03 03:12 . 2015-03-11 08:59	617984	----a-w-	c:\windows\SysWow64\wmdrmsdk.dll
2015-02-03 03:12 . 2015-03-11 08:58	179200	----a-w-	c:\windows\SysWow64\wintrust.dll
2015-02-03 03:12 . 2015-03-11 08:57	1230848	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2015-02-03 03:12 . 2015-03-11 08:57	171520	----a-w-	c:\windows\SysWow64\ubpm.dll
2015-02-03 03:12 . 2015-03-11 08:58	4096	----a-w-	c:\windows\SysWow64\msdxm.ocx
2015-02-03 03:12 . 2015-03-11 08:58	4096	----a-w-	c:\windows\SysWow64\dxmasf.dll
2015-02-03 03:12 . 2015-03-11 08:58	1329664	----a-w-	c:\windows\SysWow64\quartz.dll
2015-02-03 03:12 . 2015-03-11 08:58	519680	----a-w-	c:\windows\SysWow64\qdvd.dll
2015-02-03 03:12 . 2015-03-11 08:58	442880	----a-w-	c:\windows\SysWow64\AUDIOKSE.dll
2015-02-03 03:12 . 2015-03-11 08:58	8192	----a-w-	c:\windows\SysWow64\spwmp.dll
2015-02-03 03:12 . 2015-03-11 08:58	504320	----a-w-	c:\windows\SysWow64\msscp.dll
2015-02-03 03:12 . 2015-03-11 08:58	265216	----a-w-	c:\windows\SysWow64\msnetobj.dll
2015-02-03 03:12 . 2015-03-11 08:59	3209728	----a-w-	c:\windows\SysWow64\mf.dll
2015-02-03 03:12 . 2015-03-11 08:58	354816	----a-w-	c:\windows\SysWow64\mfplat.dll
2015-02-03 03:12 . 2015-03-11 08:58	103424	----a-w-	c:\windows\SysWow64\mfps.dll
2015-02-03 03:12 . 2015-03-11 08:58	489984	----a-w-	c:\windows\SysWow64\evr.dll
2015-02-03 03:12 . 2015-03-11 08:59	988160	----a-w-	c:\windows\SysWow64\drmv2clt.dll
2015-02-03 03:12 . 2015-03-11 08:59	406016	----a-w-	c:\windows\SysWow64\drmmgrtn.dll
2015-02-03 03:12 . 2015-03-11 08:59	1174528	----a-w-	c:\windows\SysWow64\crypt32.dll
2015-02-03 03:12 . 2015-03-11 08:58	1005056	----a-w-	c:\windows\SysWow64\cryptui.dll
2015-02-03 03:12 . 2015-03-11 08:58	81408	----a-w-	c:\windows\SysWow64\cryptsp.dll
2015-02-03 03:12 . 2015-03-11 08:58	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2015-02-03 03:12 . 2015-03-11 08:58	143872	----a-w-	c:\windows\SysWow64\cryptsvc.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}]
@="{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}"
[HKEY_CLASSES_ROOT\CLSID\{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}]
2012-09-24 15:47	868352	----a-w-	c:\program files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"1&1_1&1 Office-Drive Manager"="c:\program files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE" [2012-09-24 993392]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-03-13 7451928]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2014-11-27 466144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Connection Manager.exe"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe" [2010-03-13 1119048]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2014-11-28 193568]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2015-02-12 5564784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{90120000-0030-0000-0000-0000000FF1CE}"="del" [X]
"{90120000-0017-0000-0000-0000000FF1CE}"="del" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hardcopy.LNK - c:\program files (x86)\Hardcopy\hardcopy.exe [2011-2-4 1726976]
Image Transfer.lnk - c:\program files (x86)\Sony Corporation\Image Transfer\SonyTray.exe [2011-3-29 73728]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
Quicken Jubiläumsversion Zahlungserinnerung.lnk - c:\windows\Installer\{A907A713-DA24-4352-8786-96C7A6944646}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe [2012-7-11 40960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"LexwareInfoService"=c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R1 iSafeKrnlKit;YAC Kit Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [x]
R1 iSafeKrnlMon;YAC Monitor Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [x]
R1 iSafeKrnlR3;YAC Ring3 Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vtigercrmMysql530;vtigercrmMysql530;c:\program files (x86)\vtigercrm-5.3.0\mysql\bin\mysqld-nt --defaults-file=c:\program files (x86)\vtigercrm-5.3.0\mysql\my.ini vtigercrmMysql530;c:\program files (x86)\vtigercrm-5.3.0\mysql\bin\mysqld-nt --defaults-file=c:\program files (x86)\vtigercrm-5.3.0\mysql\my.ini vtigercrmMysql530 [x]
R2 XAMPP;XAMPP Service;c:\xampp\service.exe;c:\xampp\service.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys;c:\windows\SYSNATIVE\Drivers\lgandadb.sys [x]
R3 BioNTDrv;BioNTDrv;c:\program files\Paragon Software\Backup and Recovery 2014 Free\program\BioNTDrv.SYS;c:\program files\Paragon Software\Backup and Recovery 2014 Free\program\BioNTDrv.SYS [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 iSafeKrnlBoot;YAC Boot Driver;c:\windows\system32\DRIVERS\iSafeKrnlBoot.sys;c:\windows\SYSNATIVE\DRIVERS\iSafeKrnlBoot.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys;c:\windows\SYSNATIVE\DRIVERS\mfenlfk.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 PAC7311;VGA SoC PC-Camer@;c:\windows\system32\DRIVERS\PA707UCM.SYS;c:\windows\SYSNATIVE\DRIVERS\PA707UCM.SYS [x]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys;c:\windows\SYSNATIVE\DRIVERS\s0016bus.sys [x]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s0016mdfl.sys [x]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s0016mdm.sys [x]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s0016mgmt.sys [x]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s0016nd5.sys [x]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys;c:\windows\SYSNATIVE\DRIVERS\s0016obex.sys [x]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys;c:\windows\SYSNATIVE\DRIVERS\s0016unic.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\drivers\vpcuxd.sys;c:\windows\SYSNATIVE\drivers\vpcuxd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys;c:\windows\SYSNATIVE\drivers\BMLoad.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S1 ndasfat;NDAS FAT;c:\windows\system32\DRIVERS\ndasfat.sys;c:\windows\SYSNATIVE\DRIVERS\ndasfat.sys [x]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys;c:\windows\SYSNATIVE\DRIVERS\nm3.sys [x]
S1 RsvLock;RsvLock; [x]
S1 ui11drdr;ui11drdr;c:\windows\system32\DRIVERS\ui11drdr.sys;c:\windows\SYSNATIVE\DRIVERS\ui11drdr.sys [x]
S1 Uim_DEVIM;UIM Direct Device Image Plugin;c:\windows\system32\DRIVERS\uim_devim.sys;c:\windows\SYSNATIVE\DRIVERS\uim_devim.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe;c:\xampp\apache\bin\httpd.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HRService;Haufe iDesk-Service in c:\program files (x86)\Haufe\iDesk\iDeskService\Zope;c:\program files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe;c:\program files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\MCAFEE\MSC\MCAPEXE.EXE;c:\program files\MCAFEE\MSC\MCAPEXE.EXE [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe;c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SMManager;HP Connection Manager Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S2 VmbService;Vodafone-Mobile-Broadband-Dienst;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]
S2 vtigercrmApache530;vtigercrmApache530;c:\program files (x86)\vtigercrm-5.3.0\apache\bin\Apache.exe;c:\program files (x86)\vtigercrm-5.3.0\apache\bin\Apache.exe [x]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 qcfilterhp2k;HP un2420 Mobile Broadband Module USB Device Filter;c:\windows\system32\DRIVERS\qcfilterhp2k.sys;c:\windows\SYSNATIVE\DRIVERS\qcfilterhp2k.sys [x]
S3 qcombushp;Gobi 2000 USB Composite Device Driver(03F0-251D);c:\windows\system32\DRIVERS\qcombushp.sys;c:\windows\SYSNATIVE\DRIVERS\qcombushp.sys [x]
S3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D);c:\windows\system32\DRIVERS\qcusbnethp2k.sys;c:\windows\SYSNATIVE\DRIVERS\qcusbnethp2k.sys [x]
S3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D);c:\windows\system32\DRIVERS\qcusbserhp2k.sys;c:\windows\SYSNATIVE\DRIVERS\qcusbserhp2k.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_K3805-z_dc_enum.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2013-01-16 10:46	454176	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-04-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-08 07:17]
.
2015-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 09:46]
.
2015-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 09:46]
.
2015-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cfffdf66526ee7.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 09:46]
.
2015-04-18 c:\windows\Tasks\HPCeeScheduleForkami.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}]
@="{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}"
[HKEY_CLASSES_ROOT\CLSID\{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}]
2012-09-24 15:48	944128	----a-w-	c:\program files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS64.DLL
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{c0e8ae32-0758-4c8d-ab71-23b361fe8964} - c:\users\kami\AppData\Local\Temp\ie_script.htm
IE: {{d8f67242-b229-4065-95fa-391b077ed6ca} - {d8f67242-b229-4065-95fa-391b077ed6ca} - mscoree.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{49B937D5-91CB-4C63-A626-90511A9E92EA}: NameServer = 192.168.178.1
TCP: Interfaces\{49B937D5-91CB-4C63-A626-90511A9E92EA}\44865696D6E4F6274613D234: NameServer = 192.168.178.1
TCP: Interfaces\{704C1AD4-1DA1-4F83-B0A1-F0CFB199FA80}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{8951B8BC-2E91-404E-88AE-F86E28012953}: NameServer = 192.168.178.1
Handler: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - c:\windows\System32\mscoree.dll
FF - ProfilePath - c:\users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\c625zout.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Wow6432Node-HKCU-Run-Web Companion - c:\program files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
Wow6432Node-HKU-Default-Run-GarminExpressTrayApp - c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{5CCF8330-F742-411A-8A04-719806D168B5} - msiexec
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-Onboard - c:\program files\Western Digital\WD SmartWare\BackupTask.exe
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
AddRemove-Trader Workstation - c:\windows\system32\javaws.exe
AddRemove-vtigercrm-5.3.0 - c:\vais gmbh\CRM\vtigercrm-5.3.0\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vtigercrmMysql530]
"ImagePath"="\"c:\program files (x86)\vtigercrm-5.3.0\mysql\bin\mysqld-nt\" \"--defaults-file=c:\program files (x86)\vtigercrm-5.3.0\mysql\my.ini\" vtigercrmMysql530"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
@="?"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\¸\XÈ^*]
@="?\\?^"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\¸“*]
@="??"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\(g*]
@="?g"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\Hsc*PKx*]
@="?c?x"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\¸uc*]
@="?c"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\¸uc*Â^*]
@="?c?^"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\ˆwd*ðUa*]
@="?d?a"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\(xc*]
@="?c"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\(xc*PKx*]
@="?c?x"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\Àxd**¼a*]
@="?d?a"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-04-19  13:35:55
ComboFix-quarantined-files.txt  2015-04-19 11:35
.
Vor Suchlauf: 45 Verzeichnis(se), 100.407.566.336 Bytes frei
Nach Suchlauf: 53 Verzeichnis(se), 100.163.768.320 Bytes frei
.
- - End Of File - - 5377157AA4FC1CF5FA41DFCC136BEDC8
A36C5E4F47E84449FF07ED3517B43A31

M-K-D-B · 19.04.2015, 13:19

Servus,

gut gemacht.

So geht es weiter:

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die Logdatei von JRT,
die beiden neuen Logdateien von FRST.

NoMW! · 19.04.2015, 23:43

Hallo Matthias,

vielen Dank für die ausführliche Anleitung. Es ist alles gut durchgelaufen bis auf FRST.exe. Da blieb das Fenster wieder 2x mit der FM "Getting Office Sessions errors: 4131 stehen. Die txt-Dateien wurden aber erzeugt.

Ich wünsche dir einen guten Start in die neue Woche.

Gruß
Karl

Schritt 1:

Code:

ATTFilter

# AdwCleaner v4.201 - Bericht erstellt 19/04/2015 um 22:27:06
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-19.4 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : kami - BETA
# Gestarted von : C:\Users\kami\Desktop\AdwCleaner_4.201.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : iSafeKrnlBoot
[#] Dienst Gelöscht : iSafeKrnlKit
[#] Dienst Gelöscht : iSafeKrnlMon
[#] Dienst Gelöscht : iSafeKrnlR3

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\kami\AppData\LocalLow\HPAppData
Ordner Gelöscht : C:\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\o0kjmvy6.default\Extensions\sparpilot@sparpilot.com
Datei Gelöscht : C:\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\o0kjmvy6.default\searchplugins\11-suche.xml

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Local AppWizard-Generated Applications
Schlüssel Gelöscht : HKLM\SOFTWARE\Elex-tech
Schlüssel Gelöscht : HKU\.DEFAULT\Software\Elex-tech

***** [ Internetbrowser ] *****

-\\ Internet Explorer v10.0.9200.17296


-\\ Mozilla Firefox v37.0.1 (x86 de)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [89123 Bytes] - [30/12/2013 15:56:07]
AdwCleaner[R1].txt - [10702 Bytes] - [27/08/2014 11:08:06]
AdwCleaner[R2].txt - [9275 Bytes] - [02/04/2015 19:00:51]
AdwCleaner[R3].txt - [9351 Bytes] - [02/04/2015 21:06:24]
AdwCleaner[R4].txt - [9407 Bytes] - [02/04/2015 21:15:07]
AdwCleaner[R5].txt - [1455 Bytes] - [02/04/2015 21:55:14]
AdwCleaner[R6].txt - [2944 Bytes] - [07/04/2015 11:32:15]
AdwCleaner[R7].txt - [2595 Bytes] - [19/04/2015 22:03:20]
AdwCleaner[S0].txt - [86279 Bytes] - [30/12/2013 15:59:16]
AdwCleaner[S1].txt - [10265 Bytes] - [27/08/2014 11:13:02]
AdwCleaner[S2].txt - [9313 Bytes] - [02/04/2015 21:39:15]
AdwCleaner[S3].txt - [2820 Bytes] - [07/04/2015 11:34:59]
AdwCleaner[S4].txt - [2282 Bytes] - [19/04/2015 22:27:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [2341  Bytes] ##########

Schritt 2:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 19.04.2015
Suchlauf-Zeit: 22:40:37
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.03.09.05
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Aktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: kami

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 595005
Verstrichene Zeit: 36 Min, 56 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

Schritt 3:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.8 (04.17.2015:1)
OS: Windows 7 Professional x64
Ran by kami on 19.04.2015 at 23:34:01,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3c77255-42c0-499f-b664-6e981a0b1647}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{c3c77255-42c0-499f-b664-6e981a0b1647}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{c3c77255-42c0-499f-b664-6e981a0b1647}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Users\kami\AppData\Roaming\getrighttogo
Successfully deleted: [Empty Folder] C:\Users\kami\appdata\local\{13061807-DBAA-4FC1-A714-07CBEF1EAB22}
Successfully deleted: [Empty Folder] C:\Users\kami\appdata\local\{1B4E616E-9EF9-4711-8D1C-7576B35C1412}
Successfully deleted: [Empty Folder] C:\Users\kami\appdata\local\{3A2E388D-7420-4BEA-BAAD-8FDC2A22511F}
Successfully deleted: [Empty Folder] C:\Users\kami\appdata\local\{405111D2-E336-4C6D-ABD7-9CABAA0BE822}
Successfully deleted: [Empty Folder] C:\Users\kami\appdata\local\{56EE0AB5-DB26-4410-9F71-C953B35C29B3}
Successfully deleted: [Empty Folder] C:\Users\kami\appdata\local\{8C5DC509-7EA5-4DC7-95E7-F3DB27346B9B}
Successfully deleted: [Empty Folder] C:\Users\kami\appdata\local\{D13E9120-FE5C-4831-B480-D193789502AD}





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.04.2015 at 23:37:18,52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Schritt 4_FRST.txt:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-04-2015 01
Ran by kami (administrator) on BETA on 19-04-2015 23:56:34
Running from C:\Users\kami\Desktop
Loaded Profiles: kami (Available profiles: kami & RF & Vais & Hotel & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C-Dilla Ltd) C:\Windows\SysWOW64\drivers\CDAC11BA.EXE
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3196272 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [HP Connection Manager.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe [1119048 2010-03-13] (Smith Micro Software, Inc)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-10] ()
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [1&1_1&1 Office-Drive Manager] => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE [993392 2012-09-24] (1&1 Internet AG)
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] => C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90120000-0017-0000-0000-0000000FF1CE}] => C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Image Transfer.lnk
ShortcutTarget: Image Transfer.lnk -> C:\Program Files (x86)\Sony Corporation\Image Transfer\SonyTray.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Jubiläumsversion Zahlungserinnerung.lnk
ShortcutTarget: Quicken Jubiläumsversion Zahlungserinnerung.lnk -> C:\Windows\Installer\{A907A713-DA24-4352-8786-96C7A6944646}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation)
ShellIconOverlayIdentifiers: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS64.DLL (1&1 Internet AG)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS.DLL (1&1 Internet AG)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM-x32 - (No Name) - {32361cec-8645-4eea-a02e-406794b05835} - No File
SearchScopes: HKLM -> {72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2479338598-3314396831-1710804073-1003 -> {0BCB17D6-B352-4483-809A-DE0B5CD02F8F} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE0&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2479338598-3314396831-1710804073-1003 -> {72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D} URL = 
SearchScopes: HKU\S-1-5-21-2479338598-3314396831-1710804073-1003 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.de/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2010-05-06] (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation)
Handler: haufereader - No CLSID Value
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{49B937D5-91CB-4C63-A626-90511A9E92EA}: [NameServer] 192.168.178.1
Tcpip\..\Interfaces\{704C1AD4-1DA1-4F83-B0A1-F0CFB199FA80}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{8951B8BC-2E91-404E-88AE-F86E28012953}: [NameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\c625zout.default
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2011-06-25] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2010-10-28] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2011-06-25] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-12-13] (Nullsoft, Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2010-12-10] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @virtools.com/3DviaPlayer -> C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll [2012-04-05] (Dassault Systèmes)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll [2010-11-01] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-10-22] (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-24]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-09-12]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-15]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon [2011-04-09]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-07-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-06-11]
FF HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR Profile: C:\Users\kami\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SiteAdvisor) - C:\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-08-27]
CHR Extension: (Google Wallet) - C:\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-05]
CHR HKLM-x32\...\Chrome\Extension: [jgfpelakfkbbkkdchaaaknckhoadkcbo] - C:\Program Files (x86)\Mein Gutscheincode Finder\Chrome\chrome-extension.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-04] (ActivIdentity)
S2 Apache2.2; c:\xampp\apache\bin\httpd.exe [24636 2008-12-10] (Apache Software Foundation) [File not signed]
R2 C-DillaCdaC11BA; C:\windows\SysWOW64\drivers\CDAC11BA.EXE [39936 2010-12-14] (C-Dilla Ltd) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2010-02-02] (McAfee, Inc.) [File not signed]
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-12-07] (Hewlett-Packard Ltd)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
S2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [90112 2010-06-14] (Hewlett-Packard Company) [File not signed]
S2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2010-02-02] (McAfee, Inc.)
S2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [298496 2010-05-06] (Hewlett-Packard) [File not signed]
S2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 HRService; C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe [71024 2012-01-11] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 McAPExe; C:\PROGRAM FILES\MCAFEE\MSC\MCAPEXE.EXE [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-10-08] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mysql; c:\xampp\mysql\bin\mysqld.exe [6562432 2009-03-16] ()
S2 ndassvc; C:\Program Files\NDAS\System\ndassvc.exe [376808 2007-06-29] (XIMETA, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 QDLService2kHP; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe [1687360 2011-04-29] (QUALCOMM, Inc.)
S2 SMManager; C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe [82760 2010-03-13] (Smith Micro Software, Inc.)
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9216 2010-12-31] (Vodafone) [File not signed]
S2 vtigercrmApache530; C:\Program Files (x86)\vtigercrm-5.3.0\apache\bin\Apache.exe [20541 2009-05-08] (Apache Software Foundation) [File not signed]
S2 vtigercrmMysql530; C:\Program Files (x86)\vtigercrm-5.3.0\mysql\my.ini [2994 2012-02-14] () [File not signed]
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-02-12] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 XAMPP; c:\xampp\service.exe [60928 2007-12-21] () [File not signed]
S2 HPSLPSVC; C:\Users\kami\AppData\Local\Temp\7zS03A3\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\lgandadb.sys [31744 2010-08-01] (Google Inc)
S3 BioNTDrv; C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\BioNTDrv.SYS [18696 2014-05-19] (Paragon Software Group)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2011-04-09] (Bytemobile, Inc.) [File not signed]
S2 CdaC15BA; C:\windows\SysWOW64\drivers\CDAC15BA.SYS [8864 2012-01-05] () [File not signed]
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [419840 2010-12-31] (Huawei Technologies Co., Ltd.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 lfsfilt; C:\Windows\System32\DRIVERS\lfsfilt.sys [339944 2007-06-29] (XIMETA, Inc.)
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.)
R0 lpx; C:\Windows\System32\DRIVERS\lpx.sys [97256 2007-06-29] (XIMETA, Inc.)
R1 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [107736 2015-03-17] (Malwarebytes Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-19] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
S3 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-04] (Marvell Semiconductor, Inc.)
R3 ndasbus; C:\Windows\System32\DRIVERS\ndasbus.sys [108520 2007-06-29] (XIMETA, Inc.)
R1 ndasfat; C:\windows\system32\DRIVERS\ndasfat.sys [537064 2007-06-29] (XIMETA, Inc.)
S3 ndasscsi; C:\Windows\System32\DRIVERS\ndasscsi.sys [235496 2007-06-29] (XIMETA, Inc.)
S3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [602112 2006-11-08] (PixArt Imaging Inc.)
R3 qcfilterhp2k; C:\Windows\System32\DRIVERS\qcfilterhp2k.sys [6400 2011-04-29] (QUALCOMM Incorporated)
R3 qcombushp; C:\Windows\System32\DRIVERS\qcombushp.sys [160328 2011-04-29] (MCCI)
R3 qcusbnethp2k; C:\Windows\System32\DRIVERS\qcusbnethp2k.sys [444416 2011-04-29] (QUALCOMM Incorporated)
R3 qcusbserhp2k; C:\Windows\System32\DRIVERS\qcusbserhp2k.sys [230784 2011-04-29] (QUALCOMM Incorporated)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2010-02-02] (McAfee, Inc.)
R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2010-02-02] (McAfee, Inc.)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2010-02-02] ()
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2010-02-02] (McAfee, Inc.)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2010-02-02] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2010-02-02] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2010-02-02] (McAfee, Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-01-19] ()
R1 tcpipBM; C:\windows\system32\drivers\tcpipBM.sys [39552 2011-04-09] (Bytemobile, Inc.) [File not signed]
R1 ui11drdr; C:\Windows\System32\DRIVERS\ui11drdr.sys [201072 2012-09-24] (1&1 Internet AG)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-05-19] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-05-19] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700296 2014-05-19] ()
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-19] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-19] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-19] (LG Electronics Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 vmci; system32\DRIVERS\vmci.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-19 23:54 - 2015-04-19 23:54 - 00001866 _____ () C:\Users\kami\Desktop\JRT_1.txt
2015-04-19 23:37 - 2015-04-19 23:37 - 00001866 _____ () C:\Users\kami\Desktop\JRT.txt
2015-04-19 23:34 - 2015-04-19 23:34 - 00000207 _____ () C:\windows\tweaking.com-regbackup-BETA-Windows-7-Professional-(64-bit).dat
2015-04-19 23:34 - 2015-04-19 23:34 - 00000000 ____D () C:\RegBackup
2015-04-19 23:32 - 2015-04-19 23:32 - 00001206 _____ () C:\Users\kami\Desktop\mbam.txt
2015-04-19 22:40 - 2015-04-19 22:40 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-19 22:40 - 2015-04-19 22:40 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-19 22:40 - 2015-04-19 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-19 22:40 - 2015-04-19 22:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-19 22:40 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-04-19 22:40 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-04-19 22:40 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-04-19 22:37 - 2015-04-19 22:38 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\kami\Desktop\mbam-setup-2.1.4.1018.exe
2015-04-19 22:36 - 2015-04-19 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-04-19 22:32 - 2015-04-19 22:32 - 00002421 _____ () C:\Users\kami\Desktop\AdwCleaner[S4].txt
2015-04-19 21:55 - 2015-04-19 21:55 - 02686254 _____ (Thisisu) C:\Users\kami\Desktop\JRT.exe
2015-04-19 19:04 - 2015-04-19 19:04 - 00000000 ____D () C:\Users\kami\AppData\Roaming\1&1
2015-04-19 19:04 - 2015-04-19 19:04 - 00000000 ____D () C:\ProgramData\1&1
2015-04-19 13:35 - 2015-04-19 13:35 - 00052136 _____ () C:\ComboFix.txt
2015-04-19 13:12 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2015-04-19 13:12 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2015-04-19 13:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-04-19 13:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-04-19 13:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-04-19 13:12 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2015-04-19 13:12 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2015-04-19 13:12 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2015-04-19 13:08 - 2015-04-19 13:36 - 00000000 ____D () C:\Qoobox
2015-04-19 13:07 - 2015-04-19 13:32 - 00000000 ____D () C:\windows\erdnt
2015-04-19 10:45 - 2015-04-19 10:45 - 02217984 _____ () C:\Users\kami\Desktop\AdwCleaner_4.201.exe
2015-04-18 18:51 - 2015-04-18 18:51 - 00000000 ____D () C:\Users\kami\Documents\ProcAlyzer Dumps
2015-04-18 18:41 - 2015-04-18 18:41 - 00059728 _____ () C:\Users\kami\Desktop\Gmer.txt
2015-04-18 18:05 - 2015-04-18 18:05 - 00092155 _____ () C:\Users\kami\Desktop\FRST_a.txt
2015-04-18 18:00 - 2015-04-18 18:00 - 00000000 ____D () C:\Users\kami\Desktop\FRST-OlderVersion
2015-04-18 17:23 - 2015-04-18 17:23 - 00380416 _____ () C:\Users\kami\Desktop\Gmer-19357.exe
2015-04-18 17:11 - 2015-04-19 23:53 - 00058080 _____ () C:\Users\kami\Desktop\Addition.txt
2015-04-18 17:09 - 2015-04-19 23:56 - 00030359 _____ () C:\Users\kami\Desktop\FRST.txt
2015-04-18 17:09 - 2015-04-19 23:56 - 00000000 ____D () C:\FRST
2015-04-18 17:07 - 2015-04-18 17:08 - 00000470 _____ () C:\Users\kami\Desktop\defogger_disable.log
2015-04-18 17:07 - 2015-04-18 17:07 - 00000000 _____ () C:\Users\kami\defogger_reenable
2015-04-18 17:05 - 2015-04-18 17:05 - 00050477 _____ () C:\Users\kami\Downloads\Defogger.exe
2015-04-18 12:24 - 2015-04-18 11:52 - 00450771 ____R () C:\windows\system32\Drivers\etc\hosts.20150418-122415.backup
2015-04-17 18:03 - 2015-04-17 18:03 - 00050477 _____ () C:\Users\kami\Desktop\Defogger.exe
2015-04-17 13:03 - 2015-04-18 18:00 - 02098176 _____ (Farbar) C:\Users\kami\Desktop\FRST64.exe
2015-04-17 11:08 - 2015-04-18 11:49 - 00001983 _____ () C:\Users\kami\Desktop\Malware@firefox.txt
2015-04-16 12:20 - 2015-04-19 23:35 - 00008192 _____ () C:\windows\SysWOW64\WDPABKP.dat
2015-04-16 09:47 - 2015-04-16 09:47 - 00001947 _____ () C:\Users\Public\Desktop\Sonos.lnk
2015-04-16 09:47 - 2015-04-16 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonos
2015-04-16 09:47 - 2015-04-16 09:47 - 00000000 ____D () C:\Program Files (x86)\Sonos
2015-04-16 09:34 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-04-16 09:34 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-04-16 09:34 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-04-16 09:34 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-04-16 09:34 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-04-16 09:34 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-04-16 09:34 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-04-16 09:34 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-04-16 09:34 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-04-16 09:34 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-04-16 09:34 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-04-16 09:34 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-04-16 09:34 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-04-16 09:34 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-04-16 09:34 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-04-16 09:34 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-04-16 09:34 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-04-16 09:33 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-04-16 09:33 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-04-16 09:33 - 2015-03-10 07:29 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-04-16 09:33 - 2015-03-10 07:28 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-04-16 09:33 - 2015-03-10 07:28 - 01409024 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-04-16 09:33 - 2015-03-10 07:28 - 00600576 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 19292672 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 15409152 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 02656256 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-04-16 09:33 - 2015-03-10 07:26 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-04-16 09:33 - 2015-03-10 07:26 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-04-16 09:33 - 2015-03-10 07:26 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 14373376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 02864640 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 01763328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 13767680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-04-16 09:33 - 2015-03-10 05:48 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-04-16 09:33 - 2015-03-10 05:32 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-04-16 09:33 - 2015-03-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-04-16 09:33 - 2015-03-10 05:07 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-04-16 09:33 - 2015-03-10 04:42 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2015-04-16 09:33 - 2015-03-10 04:39 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-04-16 09:33 - 2015-03-10 04:16 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2015-04-16 09:33 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2015-04-16 09:33 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2015-04-16 09:33 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\clfsw32.dll
2015-04-16 09:32 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-04-16 09:32 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-04-16 09:32 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-04-16 09:32 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-04-16 09:32 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-04-16 09:32 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-04-16 09:32 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-04-16 09:32 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-04-16 09:32 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-04-16 09:32 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-04-16 09:32 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-04-16 09:32 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-04-16 09:32 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-04-16 09:32 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-04-16 09:32 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-04-16 09:32 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-04-16 09:32 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-04-16 09:32 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-04-16 09:32 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-04-16 09:32 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-04-16 09:32 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-04-16 09:32 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-04-16 09:32 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-04-16 09:32 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-04-16 09:32 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-04-16 09:32 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-04-16 09:32 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-16 09:31 - 2015-04-18 10:46 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2015-04-16 09:30 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-04-16 09:30 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-04-16 09:30 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-04-16 09:30 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-04-16 09:29 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2015-04-16 09:01 - 2015-04-16 09:02 - 00995568 _____ () C:\windows\Minidump\041615-50325-01.dmp
2015-04-16 09:00 - 2015-04-16 09:00 - 876794833 _____ () C:\windows\MEMORY.DMP
2015-04-14 12:15 - 2015-04-14 12:15 - 00001153 _____ () C:\Users\Public\Desktop\WD My Cloud.lnk
2015-04-14 12:15 - 2015-04-14 12:15 - 00000000 ____D () C:\Users\kami\AppData\Roaming\com.wd.WDMyCloud
2015-04-14 12:14 - 2015-04-14 12:14 - 00000158 _____ () C:\Users\kami\Desktop\WD My Cloud – Öffentliche Freigabe (WCC4E2EJRERE).url
2015-04-14 12:14 - 2015-04-14 12:14 - 00000154 _____ () C:\Users\kami\Desktop\WD My Cloud-Dashboard (WCC4E2EJRERE).url
2015-04-14 12:03 - 2015-04-14 12:03 - 00000000 ____D () C:\Users\kami\AppData\Roaming\WDC
2015-04-14 12:02 - 2015-04-16 09:17 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-14 11:58 - 2015-04-14 12:00 - 00560552 _____ (Oracle Corporation) C:\Users\kami\Downloads\JavaSetup8u40.exe
2015-04-13 22:52 - 2015-04-13 22:52 - 00000000 ____D () C:\ProgramData\launcher
2015-04-13 22:21 - 2015-04-13 22:21 - 00000000 ____D () C:\ProgramData\rmbwizard
2015-04-13 19:37 - 2015-04-13 19:38 - 71601392 _____ () C:\Users\kami\Downloads\mc_windows_setup.exe
2015-04-13 19:08 - 2015-04-13 19:08 - 00000473 _____ () C:\Users\kami\Downloads\WDMyCloud-20150413-1908.conf
2015-04-13 18:29 - 2015-04-13 19:32 - 00000000 ____D () C:\Users\kami\AppData\Local\Western_Digital_Technolog
2015-04-13 18:21 - 2015-04-13 18:24 - 247429605 _____ () C:\Users\kami\Downloads\MyNetViewFull_1_0_12_0.zip
2015-04-13 18:20 - 2015-04-13 18:20 - 00000000 ____D () C:\Program Files\Western Digital
2015-04-13 18:20 - 2015-04-13 18:20 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2015-04-13 18:13 - 2015-04-14 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-04-13 18:13 - 2015-04-14 12:15 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2015-04-13 18:13 - 2015-04-13 18:13 - 00001186 _____ () C:\Users\Public\Desktop\WD Discovery.lnk
2015-04-13 16:53 - 2015-04-13 17:00 - 71601392 _____ () C:\Users\kami\Downloads\mc_windows_setup (1).exe
2015-04-13 16:12 - 2015-04-13 16:12 - 00001083 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2015-04-13 16:12 - 2015-04-13 16:12 - 00001063 _____ () C:\Users\Public\Desktop\PDF24 Fax.lnk
2015-04-13 16:12 - 2015-04-13 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-04-13 12:24 - 2015-04-13 16:12 - 00000000 ____D () C:\Program Files (x86)\PDF24
2015-04-13 11:59 - 2015-04-13 11:59 - 00001274 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk
2015-04-13 11:59 - 2015-04-13 11:59 - 00001262 _____ () C:\Users\Public\Desktop\Absolute Uninstaller.lnk
2015-04-13 11:59 - 2015-04-13 11:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2015-04-13 11:58 - 2015-04-13 11:58 - 04737952 _____ () C:\Users\kami\Downloads\ausetup5.3.1.20.exe
2015-04-13 11:58 - 2015-04-13 11:58 - 00000000 ____D () C:\Program Files (x86)\Glarysoft
2015-04-13 11:46 - 2015-04-13 11:46 - 16342352 _____ (Geek Software GmbH ) C:\Users\kami\Downloads\pdf24-creator-6.9.2 (1).exe
2015-04-12 11:34 - 2015-04-12 11:34 - 16342352 _____ (Geek Software GmbH ) C:\Users\kami\Downloads\pdf24-creator-6.9.2.exe
2015-04-11 20:08 - 2015-04-11 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour-Druckdienste
2015-04-11 20:08 - 2015-04-11 20:08 - 00000000 ____D () C:\Program Files\Bonjour Print Services
2015-04-11 20:02 - 2015-04-14 12:14 - 00000204 _____ () C:\Users\kami\Desktop\Lerncenter WD My Cloud.url
2015-04-11 20:02 - 2015-04-13 18:20 - 00000000 ____D () C:\ProgramData\Western Digital
2015-04-11 20:02 - 2015-04-11 20:02 - 00000158 _____ () C:\Users\kami\Desktop\WD My Cloud – Öffentliche Freigabe.url
2015-04-11 20:02 - 2015-04-11 20:02 - 00000154 _____ () C:\Users\kami\Desktop\WD My Cloud-Dashboard.url
2015-04-11 19:33 - 2015-04-13 18:29 - 00000000 ____D () C:\Users\kami\AppData\Local\Western Digital
2015-04-10 11:35 - 2015-04-10 11:35 - 00000000 ____D () C:\Users\kami\Neuer Ordner
2015-04-10 02:00 - 2015-04-10 02:00 - 00002331 _____ () C:\Users\Public\Desktop\Paragon Backup and Recovery™ 2014 Free.lnk
2015-04-10 02:00 - 2015-04-10 02:00 - 00002163 _____ () C:\Users\Public\Desktop\Paragon Recovery Media Builder™.lnk
2015-04-10 02:00 - 2015-04-10 02:00 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_blockmounter_01_09_00.Wdf
2015-04-10 02:00 - 2015-04-10 02:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup and Recovery™ 2014 Free
2015-04-10 01:59 - 2015-04-10 01:59 - 00000000 ____D () C:\Program Files\Paragon Software
2015-04-10 01:54 - 2015-04-10 01:54 - 00000000 ____D () C:\ProgramData\explauncher
2015-04-10 01:32 - 2015-04-10 01:52 - 417659040 _____ () C:\Users\kami\Downloads\br2014Free101.exe
2015-04-09 22:35 - 2015-04-09 22:35 - 00003110 _____ () C:\windows\System32\Tasks\{046986FD-9DB1-4173-A375-483BF9D48683}
2015-04-09 21:03 - 2015-04-09 21:03 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-04-09 11:46 - 2015-04-09 11:46 - 00022328 _____ () C:\Users\kami\Downloads\hijackthis.log
2015-04-09 10:51 - 2015-04-09 11:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\kami\Downloads\HijackThis.exe
2015-04-09 02:29 - 2015-04-09 02:29 - 00003432 _____ () C:\windows\System32\Tasks\Avira Browser Safety Updater Task
2015-04-09 02:29 - 2015-04-09 02:29 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-09 01:55 - 2015-04-19 23:16 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-04-09 01:55 - 2015-04-16 09:17 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-04-09 01:55 - 2015-04-16 09:17 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-09 01:55 - 2015-04-16 09:17 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-04-09 01:22 - 2015-04-19 10:01 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-04-09 01:13 - 2015-04-09 09:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-09 01:08 - 2015-04-09 01:44 - 00000000 ____D () C:\Users\kami\Entmister-SW
2015-04-08 23:55 - 2015-04-08 23:55 - 16502728 _____ (Malwarebytes Corp.) C:\Users\kami\Downloads\mbar-1.09.1.1004.exe
2015-04-08 22:25 - 2015-04-08 22:25 - 00002037 _____ () C:\Users\Public\Desktop\LightScribe.lnk
2015-04-08 22:25 - 2015-04-08 22:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2015-04-08 19:34 - 2015-04-13 18:20 - 00160620 _____ () C:\windows\DPINST.LOG
2015-04-08 19:32 - 2015-04-08 19:32 - 00002102 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-04-08 19:32 - 2015-04-08 19:32 - 00000000 ____D () C:\ProgramData\Sony
2015-04-08 19:31 - 2015-04-08 19:31 - 28579392 _____ (Sony Mobile Communications ) C:\Users\kami\Downloads\Sony PC Companion_Web.exe
2015-04-08 15:16 - 2015-04-08 15:21 - 00000000 ____D () C:\Users\kami\AppData\Roaming\Mozilla
2015-04-08 15:16 - 2015-04-08 15:16 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-08 15:16 - 2015-04-08 15:16 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-08 15:16 - 2015-04-08 15:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-08 12:50 - 2015-04-08 12:50 - 00243656 _____ () C:\Users\kami\Downloads\Firefox Setup Stub 37.0.1.exe
2015-04-08 11:29 - 2015-04-08 11:29 - 00116528 _____ () C:\Users\kami\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-08 11:15 - 2015-04-19 22:29 - 00003249 _____ () C:\windows\setupact.log
2015-04-08 11:15 - 2015-04-08 11:15 - 00000000 _____ () C:\windows\setuperr.log
2015-04-08 11:14 - 2015-04-19 19:00 - 00015804 _____ () C:\windows\PFRO.log
2015-04-08 11:14 - 2015-04-08 11:15 - 00439280 _____ () C:\windows\system32\FNTCACHE.DAT
2015-04-08 09:38 - 2015-04-08 09:38 - 00000000 ____D () C:\Users\kami\VirtualBox VMs
2015-04-08 09:30 - 2015-04-08 09:30 - 00003144 _____ () C:\windows\System32\Tasks\{BEE6F6BC-7E4E-4156-B456-4BC6B32E9CFC}
2015-04-08 09:27 - 2015-04-13 16:03 - 00000000 ____D () C:\Users\kami\.VirtualBox
2015-04-08 09:25 - 2015-04-08 09:29 - 00001036 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2015-04-08 09:25 - 2015-04-08 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-04-08 09:25 - 2015-03-16 17:36 - 00922704 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxDrv.sys
2015-04-08 09:24 - 2015-04-08 09:24 - 00000000 ____D () C:\Program Files\Oracle
2015-04-08 09:24 - 2015-03-16 17:35 - 00128592 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxUSBMon.sys
2015-04-08 02:22 - 2015-04-08 02:22 - 00000000 ____D () C:\Users\kami\AppData\Local\BVRP Software
2015-04-07 21:40 - 2009-06-10 23:00 - 00000824 _____ () C:\windows\system32\Drivers\etc\hosts.20150407-214026.backup
2015-04-07 21:16 - 2015-04-07 21:16 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2015-04-07 21:15 - 2015-04-19 19:00 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-07 21:15 - 2015-04-19 13:12 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-07 21:09 - 2015-04-07 21:14 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-07 21:09 - 2015-04-07 21:09 - 00002780 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2015-04-07 21:09 - 2015-04-07 21:09 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-07 21:09 - 2015-04-07 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-07 20:40 - 2015-04-07 20:40 - 00005684 _____ () C:\windows\system32\.crusader
2015-04-07 20:20 - 2015-04-07 20:41 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-06 13:21 - 2015-04-07 11:36 - 00000000 ____D () C:\windows\system32\log
2015-04-04 12:49 - 2015-04-04 12:49 - 00000000 ___SD () C:\windows\SysWOW64\GWX
2015-04-04 12:49 - 2015-04-04 12:49 - 00000000 ___SD () C:\windows\system32\GWX
2015-04-03 19:13 - 2015-04-03 19:13 - 00001373 _____ () C:\Users\kami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-03 17:22 - 2015-04-03 17:22 - 01400416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2015-04-03 17:22 - 2015-04-03 17:22 - 01400416 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2015-04-03 17:22 - 2015-04-03 17:22 - 01054720 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00905728 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00719360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00247296 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00232960 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00204800 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00185344 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00173568 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00150528 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00149504 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00138752 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00137216 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00125440 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00117248 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00110592 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2015-04-03 17:22 - 2015-04-03 17:22 - 00073728 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2015-04-03 17:22 - 2015-04-03 17:22 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00041984 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2015-04-03 03:31 - 2015-04-03 03:31 - 00000000 ____D () C:\Users\kami\AppData\Roaming\LavasoftStatistics
2015-04-03 03:31 - 2015-03-12 11:59 - 00373864 _____ (Lavasoft Limited) C:\windows\system32\LavasoftTcpService64.dll
2015-04-03 03:31 - 2015-03-12 11:58 - 00326288 _____ (Lavasoft Limited) C:\windows\SysWOW64\LavasoftTcpService.dll
2015-04-03 01:38 - 2015-04-03 01:38 - 00001381 _____ () C:\Users\kami\Desktop\Internet Explorer (64-bit).lnk
2015-04-02 22:12 - 2015-04-02 22:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-02 01:49 - 2015-04-02 17:18 - 00005632 _____ () C:\Users\kami\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-31 10:14 - 2015-03-31 10:14 - 00004387 _____ () C:\Users\kami\AppData\Roaming\HnmIsEN3HeBGjmHRcutCSbAF6p
2015-03-24 12:10 - 2015-04-19 23:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-19 23:53 - 2011-05-11 22:54 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-19 23:40 - 2014-11-14 09:48 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cfffdf66526ee7.job
2015-04-19 23:35 - 2010-11-13 17:40 - 01774234 _____ () C:\windows\WindowsUpdate.log
2015-04-19 22:40 - 2009-07-14 06:45 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-19 22:40 - 2009-07-14 06:45 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-19 22:37 - 2010-09-12 22:06 - 05535670 _____ () C:\windows\system32\perfh007.dat
2015-04-19 22:37 - 2010-09-12 22:06 - 01713162 _____ () C:\windows\system32\perfc007.dat
2015-04-19 22:37 - 2009-07-14 07:13 - 00006792 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-19 22:36 - 2014-06-11 00:04 - 00001804 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2015-04-19 22:30 - 2011-05-11 22:54 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-19 22:29 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-19 22:27 - 2013-12-30 15:56 - 00000000 ____D () C:\AdwCleaner
2015-04-19 13:35 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-19 13:30 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2015-04-19 13:01 - 2010-12-07 04:02 - 00000000 ____D () C:\Users\kami\Postfach
2015-04-18 18:19 - 2012-03-20 17:11 - 00000000 ____D () C:\Users\kami\AppData\Roaming\Notepad++
2015-04-18 17:07 - 2010-12-02 21:21 - 00000000 ____D () C:\Users\kami
2015-04-18 15:12 - 2010-12-26 11:56 - 00000000 ____D () C:\ProgramData\Lexware
2015-04-18 12:40 - 2014-08-18 17:35 - 00000000 ____D () C:\Users\kami\AppData\Roaming\Opera Software
2015-04-18 12:15 - 2014-06-05 15:36 - 00000000 ____D () C:\temp
2015-04-18 11:26 - 2013-02-17 14:56 - 00003180 _____ () C:\windows\System32\Tasks\HPCeeScheduleForkami
2015-04-18 11:26 - 2013-02-17 14:56 - 00000328 _____ () C:\windows\Tasks\HPCeeScheduleForkami.job
2015-04-18 01:49 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\AppCompat
2015-04-17 22:41 - 2010-12-03 03:23 - 00007620 _____ () C:\Users\kami\AppData\Local\Resmon.ResmonCfg
2015-04-17 22:38 - 2011-11-11 23:52 - 00000000 ____D () C:\ProgramData\Avanquest Bluetooth SDK
2015-04-17 18:16 - 2011-05-02 15:09 - 00000000 ____D () C:\Users\kami\Documents\Aktuell
2015-04-17 00:01 - 2011-03-22 23:08 - 00001644 _____ () C:\Users\kami\Desktop\FUS.txt
2015-04-16 23:51 - 2010-12-03 06:13 - 00000000 ____D () C:\windows\rescache
2015-04-16 12:37 - 2010-12-15 14:08 - 00000000 ____D () C:\Users\kami\Documents\Finanzen
2015-04-16 12:20 - 2009-07-27 17:04 - 00000000 ____D () C:\windows\Panther
2015-04-16 12:14 - 2014-12-11 10:22 - 00000000 ____D () C:\windows\system32\appraiser
2015-04-16 12:14 - 2014-07-09 13:10 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-04-16 11:40 - 2010-12-06 22:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-16 09:44 - 2013-08-15 11:37 - 00000000 ____D () C:\windows\system32\MRT
2015-04-16 09:34 - 2010-12-05 18:07 - 128913832 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-04-16 09:28 - 2013-10-22 21:00 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-16 09:27 - 2010-12-12 19:58 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-16 09:01 - 2012-10-10 23:49 - 00000000 ____D () C:\windows\Minidump
2015-04-14 12:01 - 2013-10-22 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-13 18:19 - 2013-03-26 12:05 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-13 17:36 - 2011-12-28 02:35 - 00000000 ____D () C:\Users\kami\AppData\Roaming\HpUpdate
2015-04-13 16:40 - 2010-09-12 22:37 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-04-13 16:32 - 2012-12-07 17:41 - 00002771 _____ () C:\Users\Public\Desktop\Lexware buchhalter.lnk
2015-04-13 16:32 - 2010-12-26 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2015-04-13 14:00 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2015-04-12 11:55 - 2011-06-21 00:16 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2015-04-12 11:37 - 2012-06-29 08:57 - 00000000 ____D () C:\Users\Hotel
2015-04-12 11:37 - 2012-01-11 18:12 - 00000000 ____D () C:\Users\Vais
2015-04-12 11:37 - 2011-11-20 12:17 - 00000000 ____D () C:\Users\Administrator
2015-04-12 11:37 - 2010-12-13 15:25 - 00000000 ____D () C:\Users\RF
2015-04-10 12:05 - 2011-10-13 10:12 - 00000000 ____D () C:\Users\kami\Documents\Bluetooth Exchange Folder
2015-04-10 03:00 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2015-04-10 01:56 - 2010-12-02 21:23 - 00000000 ____D () C:\Users\kami\AppData\Local\Downloaded Installations
2015-04-09 21:50 - 2014-12-11 17:04 - 00000000 ____D () C:\Program Files (x86)\Super Radio
2015-04-09 01:55 - 2014-08-19 13:20 - 00000000 ____D () C:\Users\kami\AppData\Local\Adobe
2015-04-08 23:27 - 2012-06-29 09:03 - 00000000 ____D () C:\Users\Hotel\AppData\Local\Mozilla
2015-04-08 23:25 - 2012-06-29 08:58 - 00000000 ___RD () C:\Users\Hotel\Virtual Machines
2015-04-08 23:24 - 2015-03-05 18:42 - 00001536 __RSH () C:\Users\Hotel\ntuser.pol
2015-04-08 23:02 - 2011-12-15 21:08 - 00113152 ___SH () C:\Users\kami\Documents\Thumbs.db
2015-04-08 19:34 - 2011-05-25 15:15 - 00000000 ____D () C:\Users\kami\AppData\Local\Sony
2015-04-08 19:32 - 2011-05-25 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-04-08 19:32 - 2011-05-25 15:03 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-04-08 19:32 - 2010-09-12 22:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-08 13:08 - 2013-05-29 20:35 - 00006256 _____ () C:\Users\kami\_viminfo
2015-04-08 09:29 - 2012-01-11 18:14 - 00116528 _____ () C:\windows\system32\GDIPFONTCACHEV1.DAT
2015-04-08 03:53 - 2013-07-08 13:46 - 00000000 ____D () C:\Users\kami\AppData\Roaming\DVDVideoSoft
2015-04-08 03:51 - 2013-08-27 23:00 - 00000000 ____D () C:\Program Files (x86)\IGC
2015-04-08 03:21 - 2014-07-07 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
2015-04-08 03:21 - 2013-10-22 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-04-08 03:21 - 2013-05-27 13:36 - 00000000 ____D () C:\Users\kami\Desktop\4Trading
2015-04-08 03:21 - 2013-05-27 13:33 - 00000000 ____D () C:\Users\kami\Desktop\4CAD
2015-04-08 03:21 - 2013-05-27 13:30 - 00000000 ____D () C:\Users\kami\Desktop\4Navi
2015-04-08 03:21 - 2011-11-01 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenEstate
2015-04-08 03:21 - 2010-12-03 03:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Interactive Brokers
2015-04-08 02:31 - 2013-03-26 17:30 - 00000000 ____D () C:\Users\kami\Documents\Garmin
2015-04-08 02:31 - 2012-06-02 12:42 - 00000000 ____D () C:\Users\kami\AppData\Local\Garmin
2015-04-08 02:31 - 2010-12-09 02:14 - 00000000 ____D () C:\Users\kami\AppData\Roaming\GARMIN
2015-04-08 02:31 - 2010-12-09 01:44 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-04-08 02:31 - 2010-12-08 23:11 - 00000000 ____D () C:\ProgramData\GARMIN
2015-04-08 02:31 - 2010-12-08 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-04-08 02:28 - 2013-02-28 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasternGraphics
2015-04-08 02:28 - 2011-01-29 11:56 - 00000000 ____D () C:\Program Files (x86)\EasternGraphics
2015-04-08 01:09 - 2010-12-10 01:41 - 00000000 ____D () C:\Users\kami\AppData\Roaming\Dropbox
2015-04-08 00:40 - 2010-12-10 01:43 - 00000000 ___RD () C:\Users\kami\Documents\My Dropbox
2015-04-08 00:13 - 2012-08-29 01:12 - 00000000 ____D () C:\Users\kami\Desktop\Alte Firefox-Daten
2015-04-07 21:40 - 2009-07-14 04:34 - 00450771 ____R () C:\windows\system32\Drivers\etc\hosts.20150418-115254.backup
2015-04-07 21:12 - 2011-11-02 21:22 - 00000000 ____D () C:\Users\kami\AppData\Roaming\FileZilla
2015-04-07 21:12 - 2011-08-27 21:49 - 00000000 ____D () C:\Users\kami\AppData\Roaming\Skype
2015-04-07 11:40 - 2014-11-09 19:16 - 00000000 ____D () C:\Program Files (x86)\MINEA
2015-04-07 11:18 - 2015-02-15 16:36 - 00000000 ___HD () C:\ProgramData\{5EE865C2-E8FF-4231-A2B8-0188FEFBCE3D}
2015-04-06 12:58 - 2014-12-11 17:08 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-04-06 12:06 - 2011-12-14 20:11 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-04-03 19:02 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-04-03 02:15 - 2013-12-14 12:10 - 00000000 ____D () C:\windows\PAC7311
2015-04-03 02:12 - 2011-11-17 01:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
2015-04-02 23:07 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\schemas
2015-04-02 22:24 - 2014-12-22 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\psynetic
2015-03-23 15:12 - 2011-11-01 11:58 - 00000000 ____D () C:\Program Files\Java

==================== Files in the root of some directories =======

2010-12-29 13:54 - 2011-06-15 19:55 - 0001854 _____ () C:\Users\kami\AppData\Roaming\GhostObjGAFix.xml
2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Users\kami\AppData\Roaming\HnmIsEN3HeBGjmHRcutCSbAF6p
2014-07-07 22:50 - 2014-07-07 22:50 - 0038444 _____ () C:\Users\kami\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
2014-07-07 22:46 - 2014-07-07 22:46 - 0038441 _____ () C:\Users\kami\AppData\Roaming\Microsoft Excel 97-2003.ADR
2015-04-02 01:49 - 2015-04-02 17:18 - 0005632 _____ () C:\Users\kami\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-08 22:13 - 2013-05-08 22:13 - 0004096 ____H () C:\Users\kami\AppData\Local\keyfile3.drm
2010-12-08 03:36 - 2010-12-08 03:50 - 0448206 _____ () C:\Users\kami\AppData\Local\MODup-Log.txt
2010-12-03 03:23 - 2015-04-17 22:41 - 0007620 _____ () C:\Users\kami\AppData\Local\Resmon.ResmonCfg
2012-12-20 00:05 - 2012-12-20 00:05 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-12-31 12:48 - 2010-12-31 12:48 - 0208552 ____R () C:\ProgramData\DeviceManager.xml.rc4
2010-12-04 12:11 - 2012-11-27 20:04 - 0017022 _____ () C:\ProgramData\hpzinstall.log
2013-01-18 03:59 - 2013-01-18 03:59 - 0000285 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-02-20 23:07 - 2013-02-20 23:07 - 0000115 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Files to move or delete:
====================
C:\Users\kami\REG4DigiFoto_Hilfedatei.reg


Some content of TEMP:
====================
C:\Users\kami\AppData\Local\Temp\Quarantine.exe
C:\Users\kami\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

NoMW! · 19.04.2015, 23:45

Nachtrag zu vorhergehendem Post:

Schritt 4_Addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-04-2015 01
Ran by kami at 2015-04-19 23:57:08
Running from C:\Users\kami\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1&1 Office-Drive Manager (HKLM-x32\...\1&1 Office-Drive Manager) (Version: 2.0.687 - 1&1 Internet AG)
3DVIA player 5.0.0.20 (HKLM-x32\...\{F06365EC-061E-48C3-B761-E1816658D618}) (Version: 5.0.20 - 3DVIA)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
ABBYY FineReader 5.0 Sprint (HKLM-x32\...\{D1696920-9794-4BBC-8A30-7A88763DE5A2}) (Version: 5.0.0.33417 - ABBYY Software House)
ABBYY FineReader 6.0 (HKLM-x32\...\{AF600F7B-67A7-48D9-BA3B-0FF97F35F970}) (Version: 6.0.759.29421 - ABBYY Software House)
Absolute Uninstaller 5.3.1.20 (HKLM-x32\...\Absolute Uninstaller) (Version: 5.3.1.20 - Glarysoft Ltd)
ActivClient x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - )
Agent Ransack 2010 (64-bit) (HKLM\...\Agent Ransack (64-bit)_is1) (Version:  - )
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
ArcSoft PhotoImpression (HKLM-x32\...\{6C5D7191-140A-11D6-B5A0-0050DA208A93}) (Version:  - )
Avery Wizard 3.1 (HKLM-x32\...\{77077FFF-8831-470F-9627-E86F06A50CCD}) (Version: 3.1.8 - Avery)
Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{CA0D2F09-F811-48D4-843E-C87696C6A9D9}) (Version: 3.0.0.2 - Apple Inc.)
Bonjour-Druckdienste (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Broadcom 2070 Bluetooth 2.1 + EDR (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.35 - Broadcom Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
c4200_Help (x32 Version: 82.0.210.000 - Hewlett-Packard) Hidden
C4340 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
CFX Trader (HKLM-x32\...\{AC5E101F-8D42-406B-BFC0-7B906879F705}) (Version: 2.52.12.0 - CFX Broker)
CoP Outlook Plugin (HKLM-x32\...\{CBB9BD2B-C3FA-413F-9913-924EFFCE9CCC}) (Version: 4.11.1 - SMC Software Management Consulting)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Core FTP Server (HKLM-x32\...\CoreFTPServer) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Data Center 2 (HKLM-x32\...\Data Center 2) (Version:  - Sigma Elektro GmbH)
DataCenter2 (HKLM-x32\...\DataCenter2.6A52D17A1C86211F195F60E94C15876515EBE62C.1) (Version: 2.0.2 - Sigma Elektro GmbH)
DataCenter2 (x32 Version: 2.0.2 - Sigma Elektro GmbH) Hidden
DDBAC (HKLM-x32\...\{78F6AFE2-A4F3-4AE1-A710-9FD5758C2EB0}) (Version: 5.3.26 - DataDesign)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Deutsche Post E-Porto (HKLM-x32\...\{5CCF8330-F742-411A-8A04-719806D168B5}) (Version: 2.3.0 - Deutsche Post AG)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.1.9 - Hewlett-Packard)
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Doodle Outlook Connector (HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\33030675DC63B8C8D12A223C2017505053D50B01) (Version: 1.2.0.0 - Doodle AG)
Drive Encryption for HP ProtectTools (HKLM-x32\...\Drive Encryption) (Version: 5.0.6.0 - Hewlett-Packard)
Drive Encryption for HP ProtectTools (Version: 5.0.6.0 - Hewlett-Packard) Hidden
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.0.15910 - Landesfinanzdirektion Thüringen)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
EPSON Copy Utility (HKLM-x32\...\{B69CC1A5-0404-11D6-ABCB-005004C21D30}) (Version:  - )
EPSON Photo Print (HKLM-x32\...\{D379964B-685C-44D5-AE46-C953A9FEEA14}) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON Smart Panel (HKLM-x32\...\{6C11D561-620B-47DA-A693-4C597F3CDF40}) (Version:  - )
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 5.0.1.4 - Hewlett-Packard)
FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Folder Marker v 1.4 (HKLM-x32\...\Folder Marker_is1) (Version: 1.4 - ArcticLine Software)
FreeFileSync 5.6 (HKLM-x32\...\FreeFileSync) (Version: 5.6 - ZenJu)
GALILEOS Viewer 1.9 (HKLM-x32\...\{A1AD28CE-ADDF-46F1-94DC-7D7ACBC1451B}) (Version: 1.9.4368.23293 - SICAT GmbH & Co. KG)
Garmin City Navigator Europe NT 2012.30 Update (HKLM-x32\...\{71401465-5DAD-4E95-BCFC-B13DFDD9771E}) (Version: 15.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2013.30 Update (HKLM-x32\...\{BD9FCA8B-7692-42BD-9AF3-88346B436CB0}) (Version: 16.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT v9 (HKLM-x32\...\{29EA075F-2C61-472F-B01D-80E8D8F023F1}) (Version: 9.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}) (Version: 2.9.3 - Garmin Ltd or its subsidiaries)
Garmin TOPO Deutschland v3 (HKLM-x32\...\{AE255C55-E0CF-4591-AA86-CAA19AA32C53}) (Version: 3.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{CCB71FF8-DE82-469C-8641-44378F4443EB}) (Version: 2.5.4 - Garmin Ltd or its subsidiaries)
Geberit ProPlanner 2013 R2 (HKLM-x32\...\{D06C9C18-D361-486A-9E6D-DBAFF1266028}) (Version: 3.3.000 - Geberit Verwaltungs AG)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Haufe Formular-Manager (HKLM-x32\...\{CE7F2CA3-ADA3-4907-9013-8B61C370B6E4}) (Version: 11.01.03.0001 - Haufe-Lexware GmbH & Co. KG)
Haufe iDesk-Browser (HKLM-x32\...\{0F32914F-A633-4516-B531-7084C8F19F93}) (Version: 10.10.14.0000 - Haufe-Lexware GmbH & Co. KG)
Haufe iDesk-Service (HKLM-x32\...\{F3A444B0-3BF9-11E1-A2DD-005056B12123}) (Version: 12.01.11.8176 - Haufe)
HP 3D DriveGuard (HKLM\...\{299625B9-6C69-462C-9CEA-8E06D878B1C5}) (Version: 4.0.5.1 - Hewlett-Packard Company)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Connection Manager (HKLM-x32\...\{DE637160-7A1C-4F73-B1AB-4300AE2C2DDE}) (Version: 3.1.3 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Documentation (HKLM-x32\...\{4054365C-8CD6-4F08-A2F9-44CADFD7A9D0}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.6.4.1 - Hewlett-Packard Company)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{1241CE77-0B65-40A0-B893-02EA49E35332}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{14BC5667-22B0-4DC4-8205-597053BBDDC9}) (Version: 13.0 - HP)
HP Photosmart C4340 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{20B8FE13-36FB-47A8-B43C-4BD23B36ADB2}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Power Assistant (HKLM\...\{09A06482-FAF9-4DC5-9EC7-D340B394E22A}) (Version: 2.0.6.0 - Hewlett-Packard Company)
HP Power Data (HKLM\...\{5CEE98FB-1963-4662-A780-410DA4533D53}) (Version: 1.0.35.187 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP QuickLook (HKLM\...\{E6BEE2A9-04CF-42FF-B95B-BB70FAD2DC3E}) (Version: 3.3.1.4 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{7861911B-4270-498A-8F7A-FCF0570F4877}) (Version: 1.0.1.62 - DeviceVM, Inc.)
HP QuickWeb (HKLM-x32\...\{7861911B-4270-498A-8F7A-FCF0570F48E3}) (Version: 1.0.1.74 - DeviceVM, Inc.)
HP Setup (HKLM-x32\...\{96AC1B0B-02D1-4FAA-9C1E-C92ECA74921A}) (Version: 8.2.4130.3367 - Hewlett-Packard Company)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP SoftPaq Download Manager (HKLM-x32\...\{2DA697D7-FED3-4DE2-A174-92A2A12F9688}) (Version: 3.0.5.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{18F4179A-385F-40EE-AE2D-FA0E1BE62753}) (Version: 4.5.12.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{04801E42-B1A6-4C52-9F3D-CADB5A050433}) (Version: 7.0.1.6 - Hewlett-Packard Company)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP System Default Settings (HKLM-x32\...\{C4E9E8A4-EEC4-4F9E-B140-520A8B75F430}) (Version: 2.4.1.2 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.26.3 - Roxio)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50012.1 - Sonix)
HP Wireless Assistant (HKLM\...\{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}) (Version: 4.0.10.0 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6300.0 - IDT)
Image Transfer (HKLM-x32\...\{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}) (Version:  - )
ImageMixer for Sony (HKLM-x32\...\{1B4AA674-F5CA-4BB5-831A-CD37B4021959}) (Version:  - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.8 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java Card Security for HP ProtectTools (HKLM\...\{F4477CC0-7293-414A-93BC-20EE897A80F0}) (Version: 5.0.4.1 - Hewlett-Packard)
Java(TM) SE Development Kit 7 Update 1 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170010}) (Version: 1.7.0.10 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexware buchhalter 2013 (HKLM-x32\...\{6AB4E5CD-0062-48E8-96A3-E5B4486DFCB3}) (Version: 18.04.00.0021 - Haufe-Lexware GmbH Co.KG)
Lexware Elster (HKLM-x32\...\{1C227C2E-2295-4820-87B1-4B13E98E6C66}) (Version: 13.15.00.0074 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (HKLM-x32\...\{8AE7E507-BC49-4DF0-A236-26878691AB53}) (Version: 2.90.00.0009 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM-x32\...\{607D1882-6E4E-4861-BAA3-16B12FA21C73}) (Version: 20.00.00.0059 - Haufe-Lexware GmbH Co.KG)
Lexware online banking V 2.39 (HKLM-x32\...\{66017349-81C8-48C3-B0E2-704DB146D70F}) (Version:  - )
LG Bluetooth Drivers (HKLM-x32\...\{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}) (Version: 1.1 - LG Electronics)
LG PC Suite IV (HKLM-x32\...\LG PC Suite IV) (Version: 4.3.80.20121017 - LG Electronics)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics)
LG USB Modem Drivers (HKLM-x32\...\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}) (Version: 4.9.4 - LG Electronics)
LightScribe System Software (HKLM-x32\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
LTplus architektur (HKLM-x32\...\{8E93D569-667D-4845-A677-B9FC54AFE9F2}_is1) (Version:  - ArchitektenInitiative e.V.)
LTplus architektur (HKLM-x32\...\{FAA933B5-F74F-4841-AA49-9735D6DD4256}_is1) (Version:  - ArchitektenInitiative e.V.)
LTplus EnEV 2010 (HKLM-x32\...\{BF024BF3-9FE5-4417-AA04-16A5FF937931}_is1) (Version:  - ArchitektenInitiative e.V.)
LTplus SketchUP Plugin 7.1 (HKLM-x32\...\LTplus SketchUP Plugin 7.1) (Version: 7.1 - ArchitektenInitiative e.V.)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Markets-pro Trading Plattform (HKLM-x32\...\Markets-pro Trading Plattform) (Version: 1.0.0.0 - Information Internet)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Media Go (HKLM-x32\...\{0F895695-33CC-4203-9C47-25EF2AC9441C}) (Version: 1.7.254 - Sony)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{963E5FEB-1367-46B9-851D-A957F1A3747F}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office SharePoint Designer 2007 (HKLM-x32\...\SharePointDesigner) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}) (Version:  - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Tool Web Package : EXCTRLST.EXE (HKLM-x32\...\{B0650E3D-FDCA-4908-B74B-0CC1731BDB93}) (Version: 1.00.0.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{75E2C40C-4345-4DD0-B5B3-B8EB92EEECB5}) (Version: 4.0.1679 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.4 - F.J. Wechselberger)
MySQL Workbench 5.2 CE (HKLM-x32\...\{455D9FD3-2AB6-44E0-BF49-B9E13911401A}) (Version: 5.2.38 - Oracle Corporation)
NDAS-Software 3.20.1523 (64-bit Windows) (HKLM\...\{07C16B8B-AE11-4515-888F-0BD2E0A9F2AD}) (Version: 3.20.1523 - XIMETA, Inc.)
Netzwerkaufzeichnungs-Player (HKLM-x32\...\{77A9065F-823B-4CDD-B28B-F340B69B62E3}) (Version: 28.4.0.14953 - Cisco WebEx LLC)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.34 - Symantec)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.8 - )
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation)
P1670 Referenzhandbuch (HKLM-x32\...\P1670 Referenzhandbuch) (Version:  - )
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Paragon Backup and Recovery™ 2014 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
pdfforge Toolbar v6.6 (HKLM-x32\...\{65739FA2-0444-4AB2-B598-872406539EBD}) (Version: 6.6 - Spigot, Inc.) <==== ATTENTION
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 9.0 - PlotSoft LLC)
Privacy Manager for HP ProtectTools (HKLM\...\{32394B71-1E8E-4233-8958-B84F4CDC8F4D}) (Version: 5.11.814 - Hewlett-Packard Company)
PS_AIO_03_C4340_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_Software_min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Qualcomm Gobi 2000 Package for HP (HKLM-x32\...\{5A771AE0-513F-4EC5-AB09-A7D3D22A2E20}) (Version: 1.1.240 - QUALCOMM)
Quicken 2011 - ServicePack 4 (HKLM-x32\...\{9DC1A9BA-070A-455F-8AC3-62587524ADFB}) (Version: 18.04.00.0123 - Haufe-Lexware GmbH & Co KG)
Quicken DELUXE 2004 (HKLM-x32\...\InstallShield_{00F115CE-9BDD-4729-9122-2476CD02856B}) (Version: 11.00.0000 - Lexware)
Quicken DELUXE 2004 (x32 Version: 11.00.0000 - Lexware) Hidden
Quicken DELUXE Jubiläumsversion (HKLM-x32\...\{A907A713-DA24-4352-8786-96C7A6944646}) (Version: 20.36.00.0134 - Haufe-Lexware GmbH & Co.KG)
Quicken Import Export Server Jubiläumsversion (HKLM-x32\...\{7FE9F5F5-8C9B-49F2-989C-BD885BD79B8D}) (Version: 20.30.00.0099 - Haufe-Lexware GmbH & Co.KG)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Richtig_Kontieren_von_A_Z (HKLM-x32\...\{83F8B710-715B-47B6-AD4D-036280EC269B}) (Version: 16.0.0.0 - Haufe-Lexware GmbH & Co. KG)
RICOH Media Driver (HKLM-x32\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.14.00.05 - RICOH)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SDK (x32 Version: 2.26.012 - Portrait Displays, Inc.) Hidden
Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sigma Data Center 3.2 (HKLM-x32\...\Sigma Data Center3.2) (Version: 3.2 - Sigma Elektro GmbH)
Sigma Data Center 3.3 (HKLM-x32\...\Sigma Data Center3.3) (Version: 3.3 - Sigma Elektro GmbH)
SketchUp 2014 (HKLM-x32\...\{D71C0CA7-A245-4CB7-A958-7DB3377602AE}) (Version: 14.0.4900 - Trimble Navigation Limited)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartTools Publishing • Word Falz & Lochmarken-Assistent (HKLM-x32\...\SmartToolsFalz & Lochmarken-Assistentv7.00) (Version: v7.00 - SmartTools Publishing)
SmartTools Publishing • Word Sonderzeichen-Assistent (HKLM-x32\...\SmartToolsSonderzeichen-Assistentv2.00) (Version: v2.00 - SmartTools Publishing)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Softi FreeOCR (HKLM-x32\...\{ABBACAD2-4DAF-490E-932B-E330B33FCF98}) (Version: 2.6.0 - Softi Software)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 28.1.86200 - Sonos, Inc.)
Sony Ericsson Update Service (HKLM-x32\...\Update Service) (Version: 2.11.5.6 - Sony Ericsson Mobile Communications AB)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.9.201406230908 - Sony Mobile Communications AB)
Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steuer-Spar-Erklärung 2009 (HKLM-x32\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.01.0000 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2010 (HKLM-x32\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.15 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.18 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.28.138 - Akademische Arbeitsgemeinschaft)
Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version:  - )
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{4DF1691E-8012-4E7C-89CF-3F7B9146DA6E}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.12979 - TeamViewer)
Theft Recovery (HKLM-x32\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 5.1.0.21 - Hewlett-Packard)
Theft Recovery (x32 Version: 5.1.0.21 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Trader Workstation 4.0 (HKLM-x32\...\Trader Workstation 4.0) (Version:  - )
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.73 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.245 - TuneUp Software) Hidden
TZ-EasyBuch Start  (HKLM-x32\...\TZ-EasyBuch Start) (Version:  - Thomas Zeh)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Validity Fingerprint Driver (HKLM\...\{DD966CEF-5EA9-4BA2-B210-490FEBC27EA7}) (Version: 4.0.15.0 - Validity Sensors, Inc.)
VCDS PCI 11.11 (HKLM-x32\...\VCDS PCI) (Version: PCI 11.11 - PCI Diagnosetechnik GmbH & Co. KG)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Vim 7.3 (self-installing) (HKLM\...\Vim 7.3) (Version:  - )
Vodafone Mobile Broadband (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.1.108.29105 - Vodafone)
vtiger CRM Office Plug-in 5.0.4 (HKLM-x32\...\{194D92D9-8A52-4C0D-8C3F-0D12B0DE28D7}) (Version:  - )
vtiger CRM Outlook plugin 2.1 (64-bit) (HKLM\...\vtiger CRM Outlook plugin 2.1 (64-bit)) (Version:  - Vtiger)
WD Discovery (HKLM-x32\...\{A80AE043-EF68-4B64-9C6F-088405FED315}) (Version: 102.0.1.10 - Western Digital Technologies, Inc.)
WD My Cloud (HKLM\...\{8F19C800-80A5-4636-B560-39A58112D45B}) (Version: 1.0.4.37 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{BE1B25F9-5A51-4DB8-81FA-CE0CABC14D07}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{FECF90E3-FDEA-4A87-8A06-2683388C69C4}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{647175e1-9944-4a82-bac1-102c95f0a99a}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WEB.DE Club SmartFax (HKLM-x32\...\WEB.DE Club SmartFax) (Version: 2.00.235 - 1&1 Mail & Media GmbH)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wertpapieranalyse 2011 (HKLM-x32\...\{F625701A-E55C-47B4-8FC0-52B4FFE306BB}) (Version: 1.00.0003 - Haufe-Lexware GmbH & Co. KG)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\2DC0AA065FA83047D7ECD51C7000C1620D79A4C5) (Version: 02/17/2009 2.04.16 - FTDI)
Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\51A4D522DD31538335EF5736F0E7F588C70BCB12) (Version: 02/17/2009 2.04.16 - FTDI)
Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02) (HKLM\...\F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443) (Version: 06/16/2010 2.06.02 - Ross-Tech)
Windows-Treiberpaket - SIGMA Elektro GmbH (usbser) Ports  (04/27/2012 5.1.2600.5512) (HKLM\...\DCCAC4C88E429408A2DDF8C0C5BAEB9187FA5713) (Version: 04/27/2012 5.1.2600.5512 - SIGMA Elektro GmbH)
WinRAR 5.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
XAMPP 1.7.1 (HKLM-x32\...\xampp) (Version:  - )
XBRL Tool (HKLM-x32\...\{53A2399A-7ECE-4717-9CD0-1C57FD35BBCA}) (Version: 1.9.0 - ITA Systemhaus GmbH)
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
XMLmind XML Editor Personal Edition 4.6.0 (2010-05-31) (HKLM-x32\...\XMLmind XML Editor_is1) (Version: 4.6.0 - XMLmind)
XMLServiceToolV2 (HKLM-x32\...\{0F72FEF7-6E87-49C5-AB0E-FBAFD0E00EF2}) (Version: 2.0.0 - Bundesanzeiger)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

12-04-2015 13:47:51 Removed PDF Architect
13-04-2015 11:48:42 Windows-Sicherung
13-04-2015 16:55:42 Removed WD My Cloud
13-04-2015 18:12:30 Installed WD Discovery
13-04-2015 18:19:39 WD SmartWare Installer
16-04-2015 09:15:07 Windows Update
16-04-2015 09:45:53 Installed Sonos Controller.
16-04-2015 11:31:08 Windows Update
19-04-2015 10:21:53 Windows Update
19-04-2015 15:43:56 Windows Update
19-04-2015 19:13:11 Windows-Sicherung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-04-19 13:30 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {001933A8-3016-4963-8B69-09B00BD41833} - \Plus-HD-3.8-codedownloader No Task File <==== ATTENTION
Task: {06283FF5-567C-4E7B-902F-4E7A84945D32} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {08498D11-C830-45A6-80E4-B08EC8116490} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {1900BDE0-6E60-458D-9BBD-788CDBC6BE8A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {1BF7F865-DFC4-4BB9-84D0-95A54C4FDCD3} - System32\Tasks\{405953F1-54EC-4820-B1B7-CB52898624C4} => pcalua.exe -a C:\Users\kami\Downloads\USBDrivers_23.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {1CDAC75A-A1BB-4D04-9630-64A18F451B58} - System32\Tasks\GoogleUpdateTaskMachineUA1cfffdf66526ee7 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {1D3A14F6-6594-4D40-A055-303C7DBB67DE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {41DDAF3D-7352-4F37-8E87-8CB214F157FC} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {47811B2F-2343-4CB2-9140-C3E42AD7C1FE} - \Plus-HD-3.8-firefoxinstaller No Task File <==== ATTENTION
Task: {4872684A-CC41-4E96-90EE-23B6B7C308FE} - System32\Tasks\{F6F71C2E-4C20-44B7-9DDD-C0E18F922370} => pcalua.exe -a C:\Users\kami\Downloads\jxpiinstall.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {499D170C-5FEB-4231-8DEE-23C591D5D5D8} - \Plus-HD-3.8-chromeinstaller No Task File <==== ATTENTION
Task: {529BD07D-ACE0-4638-AA71-CA5A93B28ED8} - System32\Tasks\{4E98F3FB-7896-4058-BD13-823D6945B38F} => pcalua.exe -a "C:\Users\kami\Documents\My Projects\Zyste\Kiefer-CT\DV31\DE_DE\SETUPW2K.EXE" -d "C:\Users\kami\Documents\My Projects\Zyste\Kiefer-CT\DV31\DE_DE"
Task: {53BD8261-DF20-4254-A0A5-09F7295623AB} - System32\Tasks\{A20C8E88-8BEE-43D1-80E4-CCA6A63FD689} => pcalua.exe -a C:\Users\kami\Downloads\zumo550_440.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {575A5CCE-D922-435E-8CE5-6B9A47BBA28B} - System32\Tasks\{7EE4D7BA-9010-475C-AD3D-4149B76B04A0} => pcalua.exe -a "C:\Program Files (x86)\ElsterFormular\bin\installationsverwaltung.exe" -d "C:\Program Files (x86)\ElsterFormular\bin" -c --zeigeDlg
Task: {60AEE8DF-D87A-424E-8D37-F357C03B19B1} - System32\Tasks\{BEE6F6BC-7E4E-4156-B456-4BC6B32E9CFC} => pcalua.exe -a C:\Users\kami\Downloads\VirtualBox-4.3.26-98988-Win.exe -d C:\Users\kami\Desktop
Task: {64EE2590-8AD0-4CF8-9776-19F80B91032C} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2011-05-10] (Hewlett-Packard)
Task: {73646A09-01DF-4BEC-8410-7A6AE7C76317} - \Plus-HD-3.8-updater No Task File <==== ATTENTION
Task: {768DF770-0874-4AAD-901E-3FEA36209A02} - System32\Tasks\{3FB10DA3-D217-4D1D-A771-73D471FA49B1} => pcalua.exe -a G:\BMW-Diagnose\LuPeDi-CD\VMware-player-4.0.1-528992.exe -d G:\BMW-Diagnose\LuPeDi-CD
Task: {76A33DD5-687B-4858-B2A4-EF9C08D5F959} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {7B8CFA59-807A-4655-9875-EEDEC70E3777} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {7F761247-E1AF-4456-9207-4A11B453F630} - System32\Tasks\{287FC240-3430-4628-A791-173374ACA4CF} => pcalua.exe -a "C:\VAIS GmbH\Equipment\Nikon Coolpix P500\F-P500-V11W.exe" -d "C:\VAIS GmbH\Equipment\Nikon Coolpix P500"
Task: {88A4FA0C-9E4A-4A24-977F-CE990BA1AA65} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8CF46AA4-9CC9-4A74-A0F9-0F9E299AA524} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A57C7A01-277D-4D15-A4BA-CA7D721817C4} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2011-07-31] (Haufe-Lexware GmbH & Co. KG)
Task: {A7218D38-69E6-4613-A538-20DD7105C023} - System32\Tasks\{046986FD-9DB1-4173-A375-483BF9D48683} => pcalua.exe -a C:\Users\kami\Downloads\HijackThis.exe -d C:\Users\kami\Desktop
Task: {B0A3A30D-AB38-4825-B792-0C4C23D2141D} - System32\Tasks\{8DD31CD2-8F7C-4809-A0DC-3D78AE6D2EBA} => pcalua.exe -a C:\Users\kami\Downloads\jxpiinstall(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {B6886E16-78D2-4BA2-80D7-69A8EB0BF45A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {B6C8C5F6-F6C7-45BA-9BFC-AF612B65BE58} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-10] (Oracle Corporation)
Task: {B7DBF47E-DC3B-42B5-ADB6-B3864C826B0B} - System32\Tasks\{D977A8D3-C6B2-4D0E-8DEA-C673B3B19161} => pcalua.exe -a C:\Users\kami\Downloads\F-P500-V11W.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {B8D3B2D9-07A9-4875-AE6E-5C18921CDCAE} - System32\Tasks\{05045DF5-9001-44CA-A8E1-54E8DB85B6F1} => pcalua.exe -a C:\Users\kami\Downloads\wrdszch.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {B8EE803A-E92F-43C6-A773-8374447A3E11} - System32\Tasks\{0F2BF6C1-C062-480F-84CD-9A531DDBA372} => pcalua.exe -a C:\LTplusCAD\LTplus.exe -d C:\LTplusCAD -c /B ltsetup.scr
Task: {BCC46F08-5CD5-42CC-9378-327BA4284D62} - System32\Tasks\{5061C3C4-0A3A-474E-918E-D32C552B168C} => pcalua.exe -a C:\Users\kami\Downloads\sp54177.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {C2FBB3EE-F010-4B3C-A201-A91F236DA2EC} - \Plus-HD-3.8-enabler No Task File <==== ATTENTION
Task: {C4A17781-6F9D-4116-8E58-1B051E5EAF86} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {C58C3221-9713-4F19-923F-50E5674D7145} - System32\Tasks\{74EF2365-0D63-4583-9BCC-2FD89228B725} => pcalua.exe -a C:\Users\kami\Downloads\LTplus_SketchUP.exe -d C:\Users\kami\Downloads
Task: {C720A7E1-77FD-4AEF-9B54-2E57F75F3D47} - System32\Tasks\{CBD9BC13-72E0-4024-900F-DB43F8C2D5BF} => C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
Task: {CFFFD4B8-026B-46E1-967C-E0B39FB0F775} - System32\Tasks\{1543AE92-FCE4-4364-A7D8-1EA7D9234B81} => pcalua.exe -a C:\Users\kami\Downloads\LTplus_SketchUP(1).exe -d C:\Users\kami\Downloads
Task: {E027C661-49DA-4A77-9278-0DBAA1B3D060} - System32\Tasks\{DE6BC2ED-4D34-4602-AE3C-3357C8C96680} => pcalua.exe -a D:\setup_vmc_lite.exe -d D:\ -c /checkApplicationPresence
Task: {E9651246-1E99-43D6-9CC2-835C1554CE73} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated)
Task: {E9BD553D-0254-4BBF-9838-026B9A4DD3D6} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG)
Task: {ED2C4FF2-1097-4757-B28C-B590AB00AB0F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {F1174B2C-0522-44F4-ACB9-C9A13ED06D3B} - System32\Tasks\HPCeeScheduleForkami => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {F75C495F-1484-4C60-AF41-CB80528A9C41} - System32\Tasks\{AD831500-7CCF-4C8A-B6EE-42468807CDEE} => pcalua.exe -a C:\Users\kami\Downloads\sp57708.exe -d C:\Users\kami\Downloads
Task: {F769D86F-0104-4FE3-9AE9-F4C5A98E43B5} - System32\Tasks\Trader Workstation Update => C:\Jts\WiseUpdt.exe [2006-11-08] ()
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1cfffdf66526ee7.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForkami.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-07-18 23:04 - 2011-07-18 23:04 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2015-03-13 15:54 - 2015-03-13 15:54 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2013-08-23 00:29 - 2006-02-23 11:35 - 00020480 _____ () C:\windows\System32\FritzColorPort64.dll
2013-08-23 00:29 - 2006-02-22 10:39 - 00020480 _____ () C:\windows\System32\FritzPort64.dll
2012-07-03 11:51 - 2011-04-02 16:05 - 00290304 _____ () C:\windows\System32\HP1100LM.DLL
2012-07-03 11:53 - 2011-04-02 16:04 - 00074240 _____ () C:\windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\kami\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken 2004 Zahlungserinnerung.lnk => C:\windows\pss\Quicken 2004 Zahlungserinnerung.lnk.CommonStartup
MSCONFIG\startupreg: Iminent => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
MSCONFIG\startupreg: IminentMessenger => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background

==================== Accounts: =============================

Administrator (S-1-5-21-2479338598-3314396831-1710804073-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-2479338598-3314396831-1710804073-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2479338598-3314396831-1710804073-1004 - Limited - Enabled)
Hotel (S-1-5-21-2479338598-3314396831-1710804073-1007 - Limited - Enabled) => C:\Users\Hotel
kami (S-1-5-21-2479338598-3314396831-1710804073-1003 - Administrator - Enabled) => C:\Users\kami
RF (S-1-5-21-2479338598-3314396831-1710804073-1005 - Limited - Enabled) => C:\Users\RF
Sonos (S-1-5-21-2479338598-3314396831-1710804073-1016 - Limited - Enabled)
Vais (S-1-5-21-2479338598-3314396831-1710804073-1006 - Administrator - Enabled) => C:\Users\Vais

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/19/2015 10:37:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (04/19/2015 10:37:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (04/19/2015 10:37:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (04/19/2015 07:32:34 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Auf diesem Laufwerk ist nicht genügend Speicherplatz zum Speichern der Sicherung verfügbar. Löschen Sie ältere Sicherungen und nicht benötigte Daten, um Speicherplatz freizugeben, oder ändern Sie die Sicherungseinstellungen. (0x81000005)"

Error: (04/19/2015 07:08:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (04/19/2015 07:08:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (04/19/2015 07:08:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (04/19/2015 07:02:49 PM) (Source: VmbService) (EventID: 0) (User: )
Description: GetLoggedOnUser

Error: (04/19/2015 11:20:54 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (04/19/2015 10:11:25 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.


System errors:
=============
Error: (04/19/2015 11:35:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: 
%%126

Error: (04/19/2015 11:34:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/19/2015 11:34:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management & Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/19/2015 11:34:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HP Support Assistant Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/19/2015 11:34:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Power Assistant Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/19/2015 11:34:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/19/2015 11:34:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Software Framework Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/19/2015 11:34:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Connection Manager Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/19/2015 11:34:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "WD Backup" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/19/2015 11:34:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Vodafone-Mobile-Broadband-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================

M-K-D-B · 20.04.2015, 14:04

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
Task: {001933A8-3016-4963-8B69-09B00BD41833} - \Plus-HD-3.8-codedownloader No Task File <==== ATTENTION
Task: {47811B2F-2343-4CB2-9140-C3E42AD7C1FE} - \Plus-HD-3.8-firefoxinstaller No Task File <==== ATTENTION
Task: {499D170C-5FEB-4231-8DEE-23C591D5D5D8} - \Plus-HD-3.8-chromeinstaller No Task File <==== ATTENTION
Task: {73646A09-01DF-4BEC-8410-7A6AE7C76317} - \Plus-HD-3.8-updater No Task File <==== ATTENTION
Task: {C2FBB3EE-F010-4B3C-A201-A91F236DA2EC} - \Plus-HD-3.8-enabler No Task File <==== ATTENTION
Task: {BCC46F08-5CD5-42CC-9378-327BA4284D62} - System32\Tasks\{5061C3C4-0A3A-474E-918E-D32C552B168C} => pcalua.exe -a C:\Users\kami\Downloads\sp54177.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {B8D3B2D9-07A9-4875-AE6E-5C18921CDCAE} - System32\Tasks\{05045DF5-9001-44CA-A8E1-54E8DB85B6F1} => pcalua.exe -a C:\Users\kami\Downloads\wrdszch.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {B7DBF47E-DC3B-42B5-ADB6-B3864C826B0B} - System32\Tasks\{D977A8D3-C6B2-4D0E-8DEA-C673B3B19161} => pcalua.exe -a C:\Users\kami\Downloads\F-P500-V11W.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {B0A3A30D-AB38-4825-B792-0C4C23D2141D} - System32\Tasks\{8DD31CD2-8F7C-4809-A0DC-3D78AE6D2EBA} => pcalua.exe -a C:\Users\kami\Downloads\jxpiinstall(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A7218D38-69E6-4613-A538-20DD7105C023} - System32\Tasks\{046986FD-9DB1-4173-A375-483BF9D48683} => pcalua.exe -a C:\Users\kami\Downloads\HijackThis.exe -d C:\Users\kami\Desktop
Task: {B0A3A30D-AB38-4825-B792-0C4C23D2141D} - System32\Tasks\{8DD31CD2-8F7C-4809-A0DC-3D78AE6D2EBA} => pcalua.exe -a C:\Users\kami\Downloads\jxpiinstall(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
RemoveProxy:
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code:
ATTFilter
```
:regfind
Spigot
Cain
yellow cabs
Elex-tech
Elex tech
iSafe
         
```
Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

Schritt 3

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von SystemLook,
die beiden neuen Logdateien von FRST.

NoMW! · 20.04.2015, 18:19

Hallo Matthias,

ein großer Erfolg hat sich bereits eingestellt: die nervenden Werbefenster poppen nicht mehr hoch.

Meine Stimmung ist wieder im positiven Bereich.

Der Neustart beim Schritt 1 ist beim Willkommen-Fenster hängen geblieben. Erzwungener nochmaliger Neustart war dann erfolgreich.

Schritt 1:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-04-2015 01
Ran by kami at 2015-04-20 18:42:15 Run:1
Running from C:\Users\kami\Desktop
Loaded Profiles: kami (Available profiles: kami & RF & Vais & Hotel & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
Task: {001933A8-3016-4963-8B69-09B00BD41833} - \Plus-HD-3.8-codedownloader No Task File <==== ATTENTION
Task: {47811B2F-2343-4CB2-9140-C3E42AD7C1FE} - \Plus-HD-3.8-firefoxinstaller No Task File <==== ATTENTION
Task: {499D170C-5FEB-4231-8DEE-23C591D5D5D8} - \Plus-HD-3.8-chromeinstaller No Task File <==== ATTENTION
Task: {73646A09-01DF-4BEC-8410-7A6AE7C76317} - \Plus-HD-3.8-updater No Task File <==== ATTENTION
Task: {C2FBB3EE-F010-4B3C-A201-A91F236DA2EC} - \Plus-HD-3.8-enabler No Task File <==== ATTENTION
Task: {BCC46F08-5CD5-42CC-9378-327BA4284D62} - System32\Tasks\{5061C3C4-0A3A-474E-918E-D32C552B168C} => pcalua.exe -a C:\Users\kami\Downloads\sp54177.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {B8D3B2D9-07A9-4875-AE6E-5C18921CDCAE} - System32\Tasks\{05045DF5-9001-44CA-A8E1-54E8DB85B6F1} => pcalua.exe -a C:\Users\kami\Downloads\wrdszch.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {B7DBF47E-DC3B-42B5-ADB6-B3864C826B0B} - System32\Tasks\{D977A8D3-C6B2-4D0E-8DEA-C673B3B19161} => pcalua.exe -a C:\Users\kami\Downloads\F-P500-V11W.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {B0A3A30D-AB38-4825-B792-0C4C23D2141D} - System32\Tasks\{8DD31CD2-8F7C-4809-A0DC-3D78AE6D2EBA} => pcalua.exe -a C:\Users\kami\Downloads\jxpiinstall(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A7218D38-69E6-4613-A538-20DD7105C023} - System32\Tasks\{046986FD-9DB1-4173-A375-483BF9D48683} => pcalua.exe -a C:\Users\kami\Downloads\HijackThis.exe -d C:\Users\kami\Desktop
Task: {B0A3A30D-AB38-4825-B792-0C4C23D2141D} - System32\Tasks\{8DD31CD2-8F7C-4809-A0DC-3D78AE6D2EBA} => pcalua.exe -a C:\Users\kami\Downloads\jxpiinstall(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
RemoveProxy:
EmptyTemp:
end
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{001933A8-3016-4963-8B69-09B00BD41833}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{001933A8-3016-4963-8B69-09B00BD41833}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-codedownloader" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{47811B2F-2343-4CB2-9140-C3E42AD7C1FE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47811B2F-2343-4CB2-9140-C3E42AD7C1FE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-firefoxinstaller" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{499D170C-5FEB-4231-8DEE-23C591D5D5D8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{499D170C-5FEB-4231-8DEE-23C591D5D5D8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-chromeinstaller" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{73646A09-01DF-4BEC-8410-7A6AE7C76317}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73646A09-01DF-4BEC-8410-7A6AE7C76317}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C2FBB3EE-F010-4B3C-A201-A91F236DA2EC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2FBB3EE-F010-4B3C-A201-A91F236DA2EC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-enabler" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BCC46F08-5CD5-42CC-9378-327BA4284D62}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCC46F08-5CD5-42CC-9378-327BA4284D62}" => Key deleted successfully.
C:\Windows\System32\Tasks\{5061C3C4-0A3A-474E-918E-D32C552B168C} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5061C3C4-0A3A-474E-918E-D32C552B168C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8D3B2D9-07A9-4875-AE6E-5C18921CDCAE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8D3B2D9-07A9-4875-AE6E-5C18921CDCAE}" => Key deleted successfully.
C:\Windows\System32\Tasks\{05045DF5-9001-44CA-A8E1-54E8DB85B6F1} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{05045DF5-9001-44CA-A8E1-54E8DB85B6F1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7DBF47E-DC3B-42B5-ADB6-B3864C826B0B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7DBF47E-DC3B-42B5-ADB6-B3864C826B0B}" => Key deleted successfully.
C:\Windows\System32\Tasks\{D977A8D3-C6B2-4D0E-8DEA-C673B3B19161} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D977A8D3-C6B2-4D0E-8DEA-C673B3B19161}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0A3A30D-AB38-4825-B792-0C4C23D2141D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0A3A30D-AB38-4825-B792-0C4C23D2141D}" => Key deleted successfully.
C:\Windows\System32\Tasks\{8DD31CD2-8F7C-4809-A0DC-3D78AE6D2EBA} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8DD31CD2-8F7C-4809-A0DC-3D78AE6D2EBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7218D38-69E6-4613-A538-20DD7105C023}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7218D38-69E6-4613-A538-20DD7105C023}" => Key deleted successfully.
C:\Windows\System32\Tasks\{046986FD-9DB1-4173-A375-483BF9D48683} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{046986FD-9DB1-4173-A375-483BF9D48683}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0A3A30D-AB38-4825-B792-0C4C23D2141D} => Key not found. 
C:\Windows\System32\Tasks\{8DD31CD2-8F7C-4809-A0DC-3D78AE6D2EBA} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8DD31CD2-8F7C-4809-A0DC-3D78AE6D2EBA} => Key not found. 

========= RemoveProxy: =========

"HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.


========= End of RemoveProxy: =========

EmptyTemp: => Removed 550.6 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 18:45:00 ====

Schritt 2:

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 19:05 on 20/04/2015 by kami
Administrator - Elevation successful

========== regfind ==========

Searching for "Spigot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\06946EE3856F0BA47BA1B7663EB31F8A]
"2AF9375644402BA45B8978426035E9DB"="C:\Program Files (x86)\Common Files\Spigot\wtxpcom\chrome\content\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\11668D9C06DD0A64689920C3E9AA8BF6]
"2AF9375644402BA45B8978426035E9DB"="C?\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5BB8B2DE8E6BEBB47BBC322B82D20DF9]
"2AF9375644402BA45B8978426035E9DB"="C:\Program Files (x86)\Common Files\Spigot\wtxpcom\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3157AA407841454BB0C9BE8D1982BC9]
"2AF9375644402BA45B8978426035E9DB"="C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AF9375644402BA45B8978426035E9DB\InstallProperties]
"Publisher"="Spigot, Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{65739FA2-0444-4AB2-B598-872406539EBD}]
"Publisher"="Spigot, Inc."

Searching for "Cain"
[HKEY_CURRENT_USER\Software\Cain]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList]
"f"="Cain.exe"
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.1.7601.17592 (win7sp1_gdr.110408-1631)\ComponentFamilies\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_none_bf993fad7a9f1adb\f256!wicainventory.exe]
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Cain]
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList]
"f"="Cain.exe"

Searching for "yellow cabs"
No data found.

Searching for "Elex-tech"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\iSafeRKScan]
"Icon"="C:\Program Files (x86)\Elex-tech\YAC\iStart.exe,-109"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\iSafeRKScan\command]
@=""C:\Program Files (x86)\Elex-tech\YAC\iStart.exe" -iSafeRightKeyShell -isafeRKShell_opt=isafeRKShell_opt_deepclean -isafeRKShell_executorPath="C:\Program Files (x86)\Elex-tech\YAC\iSafe.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\iSafeKrnlBoot]
"ProgramPath"="C:\Program Files (x86)\Elex-tech\YAC"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\iSafeKrnlBoot]
"ProgramPath"="C:\Program Files (x86)\Elex-tech\YAC"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot]
"ProgramPath"="C:\Program Files (x86)\Elex-tech\YAC"

Searching for "Elex tech"
No data found.

Searching for "iSafe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\isafeantivir.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\isafeantivir.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\iSafeRKScan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\iSafeRKScan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\iSafeRKScan\command]
@=""C:\Program Files (x86)\Elex-tech\YAC\iStart.exe" -iSafeRightKeyShell -isafeRKShell_opt=isafeRKShell_opt_deepclean -isafeRKShell_executorPath="C:\Program Files (x86)\Elex-tech\YAC\iSafe.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\iSafeRKScan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\iSafeRKScan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{03C3860D-86B7-4F36-924C-3B1AD93B4C79}]
@="ISafeReportItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0A95BE2D-1543-46BE-AD6D-18653034BF87}]
@="ISafeMailItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3120A5E4-552D-4EDF-8C48-70C5D5FF22D2}]
@="ISafeContactItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{31CE2164-4D5C-4508-BCA7-B10E11D08E6B}]
@="ISafeMAPIFolder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35EFAD55-134A-47BF-912A-44A9D9FD556F}]
@="ISafeAppointmentItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C61669E-F0CE-4126-B365-316588E6228F}]
@="ISafeRecipient"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6A5D680A-8F9F-4752-A056-2C0273F60B4E}]
@="ISafePostItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E4C6020-2932-4DDD-BDA8-998AE4CDF50D}]
@="ISafeInspector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CACB61E0-AEEA-404D-88E1-7F3BCA8B8726}]
@="ISafeRecipients"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CD5B9523-6EAF-4D63-8FE8-C081C51D1673}]
@="ISafeTable"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D7E6FB7C-A22F-4A9D-A89D-653D1AA37324}]
@="ISafeCurrentUser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D80AC53D-E102-4A55-A265-529A626515E5}]
@="ISafeItems"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DBCAD616-BFD4-4C72-8D87-C5926921D378}]
@="_ISafeItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3EC74BB-5522-462D-A00F-2728C53FCA04}]
@="ISafeJournalItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EBB4EBA9-D546-4C85-A05A-167BF875FB83}]
@="ISafeDistList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F7919641-3978-4668-8388-7310329C800E}]
@="ISafeMeetingItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F961CE9D-AE2B-4CFB-887C-3A055FF685C9}]
@="ISafeTaskItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\iSafeRKScan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{03C3860D-86B7-4F36-924C-3B1AD93B4C79}]
@="ISafeReportItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0A95BE2D-1543-46BE-AD6D-18653034BF87}]
@="ISafeMailItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3120A5E4-552D-4EDF-8C48-70C5D5FF22D2}]
@="ISafeContactItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31CE2164-4D5C-4508-BCA7-B10E11D08E6B}]
@="ISafeMAPIFolder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{35EFAD55-134A-47BF-912A-44A9D9FD556F}]
@="ISafeAppointmentItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5C61669E-F0CE-4126-B365-316588E6228F}]
@="ISafeRecipient"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6A5D680A-8F9F-4752-A056-2C0273F60B4E}]
@="ISafePostItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6E4C6020-2932-4DDD-BDA8-998AE4CDF50D}]
@="ISafeInspector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CACB61E0-AEEA-404D-88E1-7F3BCA8B8726}]
@="ISafeRecipients"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CD5B9523-6EAF-4D63-8FE8-C081C51D1673}]
@="ISafeTable"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D7E6FB7C-A22F-4A9D-A89D-653D1AA37324}]
@="ISafeCurrentUser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D80AC53D-E102-4A55-A265-529A626515E5}]
@="ISafeItems"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DBCAD616-BFD4-4C72-8D87-C5926921D378}]
@="_ISafeItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3EC74BB-5522-462D-A00F-2728C53FCA04}]
@="ISafeJournalItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EBB4EBA9-D546-4C85-A05A-167BF875FB83}]
@="ISafeDistList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F7919641-3978-4668-8388-7310329C800E}]
@="ISafeMeetingItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F961CE9D-AE2B-4CFB-887C-3A055FF685C9}]
@="ISafeTaskItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\isafeantivir.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\isafeantivir.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\isafeantivir.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\isafeantivir.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{03C3860D-86B7-4F36-924C-3B1AD93B4C79}]
@="ISafeReportItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{0A95BE2D-1543-46BE-AD6D-18653034BF87}]
@="ISafeMailItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{3120A5E4-552D-4EDF-8C48-70C5D5FF22D2}]
@="ISafeContactItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{31CE2164-4D5C-4508-BCA7-B10E11D08E6B}]
@="ISafeMAPIFolder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{35EFAD55-134A-47BF-912A-44A9D9FD556F}]
@="ISafeAppointmentItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{5C61669E-F0CE-4126-B365-316588E6228F}]
@="ISafeRecipient"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{6A5D680A-8F9F-4752-A056-2C0273F60B4E}]
@="ISafePostItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{6E4C6020-2932-4DDD-BDA8-998AE4CDF50D}]
@="ISafeInspector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{CACB61E0-AEEA-404D-88E1-7F3BCA8B8726}]
@="ISafeRecipients"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{CD5B9523-6EAF-4D63-8FE8-C081C51D1673}]
@="ISafeTable"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{D7E6FB7C-A22F-4A9D-A89D-653D1AA37324}]
@="ISafeCurrentUser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{D80AC53D-E102-4A55-A265-529A626515E5}]
@="ISafeItems"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{DBCAD616-BFD4-4C72-8D87-C5926921D378}]
@="_ISafeItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{E3EC74BB-5522-462D-A00F-2728C53FCA04}]
@="ISafeJournalItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{EBB4EBA9-D546-4C85-A05A-167BF875FB83}]
@="ISafeDistList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{F7919641-3978-4668-8388-7310329C800E}]
@="ISafeMeetingItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{F961CE9D-AE2B-4CFB-887C-3A055FF685C9}]
@="ISafeTaskItem"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\iSafeKrnlBoot]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\iSafeKrnlBoot]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\isafeantivir.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\isafeantivir.com]
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\isafeantivir.com]
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\isafeantivir.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\isafeantivir.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\isafeantivir.com]

Searching for "         "
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1323]
"Name"="&Linien          => Polylinie"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1389]
"Name"="         &Koordinatensystem drehen"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1392]
"Name"="         &Objekt-Fang (digitalisieren)"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1394]
"Name"="         &Automatische Schraffur"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1649]
"Name"="50         1/200"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1650]
"Name"="25         1/100"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1652]
"Name"="10         1/20"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1653]
"Name"="5           1/10"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1655]
"Name"="1           1/2"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1938]
"Name"="   Objekt          => BKS"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1939]
"Name"="   Ansicht         => BKS"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-2279]
"Name"="   &Polare             @ d < w"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-2399]
"Name"="         &Koordinatensystem drehen"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-2402]
"Name"="         &Objekt-Fang (digitalisieren)"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-2404]
"Name"="         &Automatische Schraffur"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-2544]
"Name"="&Abbruch          ^C"
[HKEY_CURRENT_USER\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-79]
"Name"="   &Polare             @ d < w"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Softonic\Softonic\iestrg]
"irh_settings"="{"ID":50,"PROGRAM_NAME":"Softonic new widget","Domain":"softonic                                          ","MERCHANTS_MARKETPLACE":2,"SHOW_STRIPS":1,"ALERT_MESSAGES":1,"WELCOME_PAGE":1,"UI_JS_URL":"hxxp://cdn.donation-tools.org/Strip/1_irobinhoodscript_V21.js","LANDING_URL":"hxxp://softonic.donation-tools.org/landing/SoftonicShop.aspx","SHORT_MENU":1,"HOMEPAGE_URL":"hxxp://softonic.donation-tools.org/landing/SoftonicIndex.aspx","CAUSE_STATS_URL":null,"MY_STATS_URL":null,"HOW_IT_WORKS_URL":"hxxp://softonic.donation-tools.org/landing/SoftonicHowItWorks.aspx","INVITE_URL":"hxxp://softonic.donation-tools.org/landing/SoftonicInvite.aspx","CHARITY_URL":"hxxp://softonic.donation-tools.org/landing/CharityList.aspx","SHOP_URL":"hxxp://softonic.donation-tools.org/landing/SoftonicShop.aspx","COMM_FACTOR":0.5,"AMAZON_US":"irh-p007-20","A
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\kami\Desktop\IZArc2Go4.1.6[1].exe"="IZArc2Go 4.1.6 Setup                                        "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\kami\Downloads\Sony PC Companion_Web.exe"="                                                            "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\kami\Desktop\IZArc2Go4.1.6.exe"="IZArc2Go 4.1.6 Setup                                        "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="2.0"/>                 </InitializationParameters>                 <Resources>                     <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                         <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                         <Capability Type="Shell"/>                     </Resource>                 </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{41290DB4-0C21-46ad-9A12-C40FD90E1B0B}]
"Wireless.GlobalChanged"="<?xml version="1.0"?>
<WirelessGlobalDeviceInfoOutput xmlns="schemas-hp-com.casl">
  <Output>
    <Data>
      <Capabilities>
      <NumberOfPowerSources>3</NumberOfPowerSources>
        <GlobalFeatures>
          <WWANAntenna>true</WWANAntenna>
          <GPSIncluded>true</GPSIncluded>
        </GlobalFeatures>
      </Capabilities>
      <Devices>
        <Device>
          <TechnologyType>WWAN</TechnologyType>
          <BusType>USB</BusType>
          <VendorID>03F0</VendorID>
          <DeviceID>251D</DeviceID>
          <SubVendorID>0000</SubVendorID>
          <SubSystemID>0000</SubSystemID>
          <PowerSource>2</PowerSource>
          <CurrentState>off</CurrentState>
          <LastRequestedState>
            <WMI Changed="false">on</WMI>
            <F10 Changed="false">on</F10>
            <HardwareButton Changed="false">off</Hardw
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" >                         <InitializationParameters>                             <Param Name="PSVersion" Value="2.0"/>                         </InitializationParameters>                         <Resources>                             <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                 <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                                
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Hewlett-Packard\HP Software Framework\{41290DB4-0C21-46ad-9A12-C40FD90E1B0B}]
"Wireless.GlobalChanged"="<?xml version="1.0"?>
<WirelessGlobalDeviceInfoOutput xmlns="schemas-hp-com.casl">
  <Output>
    <Data>
      <Capabilities>
      <NumberOfPowerSources>3</NumberOfPowerSources>
        <GlobalFeatures>
          <WWANAntenna>true</WWANAntenna>
          <GPSIncluded>true</GPSIncluded>
        </GlobalFeatures>
      </Capabilities>
      <Devices>
        <Device>
          <TechnologyType>WWAN</TechnologyType>
          <BusType>USB</BusType>
          <VendorID>03F0</VendorID>
          <DeviceID>251D</DeviceID>
          <SubVendorID>0000</SubVendorID>
          <SubSystemID>0000</SubSystemID>
          <PowerSource>2</PowerSource>
          <CurrentState>off</CurrentState>
          <LastRequestedState>
            <WMI Changed="false">on</WMI>
            <F10 Changed="false">on</F10>
            <HardwareButton Changed="false
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_LGE&PROD_MOBILE&REV_1.0#355850045276614&1#]
"DeviceDesc"="mobile          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_PMAP#FC0051A33343B893&0#]
"DeviceDesc"="Cruzer          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0404\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0404\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0404\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0404\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0404\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0404\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0404\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0404\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0404\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0404\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0404\White_Balance_Mode]
"00000000"="                «Ç¤º"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0404\White_Balance_Mode]
"01000001"="                «Ç¥~"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0404\White_Balance_Mode]
"02000002"="              ¿Ã¥ú¿O"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0404\White_Balance_Mode]
"03010000"="¬õ                                                ÂÅ"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0407\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0407\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0407\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0407\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0407\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0407\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0407\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0407\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0407\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0407\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0407\White_Balance_Mode]
"03010000"="Rot                                              Blau"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0409\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0409\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0409\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0409\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0409\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0409\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0409\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0409\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0409\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0409\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0409\White_Balance_Mode]
"03010000"="Red                                              Blue"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\040c\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\040c\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\040c\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\040c\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\040c\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\040c\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\040c\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\040c\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\040c\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\040c\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\040c\White_Balance_Mode]
"03010000"="Rouge                                              Bleu"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0411\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0411\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0411\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0411\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0411\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0411\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0411\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0411\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0411\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0411\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0411\White_Balance_Mode]
"03010000"="Ô                                              Â"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0804\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0804\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0804\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0804\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0804\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0804\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0804\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0804\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0804\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0804\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PAC7311\Parameters\0804\White_Balance_Mode]
"03010000"="ºì                                              À¶"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_LGE&PROD_MOBILE&REV_1.0#355850045276614&1#]
"DeviceDesc"="mobile          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_PMAP#FC0051A33343B893&0#]
"DeviceDesc"="Cruzer          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0404\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0404\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0404\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0404\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0404\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0404\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0404\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0404\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0404\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0404\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0404\White_Balance_Mode]
"00000000"="                «Ç¤º"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0404\White_Balance_Mode]
"01000001"="                «Ç¥~"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0404\White_Balance_Mode]
"02000002"="              ¿Ã¥ú¿O"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0404\White_Balance_Mode]
"03010000"="¬õ                                                ÂÅ"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0407\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0407\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0407\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0407\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0407\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0407\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0407\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0407\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0407\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0407\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0407\White_Balance_Mode]
"03010000"="Rot                                              Blau"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0409\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0409\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0409\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0409\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0409\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0409\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0409\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0409\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0409\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0409\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0409\White_Balance_Mode]
"03010000"="Red                                              Blue"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\040c\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\040c\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\040c\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\040c\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\040c\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\040c\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\040c\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\040c\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\040c\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\040c\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\040c\White_Balance_Mode]
"03010000"="Rouge                                              Bleu"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0411\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0411\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0411\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0411\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0411\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0411\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0411\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0411\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0411\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0411\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0411\White_Balance_Mode]
"03010000"="Ô                                              Â"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0804\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0804\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0804\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0804\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0804\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0804\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0804\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0804\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0804\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0804\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PAC7311\Parameters\0804\White_Balance_Mode]
"03010000"="ºì                                              À¶"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_LGE&PROD_MOBILE&REV_1.0#355850045276614&1#]
"DeviceDesc"="mobile          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_PMAP#FC0051A33343B893&0#]
"DeviceDesc"="Cruzer          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0404\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0404\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0404\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0404\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0404\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0404\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0404\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0404\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0404\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0404\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0404\White_Balance_Mode]
"00000000"="                «Ç¤º"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0404\White_Balance_Mode]
"01000001"="                «Ç¥~"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0404\White_Balance_Mode]
"02000002"="              ¿Ã¥ú¿O"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0404\White_Balance_Mode]
"03010000"="¬õ                                                ÂÅ"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0407\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0407\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0407\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0407\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0407\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0407\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0407\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0407\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0407\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0407\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0407\White_Balance_Mode]
"03010000"="Rot                                              Blau"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0409\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0409\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0409\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0409\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0409\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0409\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0409\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0409\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0409\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0409\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0409\White_Balance_Mode]
"03010000"="Red                                              Blue"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\040c\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\040c\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\040c\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\040c\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\040c\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\040c\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\040c\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\040c\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\040c\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\040c\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\040c\White_Balance_Mode]
"03010000"="Rouge                                              Bleu"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0411\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0411\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0411\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0411\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0411\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0411\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0411\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0411\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0411\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0411\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0411\White_Balance_Mode]
"03010000"="Ô                                              Â"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0804\Backlight_Compensation]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0804\Backlight_Compensation]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0804\Black_And_White_Mode]
"00000000"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0804\Black_And_White_Mode]
"01000001"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0804\Exposure_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0804\Exposure_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0804\Image_Mirror]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0804\Image_Mirror]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0804\White_Balance_Enable]
"00000001"="            On"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0804\White_Balance_Enable]
"01000000"="            Off"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PAC7311\Parameters\0804\White_Balance_Mode]
"03010000"="ºì                                              À¶"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1323]
"Name"="&Linien          => Polylinie"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1389]
"Name"="         &Koordinatensystem drehen"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1392]
"Name"="         &Objekt-Fang (digitalisieren)"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1394]
"Name"="         &Automatische Schraffur"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1649]
"Name"="50         1/200"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1650]
"Name"="25         1/100"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1652]
"Name"="10         1/20"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1653]
"Name"="5           1/10"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1655]
"Name"="1           1/2"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1938]
"Name"="   Objekt          => BKS"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-1939]
"Name"="   Ansicht         => BKS"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-2279]
"Name"="   &Polare             @ d < w"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-2399]
"Name"="         &Koordinatensystem drehen"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-2402]
"Name"="         &Objekt-Fang (digitalisieren)"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-2404]
"Name"="         &Automatische Schraffur"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-2544]
"Name"="&Abbruch          ^C"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\LTplusCAAD\IntelliCAD\Menu\MnuItem-79]
"Name"="   &Polare             @ d < w"
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Softonic\Softonic\iestrg]
"irh_settings"="{"ID":50,"PROGRAM_NAME":"Softonic new widget","Domain":"softonic                                          ","MERCHANTS_MARKETPLACE":2,"SHOW_STRIPS":1,"ALERT_MESSAGES":1,"WELCOME_PAGE":1,"UI_JS_URL":"hxxp://cdn.donation-tools.org/Strip/1_irobinhoodscript_V21.js","LANDING_URL":"hxxp://softonic.donation-tools.org/landing/SoftonicShop.aspx","SHORT_MENU":1,"HOMEPAGE_URL":"hxxp://softonic.donation-tools.org/landing/SoftonicIndex.aspx","CAUSE_STATS_URL":null,"MY_STATS_URL":null,"HOW_IT_WORKS_URL":"hxxp://softonic.donation-tools.org/landing/SoftonicHowItWorks.aspx","INVITE_URL":"hxxp://softonic.donation-tools.org/landing/SoftonicInvite.aspx","CHARITY_URL":"hxxp://softonic.donation-tools.org/landing/CharityList.aspx","SHOP_URL":"hxxp://softonic.donation-tools.org/landing/SoftonicShop.aspx","COMM_
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\kami\Desktop\IZArc2Go4.1.6[1].exe"="IZArc2Go 4.1.6 Setup                                        "
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\kami\Downloads\Sony PC Companion_Web.exe"="                                                            "
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\kami\Desktop\IZArc2Go4.1.6.exe"="IZArc2Go 4.1.6 Setup                                        "
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\kami\Desktop\IZArc2Go4.1.6[1].exe"="IZArc2Go 4.1.6 Setup                                        "
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\kami\Downloads\Sony PC Companion_Web.exe"="                                                            "
[HKEY_USERS\S-1-5-21-2479338598-3314396831-1710804073-1003_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\kami\Desktop\IZArc2Go4.1.6.exe"="IZArc2Go 4.1.6 Setup                                        "

-= EOF =-

NoMW! · 20.04.2015, 18:32

Schritt 3 FRST.txt:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by kami (administrator) on BETA on 20-04-2015 19:21:03
Running from C:\Users\kami\Desktop
Loaded Profiles: kami (Available profiles: kami & RF & Vais & Hotel & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(C-Dilla Ltd) C:\Windows\SysWOW64\drivers\CDAC11BA.EXE
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(HP) C:\Windows\System32\HPSIsvc.exe
() C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskservice.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Haufe Mediengruppe) C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskpython.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\xampp\mysql\bin\mysqld.exe
(XIMETA, Inc.) C:\Program Files\NDAS\System\ndassvc.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Apache Software Foundation) C:\Program Files (x86)\vtigercrm-5.3.0\apache\bin\Apache.exe
() C:\Program Files (x86)\vtigercrm-5.3.0\mysql\bin\mysqld-nt.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Apache Software Foundation) C:\Program Files (x86)\vtigercrm-5.3.0\apache\bin\Apache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Smith Micro Software, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(sw4you, Siegfried Weckmann) C:\Program Files (x86)\Hardcopy\hardcopy.exe
() C:\Program Files (x86)\Sony Corporation\Image Transfer\SonyTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Program Files (x86)\Hardcopy\hcdll2_ex.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Smith Micro Software, Inc) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
() C:\Users\kami\Desktop\SystemLook_x64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3196272 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [HP Connection Manager.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe [1119048 2010-03-13] (Smith Micro Software, Inc)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-10] ()
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [1&1_1&1 Office-Drive Manager] => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE [993392 2012-09-24] (1&1 Internet AG)
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] => C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90120000-0017-0000-0000-0000000FF1CE}] => C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK [2011-02-03]
ShortcutTarget: Hardcopy.LNK -> C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Image Transfer.lnk [2011-03-29]
ShortcutTarget: Image Transfer.lnk -> C:\Program Files (x86)\Sony Corporation\Image Transfer\SonyTray.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-02-13]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Jubiläumsversion Zahlungserinnerung.lnk [2012-07-11]
ShortcutTarget: Quicken Jubiläumsversion Zahlungserinnerung.lnk -> C:\Windows\Installer\{A907A713-DA24-4352-8786-96C7A6944646}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation)
ShellIconOverlayIdentifiers: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS64.DLL [2012-09-24] (1&1 Internet AG)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}] -> {6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} => C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS.DLL [2012-09-24] (1&1 Internet AG)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM-x32 - (No Name) - {32361cec-8645-4eea-a02e-406794b05835} - No File
SearchScopes: HKLM -> {72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2479338598-3314396831-1710804073-1003 -> {0BCB17D6-B352-4483-809A-DE0B5CD02F8F} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE0&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2479338598-3314396831-1710804073-1003 -> {72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D} URL = 
SearchScopes: HKU\S-1-5-21-2479338598-3314396831-1710804073-1003 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.de/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2010-05-06] (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation)
Handler: haufereader - No CLSID Value
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{49B937D5-91CB-4C63-A626-90511A9E92EA}: [NameServer] 192.168.178.1
Tcpip\..\Interfaces\{704C1AD4-1DA1-4F83-B0A1-F0CFB199FA80}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{8951B8BC-2E91-404E-88AE-F86E28012953}: [NameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\kami\AppData\Roaming\Mozilla\Firefox\Profiles\c625zout.default
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2011-06-25] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2010-10-28] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2011-06-25] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-12-13] (Nullsoft, Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2010-12-10] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @virtools.com/3DviaPlayer -> C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll [2012-04-05] (Dassault Systèmes)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll [2010-11-01] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-10-22] (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-24]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-09-12]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-15]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon [2011-04-09]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-07-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-06-11]
FF HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR Profile: C:\Users\kami\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SiteAdvisor) - C:\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-08-27]
CHR Extension: (Google Wallet) - C:\Users\kami\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-05]
CHR HKLM-x32\...\Chrome\Extension: [jgfpelakfkbbkkdchaaaknckhoadkcbo] - C:\Program Files (x86)\Mein Gutscheincode Finder\Chrome\chrome-extension.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-04] (ActivIdentity)
R2 Apache2.2; c:\xampp\apache\bin\httpd.exe [24636 2008-12-10] (Apache Software Foundation) [File not signed]
R2 C-DillaCdaC11BA; C:\windows\SysWOW64\drivers\CDAC11BA.EXE [39936 2010-12-14] (C-Dilla Ltd) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2010-02-02] (McAfee, Inc.) [File not signed]
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-12-07] (Hewlett-Packard Ltd)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [90112 2010-06-14] (Hewlett-Packard Company) [File not signed]
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2010-02-02] (McAfee, Inc.)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [298496 2010-05-06] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HRService; C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe [71024 2012-01-11] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 McAPExe; C:\PROGRAM FILES\MCAFEE\MSC\MCAPEXE.EXE [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-10-08] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mysql; c:\xampp\mysql\bin\mysqld.exe [6562432 2009-03-16] ()
R2 ndassvc; C:\Program Files\NDAS\System\ndassvc.exe [376808 2007-06-29] (XIMETA, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 QDLService2kHP; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe [1687360 2011-04-29] (QUALCOMM, Inc.)
R2 SMManager; C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe [82760 2010-03-13] (Smith Micro Software, Inc.)
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9216 2010-12-31] (Vodafone) [File not signed]
R2 vtigercrmApache530; C:\Program Files (x86)\vtigercrm-5.3.0\apache\bin\Apache.exe [20541 2009-05-08] (Apache Software Foundation) [File not signed]
R2 vtigercrmMysql530; C:\Program Files (x86)\vtigercrm-5.3.0\mysql\my.ini [2994 2012-02-14] () [File not signed]
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-02-12] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 XAMPP; c:\xampp\service.exe [60928 2007-12-21] () [File not signed]
S2 HPSLPSVC; C:\Users\kami\AppData\Local\Temp\7zS03A3\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\lgandadb.sys [31744 2010-08-01] (Google Inc)
S3 BioNTDrv; C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\BioNTDrv.SYS [18696 2014-05-19] (Paragon Software Group)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2011-04-09] (Bytemobile, Inc.) [File not signed]
S2 CdaC15BA; C:\windows\SysWOW64\drivers\CDAC15BA.SYS [8864 2012-01-05] () [File not signed]
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [419840 2010-12-31] (Huawei Technologies Co., Ltd.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 lfsfilt; C:\Windows\System32\DRIVERS\lfsfilt.sys [339944 2007-06-29] (XIMETA, Inc.)
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.)
R0 lpx; C:\Windows\System32\DRIVERS\lpx.sys [97256 2007-06-29] (XIMETA, Inc.)
R1 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [107736 2015-03-17] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-19] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
S3 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-04] (Marvell Semiconductor, Inc.)
R3 ndasbus; C:\Windows\System32\DRIVERS\ndasbus.sys [108520 2007-06-29] (XIMETA, Inc.)
R1 ndasfat; C:\windows\system32\DRIVERS\ndasfat.sys [537064 2007-06-29] (XIMETA, Inc.)
S3 ndasscsi; C:\Windows\System32\DRIVERS\ndasscsi.sys [235496 2007-06-29] (XIMETA, Inc.)
S3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [602112 2006-11-08] (PixArt Imaging Inc.)
S3 qcfilterhp2k; C:\Windows\System32\DRIVERS\qcfilterhp2k.sys [6400 2011-04-29] (QUALCOMM Incorporated)
S3 qcombushp; C:\Windows\System32\DRIVERS\qcombushp.sys [160328 2011-04-29] (MCCI)
S3 qcusbnethp2k; C:\Windows\System32\DRIVERS\qcusbnethp2k.sys [444416 2011-04-29] (QUALCOMM Incorporated)
S3 qcusbserhp2k; C:\Windows\System32\DRIVERS\qcusbserhp2k.sys [230784 2011-04-29] (QUALCOMM Incorporated)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2010-02-02] (McAfee, Inc.)
R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2010-02-02] (McAfee, Inc.)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2010-02-02] ()
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2010-02-02] (McAfee, Inc.)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2010-02-02] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2010-02-02] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2010-02-02] (McAfee, Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-01-19] ()
R1 tcpipBM; C:\windows\system32\drivers\tcpipBM.sys [39552 2011-04-09] (Bytemobile, Inc.) [File not signed]
R1 ui11drdr; C:\Windows\System32\DRIVERS\ui11drdr.sys [201072 2012-09-24] (1&1 Internet AG)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-05-19] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-05-19] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700296 2014-05-19] ()
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-19] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-19] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-19] (LG Electronics Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 vmci; system32\DRIVERS\vmci.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-20 19:05 - 2015-04-20 19:12 - 00103906 _____ () C:\Users\kami\Desktop\SystemLook.txt
2015-04-20 19:05 - 2015-04-20 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-04-20 18:40 - 2015-04-20 18:40 - 00165376 _____ () C:\Users\kami\Desktop\SystemLook_x64.exe
2015-04-20 00:22 - 2015-04-20 00:23 - 00151030 _____ () C:\Users\kami\Desktop\Neues Textdokument.txt
2015-04-19 23:54 - 2015-04-19 23:54 - 00001866 _____ () C:\Users\kami\Desktop\JRT_1.txt
2015-04-19 23:37 - 2015-04-19 23:37 - 00001866 _____ () C:\Users\kami\Desktop\JRT.txt
2015-04-19 23:34 - 2015-04-19 23:34 - 00000207 _____ () C:\windows\tweaking.com-regbackup-BETA-Windows-7-Professional-(64-bit).dat
2015-04-19 23:34 - 2015-04-19 23:34 - 00000000 ____D () C:\RegBackup
2015-04-19 23:32 - 2015-04-19 23:32 - 00001206 _____ () C:\Users\kami\Desktop\mbam.txt
2015-04-19 22:40 - 2015-04-19 22:40 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-19 22:40 - 2015-04-19 22:40 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-19 22:40 - 2015-04-19 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-19 22:40 - 2015-04-19 22:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-19 22:40 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-04-19 22:40 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-04-19 22:40 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-04-19 22:37 - 2015-04-19 22:38 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\kami\Desktop\mbam-setup-2.1.4.1018.exe
2015-04-19 22:32 - 2015-04-19 22:32 - 00002421 _____ () C:\Users\kami\Desktop\AdwCleaner[S4].txt
2015-04-19 21:55 - 2015-04-19 21:55 - 02686254 _____ (Thisisu) C:\Users\kami\Desktop\JRT.exe
2015-04-19 19:04 - 2015-04-19 19:04 - 00000000 ____D () C:\Users\kami\AppData\Roaming\1&1
2015-04-19 19:04 - 2015-04-19 19:04 - 00000000 ____D () C:\ProgramData\1&1
2015-04-19 13:35 - 2015-04-19 13:35 - 00052136 _____ () C:\ComboFix.txt
2015-04-19 13:12 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2015-04-19 13:12 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2015-04-19 13:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-04-19 13:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-04-19 13:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-04-19 13:12 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2015-04-19 13:12 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2015-04-19 13:12 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2015-04-19 13:08 - 2015-04-19 13:36 - 00000000 ____D () C:\Qoobox
2015-04-19 13:07 - 2015-04-19 13:32 - 00000000 ____D () C:\windows\erdnt
2015-04-19 10:45 - 2015-04-19 10:45 - 02217984 _____ () C:\Users\kami\Desktop\AdwCleaner_4.201.exe
2015-04-18 18:51 - 2015-04-18 18:51 - 00000000 ____D () C:\Users\kami\Documents\ProcAlyzer Dumps
2015-04-18 18:41 - 2015-04-18 18:41 - 00059728 _____ () C:\Users\kami\Desktop\Gmer.txt
2015-04-18 18:05 - 2015-04-18 18:05 - 00092155 _____ () C:\Users\kami\Desktop\FRST_a.txt
2015-04-18 18:00 - 2015-04-20 19:20 - 00000000 ____D () C:\Users\kami\Desktop\FRST-OlderVersion
2015-04-18 17:23 - 2015-04-18 17:23 - 00380416 _____ () C:\Users\kami\Desktop\Gmer-19357.exe
2015-04-18 17:11 - 2015-04-19 23:57 - 00058080 _____ () C:\Users\kami\Desktop\Addition_1.txt
2015-04-18 17:09 - 2015-04-20 19:23 - 00034109 _____ () C:\Users\kami\Desktop\FRST.txt
2015-04-18 17:09 - 2015-04-20 19:21 - 00000000 ____D () C:\FRST
2015-04-18 17:07 - 2015-04-18 17:08 - 00000470 _____ () C:\Users\kami\Desktop\defogger_disable.log
2015-04-18 17:07 - 2015-04-18 17:07 - 00000000 _____ () C:\Users\kami\defogger_reenable
2015-04-18 17:05 - 2015-04-18 17:05 - 00050477 _____ () C:\Users\kami\Downloads\Defogger.exe
2015-04-18 12:24 - 2015-04-18 11:52 - 00450771 ____R () C:\windows\system32\Drivers\etc\hosts.20150418-122415.backup
2015-04-17 18:03 - 2015-04-17 18:03 - 00050477 _____ () C:\Users\kami\Desktop\Defogger.exe
2015-04-17 13:03 - 2015-04-20 19:20 - 02099712 _____ (Farbar) C:\Users\kami\Desktop\FRST64.exe
2015-04-17 11:08 - 2015-04-18 11:49 - 00001983 _____ () C:\Users\kami\Desktop\Malware@firefox.txt
2015-04-16 12:20 - 2015-04-20 18:59 - 00008192 _____ () C:\windows\SysWOW64\WDPABKP.dat
2015-04-16 09:47 - 2015-04-16 09:47 - 00001947 _____ () C:\Users\Public\Desktop\Sonos.lnk
2015-04-16 09:47 - 2015-04-16 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonos
2015-04-16 09:47 - 2015-04-16 09:47 - 00000000 ____D () C:\Program Files (x86)\Sonos
2015-04-16 09:34 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-04-16 09:34 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-04-16 09:34 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-04-16 09:34 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-04-16 09:34 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-04-16 09:34 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-04-16 09:34 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-04-16 09:34 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-04-16 09:34 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-04-16 09:34 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-04-16 09:34 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-04-16 09:34 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-04-16 09:34 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-04-16 09:34 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-04-16 09:34 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-04-16 09:34 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-04-16 09:34 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-04-16 09:34 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-04-16 09:33 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-04-16 09:33 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-04-16 09:33 - 2015-03-10 07:29 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-04-16 09:33 - 2015-03-10 07:28 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-04-16 09:33 - 2015-03-10 07:28 - 01409024 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-04-16 09:33 - 2015-03-10 07:28 - 00600576 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 19292672 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 15409152 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 02656256 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-04-16 09:33 - 2015-03-10 07:27 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-04-16 09:33 - 2015-03-10 07:26 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-04-16 09:33 - 2015-03-10 07:26 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-04-16 09:33 - 2015-03-10 07:26 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 14373376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 02864640 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 01763328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-04-16 09:33 - 2015-03-10 05:49 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 13767680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-04-16 09:33 - 2015-03-10 05:48 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-04-16 09:33 - 2015-03-10 05:48 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-04-16 09:33 - 2015-03-10 05:32 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-04-16 09:33 - 2015-03-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-04-16 09:33 - 2015-03-10 05:07 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-04-16 09:33 - 2015-03-10 04:42 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2015-04-16 09:33 - 2015-03-10 04:39 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-04-16 09:33 - 2015-03-10 04:16 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2015-04-16 09:33 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2015-04-16 09:33 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2015-04-16 09:33 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\clfsw32.dll
2015-04-16 09:32 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-04-16 09:32 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-04-16 09:32 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-04-16 09:32 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-04-16 09:32 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-04-16 09:32 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-04-16 09:32 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-04-16 09:32 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-04-16 09:32 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-04-16 09:32 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-04-16 09:32 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-04-16 09:32 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-04-16 09:32 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-04-16 09:32 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-04-16 09:32 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-04-16 09:32 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-04-16 09:32 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-04-16 09:32 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-04-16 09:32 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-04-16 09:32 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-04-16 09:32 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-04-16 09:32 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-04-16 09:32 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-04-16 09:32 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-04-16 09:32 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-04-16 09:32 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-04-16 09:32 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-04-16 09:32 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-04-16 09:32 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 09:32 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-16 09:31 - 2015-04-18 10:46 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2015-04-16 09:30 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-04-16 09:30 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-04-16 09:30 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-04-16 09:30 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-04-16 09:29 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2015-04-16 09:01 - 2015-04-16 09:02 - 00995568 _____ () C:\windows\Minidump\041615-50325-01.dmp
2015-04-16 09:00 - 2015-04-16 09:00 - 876794833 _____ () C:\windows\MEMORY.DMP
2015-04-14 12:15 - 2015-04-14 12:15 - 00001153 _____ () C:\Users\Public\Desktop\WD My Cloud.lnk
2015-04-14 12:15 - 2015-04-14 12:15 - 00000000 ____D () C:\Users\kami\AppData\Roaming\com.wd.WDMyCloud
2015-04-14 12:14 - 2015-04-14 12:14 - 00000158 _____ () C:\Users\kami\Desktop\WD My Cloud – Öffentliche Freigabe (WCC4E2EJRERE).url
2015-04-14 12:14 - 2015-04-14 12:14 - 00000154 _____ () C:\Users\kami\Desktop\WD My Cloud-Dashboard (WCC4E2EJRERE).url
2015-04-14 12:03 - 2015-04-14 12:03 - 00000000 ____D () C:\Users\kami\AppData\Roaming\WDC
2015-04-14 12:02 - 2015-04-16 09:17 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-14 11:58 - 2015-04-14 12:00 - 00560552 _____ (Oracle Corporation) C:\Users\kami\Downloads\JavaSetup8u40.exe
2015-04-13 22:52 - 2015-04-13 22:52 - 00000000 ____D () C:\ProgramData\launcher
2015-04-13 22:21 - 2015-04-13 22:21 - 00000000 ____D () C:\ProgramData\rmbwizard
2015-04-13 19:37 - 2015-04-13 19:38 - 71601392 _____ () C:\Users\kami\Downloads\mc_windows_setup.exe
2015-04-13 19:08 - 2015-04-13 19:08 - 00000473 _____ () C:\Users\kami\Downloads\WDMyCloud-20150413-1908.conf
2015-04-13 18:29 - 2015-04-13 19:32 - 00000000 ____D () C:\Users\kami\AppData\Local\Western_Digital_Technolog
2015-04-13 18:21 - 2015-04-13 18:24 - 247429605 _____ () C:\Users\kami\Downloads\MyNetViewFull_1_0_12_0.zip
2015-04-13 18:20 - 2015-04-13 18:20 - 00000000 ____D () C:\Program Files\Western Digital
2015-04-13 18:20 - 2015-04-13 18:20 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2015-04-13 18:13 - 2015-04-14 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-04-13 18:13 - 2015-04-14 12:15 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2015-04-13 18:13 - 2015-04-13 18:13 - 00001186 _____ () C:\Users\Public\Desktop\WD Discovery.lnk
2015-04-13 16:53 - 2015-04-13 17:00 - 71601392 _____ () C:\Users\kami\Downloads\mc_windows_setup (1).exe
2015-04-13 16:12 - 2015-04-13 16:12 - 00001083 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2015-04-13 16:12 - 2015-04-13 16:12 - 00001063 _____ () C:\Users\Public\Desktop\PDF24 Fax.lnk
2015-04-13 16:12 - 2015-04-13 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-04-13 12:24 - 2015-04-13 16:12 - 00000000 ____D () C:\Program Files (x86)\PDF24
2015-04-13 11:59 - 2015-04-13 11:59 - 00001274 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk
2015-04-13 11:59 - 2015-04-13 11:59 - 00001262 _____ () C:\Users\Public\Desktop\Absolute Uninstaller.lnk
2015-04-13 11:59 - 2015-04-13 11:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2015-04-13 11:58 - 2015-04-13 11:58 - 04737952 _____ () C:\Users\kami\Downloads\ausetup5.3.1.20.exe
2015-04-13 11:58 - 2015-04-13 11:58 - 00000000 ____D () C:\Program Files (x86)\Glarysoft
2015-04-13 11:46 - 2015-04-13 11:46 - 16342352 _____ (Geek Software GmbH ) C:\Users\kami\Downloads\pdf24-creator-6.9.2 (1).exe
2015-04-12 11:34 - 2015-04-12 11:34 - 16342352 _____ (Geek Software GmbH ) C:\Users\kami\Downloads\pdf24-creator-6.9.2.exe
2015-04-11 20:08 - 2015-04-11 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour-Druckdienste
2015-04-11 20:08 - 2015-04-11 20:08 - 00000000 ____D () C:\Program Files\Bonjour Print Services
2015-04-11 20:02 - 2015-04-14 12:14 - 00000204 _____ () C:\Users\kami\Desktop\Lerncenter WD My Cloud.url
2015-04-11 20:02 - 2015-04-13 18:20 - 00000000 ____D () C:\ProgramData\Western Digital
2015-04-11 20:02 - 2015-04-11 20:02 - 00000158 _____ () C:\Users\kami\Desktop\WD My Cloud – Öffentliche Freigabe.url
2015-04-11 20:02 - 2015-04-11 20:02 - 00000154 _____ () C:\Users\kami\Desktop\WD My Cloud-Dashboard.url
2015-04-11 19:33 - 2015-04-13 18:29 - 00000000 ____D () C:\Users\kami\AppData\Local\Western Digital
2015-04-10 11:35 - 2015-04-10 11:35 - 00000000 ____D () C:\Users\kami\Neuer Ordner
2015-04-10 02:00 - 2015-04-10 02:00 - 00002331 _____ () C:\Users\Public\Desktop\Paragon Backup and Recovery™ 2014 Free.lnk
2015-04-10 02:00 - 2015-04-10 02:00 - 00002163 _____ () C:\Users\Public\Desktop\Paragon Recovery Media Builder™.lnk
2015-04-10 02:00 - 2015-04-10 02:00 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_blockmounter_01_09_00.Wdf
2015-04-10 02:00 - 2015-04-10 02:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup and Recovery™ 2014 Free
2015-04-10 01:59 - 2015-04-10 01:59 - 00000000 ____D () C:\Program Files\Paragon Software
2015-04-10 01:54 - 2015-04-10 01:54 - 00000000 ____D () C:\ProgramData\explauncher
2015-04-10 01:32 - 2015-04-10 01:52 - 417659040 _____ () C:\Users\kami\Downloads\br2014Free101.exe
2015-04-09 21:03 - 2015-04-09 21:03 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-04-09 11:46 - 2015-04-09 11:46 - 00022328 _____ () C:\Users\kami\Downloads\hijackthis.log
2015-04-09 10:51 - 2015-04-09 11:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\kami\Downloads\HijackThis.exe
2015-04-09 02:29 - 2015-04-09 02:29 - 00003432 _____ () C:\windows\System32\Tasks\Avira Browser Safety Updater Task
2015-04-09 02:29 - 2015-04-09 02:29 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-09 01:55 - 2015-04-20 19:16 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-04-09 01:55 - 2015-04-16 09:17 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-04-09 01:55 - 2015-04-16 09:17 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-09 01:55 - 2015-04-16 09:17 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-04-09 01:22 - 2015-04-19 10:01 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-04-09 01:13 - 2015-04-09 09:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-09 01:08 - 2015-04-09 01:44 - 00000000 ____D () C:\Users\kami\Entmister-SW
2015-04-08 23:55 - 2015-04-08 23:55 - 16502728 _____ (Malwarebytes Corp.) C:\Users\kami\Downloads\mbar-1.09.1.1004.exe
2015-04-08 22:25 - 2015-04-08 22:25 - 00002037 _____ () C:\Users\Public\Desktop\LightScribe.lnk
2015-04-08 22:25 - 2015-04-08 22:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2015-04-08 19:34 - 2015-04-13 18:20 - 00160620 _____ () C:\windows\DPINST.LOG
2015-04-08 19:32 - 2015-04-08 19:32 - 00002102 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-04-08 19:32 - 2015-04-08 19:32 - 00000000 ____D () C:\ProgramData\Sony
2015-04-08 19:31 - 2015-04-08 19:31 - 28579392 _____ (Sony Mobile Communications ) C:\Users\kami\Downloads\Sony PC Companion_Web.exe
2015-04-08 15:16 - 2015-04-08 15:21 - 00000000 ____D () C:\Users\kami\AppData\Roaming\Mozilla
2015-04-08 15:16 - 2015-04-08 15:16 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-08 15:16 - 2015-04-08 15:16 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-08 15:16 - 2015-04-08 15:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-08 12:50 - 2015-04-08 12:50 - 00243656 _____ () C:\Users\kami\Downloads\Firefox Setup Stub 37.0.1.exe
2015-04-08 11:29 - 2015-04-08 11:29 - 00116528 _____ () C:\Users\kami\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-08 11:15 - 2015-04-20 18:58 - 00003417 _____ () C:\windows\setupact.log
2015-04-08 11:15 - 2015-04-08 11:15 - 00000000 _____ () C:\windows\setuperr.log
2015-04-08 11:14 - 2015-04-20 09:33 - 00016172 _____ () C:\windows\PFRO.log
2015-04-08 11:14 - 2015-04-08 11:15 - 00439280 _____ () C:\windows\system32\FNTCACHE.DAT
2015-04-08 09:38 - 2015-04-08 09:38 - 00000000 ____D () C:\Users\kami\VirtualBox VMs
2015-04-08 09:30 - 2015-04-08 09:30 - 00003144 _____ () C:\windows\System32\Tasks\{BEE6F6BC-7E4E-4156-B456-4BC6B32E9CFC}
2015-04-08 09:27 - 2015-04-13 16:03 - 00000000 ____D () C:\Users\kami\.VirtualBox
2015-04-08 09:25 - 2015-04-08 09:29 - 00001036 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2015-04-08 09:25 - 2015-04-08 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-04-08 09:25 - 2015-03-16 17:36 - 00922704 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxDrv.sys
2015-04-08 09:24 - 2015-04-08 09:24 - 00000000 ____D () C:\Program Files\Oracle
2015-04-08 09:24 - 2015-03-16 17:35 - 00128592 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxUSBMon.sys
2015-04-08 02:22 - 2015-04-08 02:22 - 00000000 ____D () C:\Users\kami\AppData\Local\BVRP Software
2015-04-07 21:40 - 2009-06-10 23:00 - 00000824 _____ () C:\windows\system32\Drivers\etc\hosts.20150407-214026.backup
2015-04-07 21:16 - 2015-04-07 21:16 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2015-04-07 21:15 - 2015-04-19 19:00 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-07 21:15 - 2015-04-19 13:12 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-07 21:09 - 2015-04-07 21:14 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-07 21:09 - 2015-04-07 21:09 - 00002780 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2015-04-07 21:09 - 2015-04-07 21:09 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-07 21:09 - 2015-04-07 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-07 20:40 - 2015-04-07 20:40 - 00005684 _____ () C:\windows\system32\.crusader
2015-04-07 20:20 - 2015-04-07 20:41 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-06 13:21 - 2015-04-07 11:36 - 00000000 ____D () C:\windows\system32\log
2015-04-04 12:49 - 2015-04-04 12:49 - 00000000 ___SD () C:\windows\SysWOW64\GWX
2015-04-04 12:49 - 2015-04-04 12:49 - 00000000 ___SD () C:\windows\system32\GWX
2015-04-03 19:13 - 2015-04-03 19:13 - 00001373 _____ () C:\Users\kami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-03 17:22 - 2015-04-03 17:22 - 01400416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2015-04-03 17:22 - 2015-04-03 17:22 - 01400416 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2015-04-03 17:22 - 2015-04-03 17:22 - 01054720 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00905728 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00719360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00247296 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00232960 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00204800 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00185344 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00173568 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00150528 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00149504 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00138752 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00137216 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00125440 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00117248 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00110592 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2015-04-03 17:22 - 2015-04-03 17:22 - 00073728 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2015-04-03 17:22 - 2015-04-03 17:22 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00041984 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2015-04-03 17:22 - 2015-04-03 17:22 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2015-04-03 17:22 - 2015-04-03 17:22 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2015-04-03 03:31 - 2015-04-03 03:31 - 00000000 ____D () C:\Users\kami\AppData\Roaming\LavasoftStatistics
2015-04-03 03:31 - 2015-03-12 11:59 - 00373864 _____ (Lavasoft Limited) C:\windows\system32\LavasoftTcpService64.dll
2015-04-03 03:31 - 2015-03-12 11:58 - 00326288 _____ (Lavasoft Limited) C:\windows\SysWOW64\LavasoftTcpService.dll
2015-04-03 01:38 - 2015-04-03 01:38 - 00001381 _____ () C:\Users\kami\Desktop\Internet Explorer (64-bit).lnk
2015-04-02 22:12 - 2015-04-02 22:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-02 01:49 - 2015-04-02 17:18 - 00005632 _____ () C:\Users\kami\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-31 10:14 - 2015-03-31 10:14 - 00004387 _____ () C:\Users\kami\AppData\Roaming\HnmIsEN3HeBGjmHRcutCSbAF6p
2015-03-24 12:10 - 2015-04-19 23:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-20 19:08 - 2009-07-14 06:45 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-20 19:08 - 2009-07-14 06:45 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-20 19:05 - 2014-06-11 00:04 - 00001804 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2015-04-20 19:04 - 2010-11-13 17:40 - 01830054 _____ () C:\windows\WindowsUpdate.log
2015-04-20 18:59 - 2011-05-11 22:54 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-20 18:58 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-20 18:40 - 2014-11-14 09:48 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cfffdf66526ee7.job
2015-04-20 18:38 - 2010-12-07 04:02 - 00000000 ____D () C:\Users\kami\Postfach
2015-04-20 18:33 - 2011-05-11 22:54 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-19 22:37 - 2010-09-12 22:06 - 05535670 _____ () C:\windows\system32\perfh007.dat
2015-04-19 22:37 - 2010-09-12 22:06 - 01713162 _____ () C:\windows\system32\perfc007.dat
2015-04-19 22:37 - 2009-07-14 07:13 - 00006792 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-19 22:27 - 2013-12-30 15:56 - 00000000 ____D () C:\AdwCleaner
2015-04-19 13:35 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-19 13:30 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2015-04-18 18:19 - 2012-03-20 17:11 - 00000000 ____D () C:\Users\kami\AppData\Roaming\Notepad++
2015-04-18 17:07 - 2010-12-02 21:21 - 00000000 ____D () C:\Users\kami
2015-04-18 15:12 - 2010-12-26 11:56 - 00000000 ____D () C:\ProgramData\Lexware
2015-04-18 12:40 - 2014-08-18 17:35 - 00000000 ____D () C:\Users\kami\AppData\Roaming\Opera Software
2015-04-18 12:15 - 2014-06-05 15:36 - 00000000 ____D () C:\temp
2015-04-18 11:26 - 2013-02-17 14:56 - 00003180 _____ () C:\windows\System32\Tasks\HPCeeScheduleForkami
2015-04-18 11:26 - 2013-02-17 14:56 - 00000328 _____ () C:\windows\Tasks\HPCeeScheduleForkami.job
2015-04-18 01:49 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\AppCompat
2015-04-17 22:41 - 2010-12-03 03:23 - 00007620 _____ () C:\Users\kami\AppData\Local\Resmon.ResmonCfg
2015-04-17 22:38 - 2011-11-11 23:52 - 00000000 ____D () C:\ProgramData\Avanquest Bluetooth SDK
2015-04-17 18:16 - 2011-05-02 15:09 - 00000000 ____D () C:\Users\kami\Documents\Aktuell
2015-04-17 00:01 - 2011-03-22 23:08 - 00001644 _____ () C:\Users\kami\Desktop\FUS.txt
2015-04-16 23:51 - 2010-12-03 06:13 - 00000000 ____D () C:\windows\rescache
2015-04-16 12:37 - 2010-12-15 14:08 - 00000000 ____D () C:\Users\kami\Documents\Finanzen
2015-04-16 12:20 - 2009-07-27 17:04 - 00000000 ____D () C:\windows\Panther
2015-04-16 12:14 - 2014-12-11 10:22 - 00000000 ____D () C:\windows\system32\appraiser
2015-04-16 12:14 - 2014-07-09 13:10 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-04-16 11:40 - 2010-12-06 22:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-16 09:44 - 2013-08-15 11:37 - 00000000 ____D () C:\windows\system32\MRT
2015-04-16 09:34 - 2010-12-05 18:07 - 128913832 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-04-16 09:28 - 2013-10-22 21:00 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-16 09:27 - 2010-12-12 19:58 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-16 09:01 - 2012-10-10 23:49 - 00000000 ____D () C:\windows\Minidump
2015-04-14 12:01 - 2013-10-22 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-13 18:19 - 2013-03-26 12:05 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-13 17:36 - 2011-12-28 02:35 - 00000000 ____D () C:\Users\kami\AppData\Roaming\HpUpdate
2015-04-13 16:40 - 2010-09-12 22:37 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-04-13 16:32 - 2012-12-07 17:41 - 00002771 _____ () C:\Users\Public\Desktop\Lexware buchhalter.lnk
2015-04-13 16:32 - 2010-12-26 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2015-04-13 14:00 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2015-04-12 11:55 - 2011-06-21 00:16 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2015-04-12 11:37 - 2012-06-29 08:57 - 00000000 ____D () C:\Users\Hotel
2015-04-12 11:37 - 2012-01-11 18:12 - 00000000 ____D () C:\Users\Vais
2015-04-12 11:37 - 2011-11-20 12:17 - 00000000 ____D () C:\Users\Administrator
2015-04-12 11:37 - 2010-12-13 15:25 - 00000000 ____D () C:\Users\RF
2015-04-10 12:05 - 2011-10-13 10:12 - 00000000 ____D () C:\Users\kami\Documents\Bluetooth Exchange Folder
2015-04-10 03:00 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2015-04-10 01:56 - 2010-12-02 21:23 - 00000000 ____D () C:\Users\kami\AppData\Local\Downloaded Installations
2015-04-09 21:50 - 2014-12-11 17:04 - 00000000 ____D () C:\Program Files (x86)\Super Radio
2015-04-09 01:55 - 2014-08-19 13:20 - 00000000 ____D () C:\Users\kami\AppData\Local\Adobe
2015-04-08 23:27 - 2012-06-29 09:03 - 00000000 ____D () C:\Users\Hotel\AppData\Local\Mozilla
2015-04-08 23:25 - 2012-06-29 08:58 - 00000000 ___RD () C:\Users\Hotel\Virtual Machines
2015-04-08 23:24 - 2015-03-05 18:42 - 00001536 __RSH () C:\Users\Hotel\ntuser.pol
2015-04-08 23:02 - 2011-12-15 21:08 - 00113152 ___SH () C:\Users\kami\Documents\Thumbs.db
2015-04-08 19:34 - 2011-05-25 15:15 - 00000000 ____D () C:\Users\kami\AppData\Local\Sony
2015-04-08 19:32 - 2011-05-25 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-04-08 19:32 - 2011-05-25 15:03 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-04-08 19:32 - 2010-09-12 22:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-08 13:08 - 2013-05-29 20:35 - 00006256 _____ () C:\Users\kami\_viminfo
2015-04-08 09:29 - 2012-01-11 18:14 - 00116528 _____ () C:\windows\system32\GDIPFONTCACHEV1.DAT
2015-04-08 03:53 - 2013-07-08 13:46 - 00000000 ____D () C:\Users\kami\AppData\Roaming\DVDVideoSoft
2015-04-08 03:51 - 2013-08-27 23:00 - 00000000 ____D () C:\Program Files (x86)\IGC
2015-04-08 03:21 - 2014-07-07 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
2015-04-08 03:21 - 2013-10-22 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-04-08 03:21 - 2013-05-27 13:36 - 00000000 ____D () C:\Users\kami\Desktop\4Trading
2015-04-08 03:21 - 2013-05-27 13:33 - 00000000 ____D () C:\Users\kami\Desktop\4CAD
2015-04-08 03:21 - 2013-05-27 13:30 - 00000000 ____D () C:\Users\kami\Desktop\4Navi
2015-04-08 03:21 - 2011-11-01 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenEstate
2015-04-08 03:21 - 2010-12-03 03:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Interactive Brokers
2015-04-08 02:31 - 2013-03-26 17:30 - 00000000 ____D () C:\Users\kami\Documents\Garmin
2015-04-08 02:31 - 2012-06-02 12:42 - 00000000 ____D () C:\Users\kami\AppData\Local\Garmin
2015-04-08 02:31 - 2010-12-09 02:14 - 00000000 ____D () C:\Users\kami\AppData\Roaming\GARMIN
2015-04-08 02:31 - 2010-12-09 01:44 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-04-08 02:31 - 2010-12-08 23:11 - 00000000 ____D () C:\ProgramData\GARMIN
2015-04-08 02:31 - 2010-12-08 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-04-08 02:28 - 2013-02-28 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasternGraphics
2015-04-08 02:28 - 2011-01-29 11:56 - 00000000 ____D () C:\Program Files (x86)\EasternGraphics
2015-04-08 01:09 - 2010-12-10 01:41 - 00000000 ____D () C:\Users\kami\AppData\Roaming\Dropbox
2015-04-08 00:40 - 2010-12-10 01:43 - 00000000 ___RD () C:\Users\kami\Documents\My Dropbox
2015-04-08 00:13 - 2012-08-29 01:12 - 00000000 ____D () C:\Users\kami\Desktop\Alte Firefox-Daten
2015-04-07 21:40 - 2009-07-14 04:34 - 00450771 ____R () C:\windows\system32\Drivers\etc\hosts.20150418-115254.backup
2015-04-07 21:12 - 2011-11-02 21:22 - 00000000 ____D () C:\Users\kami\AppData\Roaming\FileZilla
2015-04-07 21:12 - 2011-08-27 21:49 - 00000000 ____D () C:\Users\kami\AppData\Roaming\Skype
2015-04-07 11:40 - 2014-11-09 19:16 - 00000000 ____D () C:\Program Files (x86)\MINEA
2015-04-07 11:18 - 2015-02-15 16:36 - 00000000 ___HD () C:\ProgramData\{5EE865C2-E8FF-4231-A2B8-0188FEFBCE3D}
2015-04-06 12:58 - 2014-12-11 17:08 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-04-06 12:06 - 2011-12-14 20:11 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-04-03 19:02 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-04-03 02:15 - 2013-12-14 12:10 - 00000000 ____D () C:\windows\PAC7311
2015-04-03 02:12 - 2011-11-17 01:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
2015-04-02 23:07 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\schemas
2015-04-02 22:24 - 2014-12-22 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\psynetic
2015-03-23 15:12 - 2011-11-01 11:58 - 00000000 ____D () C:\Program Files\Java

==================== Files in the root of some directories =======

2010-12-29 13:54 - 2011-06-15 19:55 - 0001854 _____ () C:\Users\kami\AppData\Roaming\GhostObjGAFix.xml
2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Users\kami\AppData\Roaming\HnmIsEN3HeBGjmHRcutCSbAF6p
2014-07-07 22:50 - 2014-07-07 22:50 - 0038444 _____ () C:\Users\kami\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
2014-07-07 22:46 - 2014-07-07 22:46 - 0038441 _____ () C:\Users\kami\AppData\Roaming\Microsoft Excel 97-2003.ADR
2015-04-02 01:49 - 2015-04-02 17:18 - 0005632 _____ () C:\Users\kami\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-08 22:13 - 2013-05-08 22:13 - 0004096 ____H () C:\Users\kami\AppData\Local\keyfile3.drm
2010-12-08 03:36 - 2010-12-08 03:50 - 0448206 _____ () C:\Users\kami\AppData\Local\MODup-Log.txt
2010-12-03 03:23 - 2015-04-17 22:41 - 0007620 _____ () C:\Users\kami\AppData\Local\Resmon.ResmonCfg
2012-12-20 00:05 - 2012-12-20 00:05 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-12-31 12:48 - 2010-12-31 12:48 - 0208552 ____R () C:\ProgramData\DeviceManager.xml.rc4
2010-12-04 12:11 - 2012-11-27 20:04 - 0017022 _____ () C:\ProgramData\hpzinstall.log
2013-01-18 03:59 - 2013-01-18 03:59 - 0000285 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-02-20 23:07 - 2013-02-20 23:07 - 0000115 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Files to move or delete:
====================
C:\Users\kami\REG4DigiFoto_Hilfedatei.reg


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

NoMW! · 20.04.2015, 18:33

Schritt 3 Addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2015
Ran by kami at 2015-04-20 19:24:05
Running from C:\Users\kami\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1&1 Office-Drive Manager (HKLM-x32\...\1&1 Office-Drive Manager) (Version: 2.0.687 - 1&1 Internet AG)
3DVIA player 5.0.0.20 (HKLM-x32\...\{F06365EC-061E-48C3-B761-E1816658D618}) (Version: 5.0.20 - 3DVIA)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
ABBYY FineReader 5.0 Sprint (HKLM-x32\...\{D1696920-9794-4BBC-8A30-7A88763DE5A2}) (Version: 5.0.0.33417 - ABBYY Software House)
ABBYY FineReader 6.0 (HKLM-x32\...\{AF600F7B-67A7-48D9-BA3B-0FF97F35F970}) (Version: 6.0.759.29421 - ABBYY Software House)
Absolute Uninstaller 5.3.1.20 (HKLM-x32\...\Absolute Uninstaller) (Version: 5.3.1.20 - Glarysoft Ltd)
ActivClient x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - )
Agent Ransack 2010 (64-bit) (HKLM\...\Agent Ransack (64-bit)_is1) (Version:  - )
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
ArcSoft PhotoImpression (HKLM-x32\...\{6C5D7191-140A-11D6-B5A0-0050DA208A93}) (Version:  - )
Avery Wizard 3.1 (HKLM-x32\...\{77077FFF-8831-470F-9627-E86F06A50CCD}) (Version: 3.1.8 - Avery)
Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{CA0D2F09-F811-48D4-843E-C87696C6A9D9}) (Version: 3.0.0.2 - Apple Inc.)
Bonjour-Druckdienste (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Broadcom 2070 Bluetooth 2.1 + EDR (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.35 - Broadcom Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
c4200_Help (x32 Version: 82.0.210.000 - Hewlett-Packard) Hidden
C4340 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
CFX Trader (HKLM-x32\...\{AC5E101F-8D42-406B-BFC0-7B906879F705}) (Version: 2.52.12.0 - CFX Broker)
CoP Outlook Plugin (HKLM-x32\...\{CBB9BD2B-C3FA-413F-9913-924EFFCE9CCC}) (Version: 4.11.1 - SMC Software Management Consulting)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Core FTP Server (HKLM-x32\...\CoreFTPServer) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Data Center 2 (HKLM-x32\...\Data Center 2) (Version:  - Sigma Elektro GmbH)
DataCenter2 (HKLM-x32\...\DataCenter2.6A52D17A1C86211F195F60E94C15876515EBE62C.1) (Version: 2.0.2 - Sigma Elektro GmbH)
DataCenter2 (x32 Version: 2.0.2 - Sigma Elektro GmbH) Hidden
DDBAC (HKLM-x32\...\{78F6AFE2-A4F3-4AE1-A710-9FD5758C2EB0}) (Version: 5.3.26 - DataDesign)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Deutsche Post E-Porto (HKLM-x32\...\{5CCF8330-F742-411A-8A04-719806D168B5}) (Version: 2.3.0 - Deutsche Post AG)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.1.9 - Hewlett-Packard)
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Doodle Outlook Connector (HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\...\33030675DC63B8C8D12A223C2017505053D50B01) (Version: 1.2.0.0 - Doodle AG)
Drive Encryption for HP ProtectTools (HKLM-x32\...\Drive Encryption) (Version: 5.0.6.0 - Hewlett-Packard)
Drive Encryption for HP ProtectTools (Version: 5.0.6.0 - Hewlett-Packard) Hidden
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.0.15910 - Landesfinanzdirektion Thüringen)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
EPSON Copy Utility (HKLM-x32\...\{B69CC1A5-0404-11D6-ABCB-005004C21D30}) (Version:  - )
EPSON Photo Print (HKLM-x32\...\{D379964B-685C-44D5-AE46-C953A9FEEA14}) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON Smart Panel (HKLM-x32\...\{6C11D561-620B-47DA-A693-4C597F3CDF40}) (Version:  - )
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 5.0.1.4 - Hewlett-Packard)
FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Folder Marker v 1.4 (HKLM-x32\...\Folder Marker_is1) (Version: 1.4 - ArcticLine Software)
FreeFileSync 5.6 (HKLM-x32\...\FreeFileSync) (Version: 5.6 - ZenJu)
GALILEOS Viewer 1.9 (HKLM-x32\...\{A1AD28CE-ADDF-46F1-94DC-7D7ACBC1451B}) (Version: 1.9.4368.23293 - SICAT GmbH & Co. KG)
Garmin City Navigator Europe NT 2012.30 Update (HKLM-x32\...\{71401465-5DAD-4E95-BCFC-B13DFDD9771E}) (Version: 15.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2013.30 Update (HKLM-x32\...\{BD9FCA8B-7692-42BD-9AF3-88346B436CB0}) (Version: 16.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT v9 (HKLM-x32\...\{29EA075F-2C61-472F-B01D-80E8D8F023F1}) (Version: 9.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}) (Version: 2.9.3 - Garmin Ltd or its subsidiaries)
Garmin TOPO Deutschland v3 (HKLM-x32\...\{AE255C55-E0CF-4591-AA86-CAA19AA32C53}) (Version: 3.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{CCB71FF8-DE82-469C-8641-44378F4443EB}) (Version: 2.5.4 - Garmin Ltd or its subsidiaries)
Geberit ProPlanner 2013 R2 (HKLM-x32\...\{D06C9C18-D361-486A-9E6D-DBAFF1266028}) (Version: 3.3.000 - Geberit Verwaltungs AG)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Haufe Formular-Manager (HKLM-x32\...\{CE7F2CA3-ADA3-4907-9013-8B61C370B6E4}) (Version: 11.01.03.0001 - Haufe-Lexware GmbH & Co. KG)
Haufe iDesk-Browser (HKLM-x32\...\{0F32914F-A633-4516-B531-7084C8F19F93}) (Version: 10.10.14.0000 - Haufe-Lexware GmbH & Co. KG)
Haufe iDesk-Service (HKLM-x32\...\{F3A444B0-3BF9-11E1-A2DD-005056B12123}) (Version: 12.01.11.8176 - Haufe)
HP 3D DriveGuard (HKLM\...\{299625B9-6C69-462C-9CEA-8E06D878B1C5}) (Version: 4.0.5.1 - Hewlett-Packard Company)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Connection Manager (HKLM-x32\...\{DE637160-7A1C-4F73-B1AB-4300AE2C2DDE}) (Version: 3.1.3 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Documentation (HKLM-x32\...\{4054365C-8CD6-4F08-A2F9-44CADFD7A9D0}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.6.4.1 - Hewlett-Packard Company)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{1241CE77-0B65-40A0-B893-02EA49E35332}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{14BC5667-22B0-4DC4-8205-597053BBDDC9}) (Version: 13.0 - HP)
HP Photosmart C4340 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{20B8FE13-36FB-47A8-B43C-4BD23B36ADB2}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Power Assistant (HKLM\...\{09A06482-FAF9-4DC5-9EC7-D340B394E22A}) (Version: 2.0.6.0 - Hewlett-Packard Company)
HP Power Data (HKLM\...\{5CEE98FB-1963-4662-A780-410DA4533D53}) (Version: 1.0.35.187 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP QuickLook (HKLM\...\{E6BEE2A9-04CF-42FF-B95B-BB70FAD2DC3E}) (Version: 3.3.1.4 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{7861911B-4270-498A-8F7A-FCF0570F4877}) (Version: 1.0.1.62 - DeviceVM, Inc.)
HP QuickWeb (HKLM-x32\...\{7861911B-4270-498A-8F7A-FCF0570F48E3}) (Version: 1.0.1.74 - DeviceVM, Inc.)
HP Setup (HKLM-x32\...\{96AC1B0B-02D1-4FAA-9C1E-C92ECA74921A}) (Version: 8.2.4130.3367 - Hewlett-Packard Company)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP SoftPaq Download Manager (HKLM-x32\...\{2DA697D7-FED3-4DE2-A174-92A2A12F9688}) (Version: 3.0.5.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{18F4179A-385F-40EE-AE2D-FA0E1BE62753}) (Version: 4.5.12.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{04801E42-B1A6-4C52-9F3D-CADB5A050433}) (Version: 7.0.1.6 - Hewlett-Packard Company)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP System Default Settings (HKLM-x32\...\{C4E9E8A4-EEC4-4F9E-B140-520A8B75F430}) (Version: 2.4.1.2 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.26.3 - Roxio)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50012.1 - Sonix)
HP Wireless Assistant (HKLM\...\{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}) (Version: 4.0.10.0 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6300.0 - IDT)
Image Transfer (HKLM-x32\...\{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}) (Version:  - )
ImageMixer for Sony (HKLM-x32\...\{1B4AA674-F5CA-4BB5-831A-CD37B4021959}) (Version:  - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.8 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java Card Security for HP ProtectTools (HKLM\...\{F4477CC0-7293-414A-93BC-20EE897A80F0}) (Version: 5.0.4.1 - Hewlett-Packard)
Java(TM) SE Development Kit 7 Update 1 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170010}) (Version: 1.7.0.10 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexware buchhalter 2013 (HKLM-x32\...\{6AB4E5CD-0062-48E8-96A3-E5B4486DFCB3}) (Version: 18.04.00.0021 - Haufe-Lexware GmbH Co.KG)
Lexware Elster (HKLM-x32\...\{1C227C2E-2295-4820-87B1-4B13E98E6C66}) (Version: 13.15.00.0074 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (HKLM-x32\...\{8AE7E507-BC49-4DF0-A236-26878691AB53}) (Version: 2.90.00.0009 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM-x32\...\{607D1882-6E4E-4861-BAA3-16B12FA21C73}) (Version: 20.00.00.0059 - Haufe-Lexware GmbH Co.KG)
Lexware online banking V 2.39 (HKLM-x32\...\{66017349-81C8-48C3-B0E2-704DB146D70F}) (Version:  - )
LG Bluetooth Drivers (HKLM-x32\...\{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}) (Version: 1.1 - LG Electronics)
LG PC Suite IV (HKLM-x32\...\LG PC Suite IV) (Version: 4.3.80.20121017 - LG Electronics)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics)
LG USB Modem Drivers (HKLM-x32\...\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}) (Version: 4.9.4 - LG Electronics)
LightScribe System Software (HKLM-x32\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
LTplus architektur (HKLM-x32\...\{8E93D569-667D-4845-A677-B9FC54AFE9F2}_is1) (Version:  - ArchitektenInitiative e.V.)
LTplus architektur (HKLM-x32\...\{FAA933B5-F74F-4841-AA49-9735D6DD4256}_is1) (Version:  - ArchitektenInitiative e.V.)
LTplus EnEV 2010 (HKLM-x32\...\{BF024BF3-9FE5-4417-AA04-16A5FF937931}_is1) (Version:  - ArchitektenInitiative e.V.)
LTplus SketchUP Plugin 7.1 (HKLM-x32\...\LTplus SketchUP Plugin 7.1) (Version: 7.1 - ArchitektenInitiative e.V.)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Markets-pro Trading Plattform (HKLM-x32\...\Markets-pro Trading Plattform) (Version: 1.0.0.0 - Information Internet)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Media Go (HKLM-x32\...\{0F895695-33CC-4203-9C47-25EF2AC9441C}) (Version: 1.7.254 - Sony)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{963E5FEB-1367-46B9-851D-A957F1A3747F}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office SharePoint Designer 2007 (HKLM-x32\...\SharePointDesigner) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}) (Version:  - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Tool Web Package : EXCTRLST.EXE (HKLM-x32\...\{B0650E3D-FDCA-4908-B74B-0CC1731BDB93}) (Version: 1.00.0.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{75E2C40C-4345-4DD0-B5B3-B8EB92EEECB5}) (Version: 4.0.1679 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.4 - F.J. Wechselberger)
MySQL Workbench 5.2 CE (HKLM-x32\...\{455D9FD3-2AB6-44E0-BF49-B9E13911401A}) (Version: 5.2.38 - Oracle Corporation)
NDAS-Software 3.20.1523 (64-bit Windows) (HKLM\...\{07C16B8B-AE11-4515-888F-0BD2E0A9F2AD}) (Version: 3.20.1523 - XIMETA, Inc.)
Netzwerkaufzeichnungs-Player (HKLM-x32\...\{77A9065F-823B-4CDD-B28B-F340B69B62E3}) (Version: 28.4.0.14953 - Cisco WebEx LLC)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.34 - Symantec)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.8 - )
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation)
P1670 Referenzhandbuch (HKLM-x32\...\P1670 Referenzhandbuch) (Version:  - )
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Paragon Backup and Recovery™ 2014 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
pdfforge Toolbar v6.6 (HKLM-x32\...\{65739FA2-0444-4AB2-B598-872406539EBD}) (Version: 6.6 - Spigot, Inc.) <==== ATTENTION
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 9.0 - PlotSoft LLC)
Privacy Manager for HP ProtectTools (HKLM\...\{32394B71-1E8E-4233-8958-B84F4CDC8F4D}) (Version: 5.11.814 - Hewlett-Packard Company)
PS_AIO_03_C4340_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_Software_min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Qualcomm Gobi 2000 Package for HP (HKLM-x32\...\{5A771AE0-513F-4EC5-AB09-A7D3D22A2E20}) (Version: 1.1.240 - QUALCOMM)
Quicken 2011 - ServicePack 4 (HKLM-x32\...\{9DC1A9BA-070A-455F-8AC3-62587524ADFB}) (Version: 18.04.00.0123 - Haufe-Lexware GmbH & Co KG)
Quicken DELUXE 2004 (HKLM-x32\...\InstallShield_{00F115CE-9BDD-4729-9122-2476CD02856B}) (Version: 11.00.0000 - Lexware)
Quicken DELUXE 2004 (x32 Version: 11.00.0000 - Lexware) Hidden
Quicken DELUXE Jubiläumsversion (HKLM-x32\...\{A907A713-DA24-4352-8786-96C7A6944646}) (Version: 20.36.00.0134 - Haufe-Lexware GmbH & Co.KG)
Quicken Import Export Server Jubiläumsversion (HKLM-x32\...\{7FE9F5F5-8C9B-49F2-989C-BD885BD79B8D}) (Version: 20.30.00.0099 - Haufe-Lexware GmbH & Co.KG)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Richtig_Kontieren_von_A_Z (HKLM-x32\...\{83F8B710-715B-47B6-AD4D-036280EC269B}) (Version: 16.0.0.0 - Haufe-Lexware GmbH & Co. KG)
RICOH Media Driver (HKLM-x32\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.14.00.05 - RICOH)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SDK (x32 Version: 2.26.012 - Portrait Displays, Inc.) Hidden
Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sigma Data Center 3.2 (HKLM-x32\...\Sigma Data Center3.2) (Version: 3.2 - Sigma Elektro GmbH)
Sigma Data Center 3.3 (HKLM-x32\...\Sigma Data Center3.3) (Version: 3.3 - Sigma Elektro GmbH)
SketchUp 2014 (HKLM-x32\...\{D71C0CA7-A245-4CB7-A958-7DB3377602AE}) (Version: 14.0.4900 - Trimble Navigation Limited)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartTools Publishing • Word Falz & Lochmarken-Assistent (HKLM-x32\...\SmartToolsFalz & Lochmarken-Assistentv7.00) (Version: v7.00 - SmartTools Publishing)
SmartTools Publishing • Word Sonderzeichen-Assistent (HKLM-x32\...\SmartToolsSonderzeichen-Assistentv2.00) (Version: v2.00 - SmartTools Publishing)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Softi FreeOCR (HKLM-x32\...\{ABBACAD2-4DAF-490E-932B-E330B33FCF98}) (Version: 2.6.0 - Softi Software)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 28.1.86200 - Sonos, Inc.)
Sony Ericsson Update Service (HKLM-x32\...\Update Service) (Version: 2.11.5.6 - Sony Ericsson Mobile Communications AB)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.9.201406230908 - Sony Mobile Communications AB)
Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steuer-Spar-Erklärung 2009 (HKLM-x32\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.01.0000 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2010 (HKLM-x32\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.15 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.18 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.28.138 - Akademische Arbeitsgemeinschaft)
Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version:  - )
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{4DF1691E-8012-4E7C-89CF-3F7B9146DA6E}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.12979 - TeamViewer)
Theft Recovery (HKLM-x32\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 5.1.0.21 - Hewlett-Packard)
Theft Recovery (x32 Version: 5.1.0.21 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Trader Workstation 4.0 (HKLM-x32\...\Trader Workstation 4.0) (Version:  - )
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.73 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.245 - TuneUp Software) Hidden
TZ-EasyBuch Start  (HKLM-x32\...\TZ-EasyBuch Start) (Version:  - Thomas Zeh)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Validity Fingerprint Driver (HKLM\...\{DD966CEF-5EA9-4BA2-B210-490FEBC27EA7}) (Version: 4.0.15.0 - Validity Sensors, Inc.)
VCDS PCI 11.11 (HKLM-x32\...\VCDS PCI) (Version: PCI 11.11 - PCI Diagnosetechnik GmbH & Co. KG)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Vim 7.3 (self-installing) (HKLM\...\Vim 7.3) (Version:  - )
Vodafone Mobile Broadband (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.1.108.29105 - Vodafone)
vtiger CRM Office Plug-in 5.0.4 (HKLM-x32\...\{194D92D9-8A52-4C0D-8C3F-0D12B0DE28D7}) (Version:  - )
vtiger CRM Outlook plugin 2.1 (64-bit) (HKLM\...\vtiger CRM Outlook plugin 2.1 (64-bit)) (Version:  - Vtiger)
WD Discovery (HKLM-x32\...\{A80AE043-EF68-4B64-9C6F-088405FED315}) (Version: 102.0.1.10 - Western Digital Technologies, Inc.)
WD My Cloud (HKLM\...\{8F19C800-80A5-4636-B560-39A58112D45B}) (Version: 1.0.4.37 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{BE1B25F9-5A51-4DB8-81FA-CE0CABC14D07}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{FECF90E3-FDEA-4A87-8A06-2683388C69C4}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{647175e1-9944-4a82-bac1-102c95f0a99a}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WEB.DE Club SmartFax (HKLM-x32\...\WEB.DE Club SmartFax) (Version: 2.00.235 - 1&1 Mail & Media GmbH)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wertpapieranalyse 2011 (HKLM-x32\...\{F625701A-E55C-47B4-8FC0-52B4FFE306BB}) (Version: 1.00.0003 - Haufe-Lexware GmbH & Co. KG)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\2DC0AA065FA83047D7ECD51C7000C1620D79A4C5) (Version: 02/17/2009 2.04.16 - FTDI)
Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\51A4D522DD31538335EF5736F0E7F588C70BCB12) (Version: 02/17/2009 2.04.16 - FTDI)
Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02) (HKLM\...\F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443) (Version: 06/16/2010 2.06.02 - Ross-Tech)
Windows-Treiberpaket - SIGMA Elektro GmbH (usbser) Ports  (04/27/2012 5.1.2600.5512) (HKLM\...\DCCAC4C88E429408A2DDF8C0C5BAEB9187FA5713) (Version: 04/27/2012 5.1.2600.5512 - SIGMA Elektro GmbH)
WinRAR 5.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
XAMPP 1.7.1 (HKLM-x32\...\xampp) (Version:  - )
XBRL Tool (HKLM-x32\...\{53A2399A-7ECE-4717-9CD0-1C57FD35BBCA}) (Version: 1.9.0 - ITA Systemhaus GmbH)
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
XMLmind XML Editor Personal Edition 4.6.0 (2010-05-31) (HKLM-x32\...\XMLmind XML Editor_is1) (Version: 4.6.0 - XMLmind)
XMLServiceToolV2 (HKLM-x32\...\{0F72FEF7-6E87-49C5-AB0E-FBAFD0E00EF2}) (Version: 2.0.0 - Bundesanzeiger)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

12-04-2015 13:47:51 Removed PDF Architect
13-04-2015 11:48:42 Windows-Sicherung
13-04-2015 16:55:42 Removed WD My Cloud
13-04-2015 18:12:30 Installed WD Discovery
13-04-2015 18:19:39 WD SmartWare Installer
16-04-2015 09:15:07 Windows Update
16-04-2015 09:45:53 Installed Sonos Controller.
16-04-2015 11:31:08 Windows Update
19-04-2015 10:21:53 Windows Update
19-04-2015 15:43:56 Windows Update
19-04-2015 19:13:11 Windows-Sicherung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-04-19 13:30 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06283FF5-567C-4E7B-902F-4E7A84945D32} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {08498D11-C830-45A6-80E4-B08EC8116490} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {1900BDE0-6E60-458D-9BBD-788CDBC6BE8A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {1BF7F865-DFC4-4BB9-84D0-95A54C4FDCD3} - System32\Tasks\{405953F1-54EC-4820-B1B7-CB52898624C4} => pcalua.exe -a C:\Users\kami\Downloads\USBDrivers_23.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {1CDAC75A-A1BB-4D04-9630-64A18F451B58} - System32\Tasks\GoogleUpdateTaskMachineUA1cfffdf66526ee7 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {1D3A14F6-6594-4D40-A055-303C7DBB67DE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {41DDAF3D-7352-4F37-8E87-8CB214F157FC} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {4872684A-CC41-4E96-90EE-23B6B7C308FE} - System32\Tasks\{F6F71C2E-4C20-44B7-9DDD-C0E18F922370} => pcalua.exe -a C:\Users\kami\Downloads\jxpiinstall.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {529BD07D-ACE0-4638-AA71-CA5A93B28ED8} - System32\Tasks\{4E98F3FB-7896-4058-BD13-823D6945B38F} => pcalua.exe -a "C:\Users\kami\Documents\My Projects\Zyste\Kiefer-CT\DV31\DE_DE\SETUPW2K.EXE" -d "C:\Users\kami\Documents\My Projects\Zyste\Kiefer-CT\DV31\DE_DE"
Task: {53BD8261-DF20-4254-A0A5-09F7295623AB} - System32\Tasks\{A20C8E88-8BEE-43D1-80E4-CCA6A63FD689} => pcalua.exe -a C:\Users\kami\Downloads\zumo550_440.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {575A5CCE-D922-435E-8CE5-6B9A47BBA28B} - System32\Tasks\{7EE4D7BA-9010-475C-AD3D-4149B76B04A0} => pcalua.exe -a "C:\Program Files (x86)\ElsterFormular\bin\installationsverwaltung.exe" -d "C:\Program Files (x86)\ElsterFormular\bin" -c --zeigeDlg
Task: {60AEE8DF-D87A-424E-8D37-F357C03B19B1} - System32\Tasks\{BEE6F6BC-7E4E-4156-B456-4BC6B32E9CFC} => pcalua.exe -a C:\Users\kami\Downloads\VirtualBox-4.3.26-98988-Win.exe -d C:\Users\kami\Desktop
Task: {64EE2590-8AD0-4CF8-9776-19F80B91032C} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2011-05-10] (Hewlett-Packard)
Task: {768DF770-0874-4AAD-901E-3FEA36209A02} - System32\Tasks\{3FB10DA3-D217-4D1D-A771-73D471FA49B1} => pcalua.exe -a G:\BMW-Diagnose\LuPeDi-CD\VMware-player-4.0.1-528992.exe -d G:\BMW-Diagnose\LuPeDi-CD
Task: {76A33DD5-687B-4858-B2A4-EF9C08D5F959} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {7B8CFA59-807A-4655-9875-EEDEC70E3777} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {7F761247-E1AF-4456-9207-4A11B453F630} - System32\Tasks\{287FC240-3430-4628-A791-173374ACA4CF} => pcalua.exe -a "C:\VAIS GmbH\Equipment\Nikon Coolpix P500\F-P500-V11W.exe" -d "C:\VAIS GmbH\Equipment\Nikon Coolpix P500"
Task: {88A4FA0C-9E4A-4A24-977F-CE990BA1AA65} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8CF46AA4-9CC9-4A74-A0F9-0F9E299AA524} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A57C7A01-277D-4D15-A4BA-CA7D721817C4} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2011-07-31] (Haufe-Lexware GmbH & Co. KG)
Task: {B6886E16-78D2-4BA2-80D7-69A8EB0BF45A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {B6C8C5F6-F6C7-45BA-9BFC-AF612B65BE58} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-10] (Oracle Corporation)
Task: {B8EE803A-E92F-43C6-A773-8374447A3E11} - System32\Tasks\{0F2BF6C1-C062-480F-84CD-9A531DDBA372} => pcalua.exe -a C:\LTplusCAD\LTplus.exe -d C:\LTplusCAD -c /B ltsetup.scr
Task: {C4A17781-6F9D-4116-8E58-1B051E5EAF86} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {C58C3221-9713-4F19-923F-50E5674D7145} - System32\Tasks\{74EF2365-0D63-4583-9BCC-2FD89228B725} => pcalua.exe -a C:\Users\kami\Downloads\LTplus_SketchUP.exe -d C:\Users\kami\Downloads
Task: {C720A7E1-77FD-4AEF-9B54-2E57F75F3D47} - System32\Tasks\{CBD9BC13-72E0-4024-900F-DB43F8C2D5BF} => C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
Task: {CFFFD4B8-026B-46E1-967C-E0B39FB0F775} - System32\Tasks\{1543AE92-FCE4-4364-A7D8-1EA7D9234B81} => pcalua.exe -a C:\Users\kami\Downloads\LTplus_SketchUP(1).exe -d C:\Users\kami\Downloads
Task: {E027C661-49DA-4A77-9278-0DBAA1B3D060} - System32\Tasks\{DE6BC2ED-4D34-4602-AE3C-3357C8C96680} => pcalua.exe -a D:\setup_vmc_lite.exe -d D:\ -c /checkApplicationPresence
Task: {E9651246-1E99-43D6-9CC2-835C1554CE73} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated)
Task: {E9BD553D-0254-4BBF-9838-026B9A4DD3D6} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG)
Task: {ED2C4FF2-1097-4757-B28C-B590AB00AB0F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {F1174B2C-0522-44F4-ACB9-C9A13ED06D3B} - System32\Tasks\HPCeeScheduleForkami => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {F75C495F-1484-4C60-AF41-CB80528A9C41} - System32\Tasks\{AD831500-7CCF-4C8A-B6EE-42468807CDEE} => pcalua.exe -a C:\Users\kami\Downloads\sp57708.exe -d C:\Users\kami\Downloads
Task: {F769D86F-0104-4FE3-9AE9-F4C5A98E43B5} - System32\Tasks\Trader Workstation Update => C:\Jts\WiseUpdt.exe [2006-11-08] ()
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1cfffdf66526ee7.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForkami.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2013-08-23 00:29 - 2006-02-23 11:35 - 00020480 _____ () C:\windows\System32\FritzColorPort64.dll
2013-08-23 00:29 - 2006-02-22 10:39 - 00020480 _____ () C:\windows\System32\FritzPort64.dll
2012-07-03 11:51 - 2011-04-02 16:05 - 00290304 _____ () C:\windows\System32\HP1100LM.DLL
2012-07-03 11:53 - 2011-04-02 16:04 - 00074240 _____ () C:\windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2012-01-11 02:05 - 2012-01-11 02:05 - 00071024 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe
2009-03-16 13:29 - 2009-03-16 13:29 - 06562432 _____ () c:\xampp\mysql\bin\mysqld.exe
2009-05-08 16:41 - 2009-05-08 16:41 - 05750784 _____ () C:\Program Files (x86)\vtigercrm-5.3.0\mysql\bin\mysqld-nt.exe
2011-02-03 22:39 - 2010-04-21 10:59 - 00058880 _____ () C:\Program Files (x86)\Hardcopy\HcDLL2_30_x64.dll
2011-07-18 23:04 - 2011-07-18 23:04 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2011-03-29 21:58 - 2002-10-16 20:20 - 00073728 _____ () C:\Program Files (x86)\Sony Corporation\Image Transfer\SonyTray.exe
2011-02-04 00:36 - 2008-12-02 14:21 - 00041984 _____ () C:\Program Files (x86)\Hardcopy\HcDLL2_ex.exe
2015-03-13 15:54 - 2015-03-13 15:54 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-04-08 19:32 - 2014-06-23 08:07 - 00113376 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2011-09-12 18:02 - 2011-09-12 18:02 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2015-04-20 18:40 - 2015-04-20 18:40 - 00165376 _____ () C:\Users\kami\Desktop\SystemLook_x64.exe
2008-01-18 01:17 - 2008-01-18 01:17 - 00073782 _____ () c:\xampp\apache\bin\zlib1.dll
2007-02-04 11:14 - 2007-02-04 11:14 - 00020687 _____ () C:\xampp\php\zendOptimizer\lib\ZendExtensionManager.dll
2009-02-25 16:54 - 2009-02-25 16:54 - 00166912 _____ () c:\xampp\apache\bin\libmcrypt.dll
2009-02-25 16:54 - 2009-02-25 16:54 - 02076672 _____ () c:\xampp\apache\bin\LIBMYSQL.dll
2009-02-25 16:54 - 2009-02-25 16:54 - 00464172 _____ () c:\xampp\apache\bin\LIBPQ.dll
2007-10-25 10:34 - 2007-10-25 10:34 - 00163840 _____ () c:\xampp\apache\bin\pslib.dll
2007-10-30 14:28 - 2007-10-30 14:28 - 00086016 _____ () c:\xampp\apache\bin\pxlib.dll
2008-01-07 17:47 - 2008-01-07 17:47 - 00721095 _____ () C:\xampp\php\zendOptimizer\lib\Optimizer\php-5.2.x\ZendOptimizer.dll
2012-01-11 02:05 - 2012-01-11 02:05 - 00103792 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\pywintypes24.dll
2012-01-11 01:57 - 2012-01-11 01:57 - 00071024 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\zlib.pyd
2012-01-11 02:05 - 2012-01-11 02:05 - 00032112 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32process.pyd
2012-01-11 02:05 - 2012-01-11 02:05 - 00019312 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32event.pyd
2012-01-11 01:57 - 2012-01-11 01:57 - 00054640 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\_socket.pyd
2012-01-11 01:57 - 2012-01-11 01:57 - 00017264 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\_ssl.pyd
2012-01-11 01:50 - 2012-01-11 01:50 - 00832880 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\LIBEAY32.dll
2012-01-11 01:50 - 2012-01-11 01:50 - 00161136 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\SSLEAY32.dll
2012-01-11 02:05 - 2012-01-11 02:05 - 00075120 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32api.pyd
2012-01-11 02:05 - 2012-01-11 02:05 - 00019312 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32evtlog.pyd
2012-01-11 02:05 - 2012-01-11 02:05 - 00029552 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\servicemanager.pyd
2012-01-11 02:05 - 2012-01-11 02:05 - 00083312 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32file.pyd
2012-01-11 02:05 - 2012-01-11 02:05 - 00021360 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32pipe.pyd
2012-01-11 02:05 - 2012-01-11 02:05 - 00107888 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32security.pyd
2012-01-11 02:05 - 2012-01-11 02:05 - 00037744 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32service.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00021360 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\persistent.cPersistence.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00014192 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\persistent.TimeStamp.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00020848 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\persistent.cPickleCache.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00026480 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Acquisition._Acquisition.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00020848 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\ExtensionClass._ExtensionClass.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00010608 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\ComputedAttribute._ComputedAttribute.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00026992 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\AccessControl.cAccessControl.pyd
2012-01-11 04:08 - 2012-01-11 04:08 - 00013168 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Record._Record.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00020336 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\DocumentTemplate.cDocumentTemplate.pyd
2012-01-11 01:57 - 2012-01-11 01:57 - 00140656 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\pyexpat.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00058736 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._OOBTree.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00062832 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._OIBTree.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00062832 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._IOBTree.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00062832 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._IIBTree.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00011120 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Persistence._Persistence.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00010096 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\MethodObject._MethodObject.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00011120 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Missing._Missing.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00011632 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\MultiMapping._MultiMapping.pyd
2012-01-11 01:57 - 2012-01-11 01:57 - 00013680 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\select.pyd
2012-01-11 04:08 - 2012-01-11 04:08 - 00010096 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\ZODB.winlock.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00010096 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Products.ZCTextIndex.stopper.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00010096 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Products.ZCTextIndex.okascore.pyd
2012-01-11 04:08 - 2012-01-11 04:08 - 00341360 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\_jpype.pyd
2012-01-11 04:08 - 2012-01-11 04:08 - 00013168 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\TextIndexNG2\normalizer.pyd
2012-01-11 04:08 - 2012-01-11 04:08 - 00012656 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\TextIndexNG2\indexsupport.pyd
2010-10-14 06:38 - 2010-10-14 06:38 - 00583168 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\OSR32V10.dll
2012-01-11 04:07 - 2012-01-11 04:07 - 00062832 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._fsBTree.pyd
2012-01-11 04:07 - 2012-01-11 04:07 - 00271728 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\M2Crypto.__m2crypto.pyd
2008-01-18 01:17 - 2008-01-18 01:17 - 00073782 _____ () C:\xampp\apache\bin\zlib1.dll
2009-02-25 16:54 - 2009-02-25 16:54 - 00166912 _____ () C:\xampp\apache\bin\libmcrypt.dll
2009-02-25 16:54 - 2009-02-25 16:54 - 02076672 _____ () C:\xampp\apache\bin\LIBMYSQL.dll
2009-02-25 16:54 - 2009-02-25 16:54 - 00464172 _____ () C:\xampp\apache\bin\LIBPQ.dll
2007-10-25 10:34 - 2007-10-25 10:34 - 00163840 _____ () C:\xampp\apache\bin\pslib.dll
2007-10-30 14:28 - 2007-10-30 14:28 - 00086016 _____ () C:\xampp\apache\bin\pxlib.dll
2009-05-08 16:41 - 2009-05-08 16:41 - 02076672 _____ () C:\Program Files (x86)\vtigercrm-5.3.0\apache\bin\LIBMYSQL.dll
2010-03-13 05:27 - 2010-03-13 05:27 - 00168280 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMBIOSController.dll
2015-04-08 19:32 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2011-02-03 22:39 - 2010-04-21 11:00 - 00058368 _____ () C:\Program Files (x86)\Hardcopy\HcDLL2_30_Win32.dll
2015-04-08 19:32 - 2014-12-04 14:18 - 00241152 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2013-06-11 09:31 - 2013-06-11 09:31 - 00090112 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CalEngine.dll
2012-04-04 14:33 - 2012-04-04 14:33 - 00139776 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CAgdLNotes.dll
2013-01-08 17:02 - 2013-01-08 17:02 - 00163840 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CAgdOutlook.dll
2012-07-26 11:51 - 2012-07-26 11:51 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VistaCalendar.dll
2015-04-08 19:32 - 2010-01-11 15:44 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
2011-01-05 15:01 - 2011-01-05 15:01 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PimNotes.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2011-02-04 00:36 - 2010-11-19 06:49 - 00781312 _____ () C:\Program Files (x86)\Hardcopy\HcDllS.dll
2011-02-04 00:36 - 2010-09-30 10:14 - 00055296 _____ () C:\Program Files (x86)\Hardcopy\hardcopy_03.dll
2011-03-29 21:58 - 2002-10-16 20:20 - 00012288 _____ () C:\Program Files (x86)\Sony Corporation\Image Transfer\SonyTray.dll
2010-03-13 05:25 - 2010-03-13 05:25 - 00602624 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.UI.ViewModel.dll
2010-03-13 05:25 - 2010-03-13 05:25 - 00355328 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Application.dll
2010-03-13 05:24 - 2010-03-13 05:24 - 00130048 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP.ShinyNoire.UI.dll
2010-03-13 05:27 - 2010-03-13 05:27 - 00136040 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.SharedUI.WPF.dll
2010-03-13 05:24 - 2010-03-13 05:24 - 00015360 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Resources.WPF.dll
2010-03-13 05:24 - 2010-03-13 05:24 - 00014848 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.Resources.WPF.resources.dll
2010-03-13 05:24 - 2010-03-13 05:24 - 01601536 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\en-US\HP.ShinyNoire.UI.resources.dll
2010-03-13 05:26 - 2010-03-13 05:26 - 00311296 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.SharedUI.WPF.resources.dll
2010-03-13 05:24 - 2010-03-13 05:24 - 00483328 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\en-US\SmithMicro.Resources.WPF.resources.dll
2010-03-13 05:25 - 2010-03-13 05:25 - 00059904 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.UI.Models.dll
2010-03-13 05:26 - 2010-03-13 05:26 - 00195584 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.WwanDiagnostics.dll
2010-03-13 05:24 - 2010-03-13 05:24 - 00573440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Message.XmlSerializers.dll
2010-03-13 05:25 - 2010-03-13 05:25 - 00045056 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Application.XmlSerializers.dll
2010-03-13 05:25 - 2010-03-13 05:25 - 00005120 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.Application.resources.dll
2010-03-13 05:25 - 2010-03-13 05:25 - 00015872 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.UI.ViewModel.resources.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2010-02-10 03:58 - 2010-02-10 03:58 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2479338598-3314396831-1710804073-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\kami\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken 2004 Zahlungserinnerung.lnk => C:\windows\pss\Quicken 2004 Zahlungserinnerung.lnk.CommonStartup
MSCONFIG\startupreg: Iminent => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
MSCONFIG\startupreg: IminentMessenger => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background

==================== Accounts: =============================

Administrator (S-1-5-21-2479338598-3314396831-1710804073-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-2479338598-3314396831-1710804073-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2479338598-3314396831-1710804073-1004 - Limited - Enabled)
Hotel (S-1-5-21-2479338598-3314396831-1710804073-1007 - Limited - Enabled) => C:\Users\Hotel
kami (S-1-5-21-2479338598-3314396831-1710804073-1003 - Administrator - Enabled) => C:\Users\kami
RF (S-1-5-21-2479338598-3314396831-1710804073-1005 - Limited - Enabled) => C:\Users\RF
Sonos (S-1-5-21-2479338598-3314396831-1710804073-1016 - Limited - Enabled)
Vais (S-1-5-21-2479338598-3314396831-1710804073-1006 - Administrator - Enabled) => C:\Users\Vais

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/20/2015 06:34:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (04/20/2015 06:34:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (04/20/2015 10:39:19 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (04/20/2015 09:34:57 AM) (Source: VmbService) (EventID: 0) (User: )
Description: GetLoggedOnUser

Error: (04/20/2015 09:34:55 AM) (Source: VmbService) (EventID: 0) (User: )
Description: GetLoggedOnUser

Error: (04/20/2015 09:33:52 AM) (Source: VmbService) (EventID: 0) (User: )
Description: GetLoggedOnUser

Error: (04/20/2015 09:33:48 AM) (Source: VmbService) (EventID: 0) (User: )
Description: GetLoggedOnUser

Error: (04/19/2015 10:37:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (04/19/2015 10:37:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (04/19/2015 10:37:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.


System errors:
=============
Error: (04/20/2015 07:02:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Wireless Assistant Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/20/2015 07:02:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: 
%%126

Error: (04/20/2015 06:59:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: 
%%126

Error: (04/20/2015 06:59:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (04/20/2015 06:59:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: 
%%126

Error: (04/20/2015 06:58:46 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{a9fc5730-ef3b-11df-8de1-806e6f6e6963}" können nicht gelesen werden.

Error: (04/20/2015 06:58:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CdaC15BA" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (04/20/2015 06:58:30 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\windows\SysWow64\drivers\CDAC15BA.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (04/20/2015 06:58:26 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎20.‎04.‎2015 um 18:48:12 unerwartet heruntergefahren.

Error: (04/20/2015 06:45:18 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\windows\System32\bcmihvsrv64.dll


Microsoft Office Sessions:
=========================

Firefox durch Werbung unbrauchbar, viele Internet Explorer Prozesse

Plagegeister aller Art und deren Bekämpfung: Firefox durch Werbung unbrauchbar, viele Internet Explorer Prozesse