|
Plagegeister aller Art und deren Bekämpfung: Nervige Popups, Videos so wie ständiges selbst Installieren von Anyprotect und MystartseracWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.06.2015, 18:23 | #1 |
| Nervige Popups, Videos so wie ständiges selbst Installieren von Anyprotect und Mystartserac Hi Leute. Ich hab folgendes Problem. Vor 2 Tagen hab ich mein Opera aktualisiert. Seit dem werde ich von nervender Werbung(Popups,Video, ect) genervt dazu kommt noch das sich ohne das ich es will Anyprotect und mystartserac auf meinem Pc breitmachen. Ich versuche sie zwar immer mit dem Revo Uninstaller zu tilgen aber sie kommen immer wieder. Ich weiß nicht mehr was ich tun soll. Hier mal ein Frst: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015 Ran by Spieler (administrator) on HEIKEHARDER-HP on 11-06-2015 19:03:38 Running from C:\Users\Spieler.HeikeHarder-HP\Downloads Loaded Profiles: Heike Harder & Spieler & UpdatusUser & Gast (Available Profiles: Heike Harder & Spieler & UpdatusUser & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Innovative Solutions) C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files\shopperz\csrcc.exe () C:\Program Files\shopperz\Jmahzov.exe () C:\Program Files\shopperz\Huyde.exe () C:\Program Files\shopperz\Huyde64.exe () C:\Program Files\COMPUTERBILD-Cloud\Data\Tools\mounter.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe () C:\Users\Spieler.HeikeHarder-HP\AppData\Local\22CAFA80-1433844267-1016-BFEA-A7801F358095\snss5210.tmp (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation) C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe () C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095\nst47C2.tmp () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe () C:\Program Files\shopperz\Jvpmajlij.exe (LULU Software) C:\Program Files (x86)\Soda PDF 2012\ConversionService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095\hnsbDB0C.tmp (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\alg.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Akamai Technologies, Inc.) C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Akamai\netsession_win.exe () C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\M6 Processing\vm6.exe () C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Amazon Music\Amazon Music Helper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Akamai Technologies, Inc.) C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Akamai\netsession_win.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-24] (Realtek Semiconductor) HKLM\...\Run: [shopperz] => C:\Program Files\shopperz\Huyde.exe [434024 2015-06-07] () HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\Huyde64.exe [464744 2015-06-07] () HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Version Cue CS2] => c:\Users\Heike Harder\Documents\Downloads\Creative Suite 2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated) HKLM-x32\...\Run: [Aeria Ignite] => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-12-08] (Apple Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [ConvertAd] => C:\Users\Spieler.HeikeHarder-HP\AppData\Local\ConvertAd\ConvertAd.exe HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-09] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.) HKLM-x32\...\Run: [WinCheck] => C:\Users\Spieler.HeikeHarder-HP\AppData\Local\22CAFA80-1433844131-1016-BFEA-A7801F358095\bnsm4065.exe [359936 2015-06-05] () HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-2355925718-3238339638-3018866954-1001\...\Run: [Klebezettel NG] => [X] HKU\S-1-5-21-2355925718-3238339638-3018866954-1001\...\MountPoints2: {5b54d4cf-1aaf-11e0-874c-806e6f6e6963} - E:\pcb6_German.exe HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Run: [Akamai NetSession Interface] => C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.) HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Run: [Klebezettel NG] => [X] HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Run: [vm6] => C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\M6 Processing\vm6.exe [175424 2014-03-19] () HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Run: [Amazon Music] => C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] () HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Run: [DriverMax] => C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe [8833400 2015-03-17] (Innovative Solutions) HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Run: [DriverMax_RESTART] => [X] HKU\S-1-5-21-2355925718-3238339638-3018866954-1012\...\Run: [DriverMax] => C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe [8833400 2015-03-17] (Innovative Solutions) HKU\S-1-5-21-2355925718-3238339638-3018866954-1012\...\Run: [DriverMax_RESTART] => C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe [8833400 2015-03-17] (Innovative Solutions) HKU\S-1-5-21-2355925718-3238339638-3018866954-1012\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-2355925718-3238339638-3018866954-1012\...\Run: [Klebezettel NG] => [X] HKU\S-1-5-21-2355925718-3238339638-3018866954-1012\...\MountPoints2: {5b54d4cf-1aaf-11e0-874c-806e6f6e6963} - E:\start.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013-02-01] ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011-02-11] () Startup: C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2013-03-18] () Startup: C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2013-03-18] () ShellIconOverlayIdentifiers: [CloudIcon_DOWNLOAD] -> {C3DBFBE2-A521-4619-9F32-502318CB4EC2} => C:\Program Files\COMPUTERBILD-Cloud\ShellExt64.dll [2012-04-25] (CyberGhost SRL) ShellIconOverlayIdentifiers: [CloudIcon_ERROR] -> {851C758E-C636-4045-B323-059931A3A331} => C:\Program Files\COMPUTERBILD-Cloud\ShellExt64.dll [2012-04-25] (CyberGhost SRL) ShellIconOverlayIdentifiers: [CloudIcon_INSYNC] -> {580030D3-492E-45EA-A1C9-A0AC525BEB26} => C:\Program Files\COMPUTERBILD-Cloud\ShellExt64.dll [2012-04-25] (CyberGhost SRL) ShellIconOverlayIdentifiers: [CloudIcon_REFRESH] -> {FEBF62C8-B6B3-43B7-BEC4-1A9CD61BDCD2} => C:\Program Files\COMPUTERBILD-Cloud\ShellExt64.dll [2012-04-25] (CyberGhost SRL) ShellIconOverlayIdentifiers: [CloudIcon_UPLOAD] -> {EBED3602-8915-43F9-81F7-CAA6FC4F70D6} => C:\Program Files\COMPUTERBILD-Cloud\ShellExt64.dll [2012-04-25] (CyberGhost SRL) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled ProxyServer: [.DEFAULT] => http=127.0.0.1:60245;https=127.0.0.1:60245 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1433876453&z=6d4a45aed76e3f37086c6f5g4z7c9c5b0mbq2z4wdo&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1433876453&z=6d4a45aed76e3f37086c6f5g4z7c9c5b0mbq2z4wdo&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1433962659&z=b7856f5c752ac150c29534egfz8cac7t6q4o0q6w0t&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1433962659&z=b7856f5c752ac150c29534egfz8cac7t6q4o0q6w0t&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1433876453&z=6d4a45aed76e3f37086c6f5g4z7c9c5b0mbq2z4wdo&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1433876453&z=6d4a45aed76e3f37086c6f5g4z7c9c5b0mbq2z4wdo&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1433962659&z=b7856f5c752ac150c29534egfz8cac7t6q4o0q6w0t&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1433962659&z=b7856f5c752ac150c29534egfz8cac7t6q4o0q6w0t&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&q={searchTerms} HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2355925718-3238339638-3018866954-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1433842124&z=89478603cacbd1f2960845fgdz1c3cdbdz6o5gfo2c&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612 HKU\S-1-5-21-2355925718-3238339638-3018866954-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1433842124&z=89478603cacbd1f2960845fgdz1c3cdbdz6o5gfo2c&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612 HKU\S-1-5-21-2355925718-3238339638-3018866954-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=17372c46-39f1-4c28-8f8c-b25d9b57d042&searchtype=ds&q={searchTerms}&installDate=05/04/2013 HKU\S-1-5-21-2355925718-3238339638-3018866954-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=17372c46-39f1-4c28-8f8c-b25d9b57d042&searchtype=ds&q={searchTerms}&installDate=05/04/2013 HKU\S-1-5-21-2355925718-3238339638-3018866954-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://blekko.com/ws/?source=017d87aa&toolbarid=blekkotb_020&u=20120429A1C949BDB74ACAEEDA80B3FC&tbp=homepage HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1433876453&z=6d4a45aed76e3f37086c6f5g4z7c9c5b0mbq2z4wdo&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612 HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1433876453&z=6d4a45aed76e3f37086c6f5g4z7c9c5b0mbq2z4wdo&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612 HKU\S-1-5-21-2355925718-3238339638-3018866954-1012\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/hypercam/{61D7ABD8-C559-4848-85E9-8085D2F49E0E} HKU\S-1-5-21-2355925718-3238339638-3018866954-1012\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK/4 HKU\S-1-5-21-2355925718-3238339638-3018866954-1012\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 HKU\S-1-5-21-2355925718-3238339638-3018866954-1012\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://blekko.com/ws/?source=017d87aa&toolbarid=blekkotb_020&u=20120429A1C949BDB74ACAEEDA80B3FC&tbp=homepage HKU\S-1-5-21-2355925718-3238339638-3018866954-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4 HKU\S-1-5-21-2355925718-3238339638-3018866954-501\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK/4 HKU\S-1-5-21-2355925718-3238339638-3018866954-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 URLSearchHook: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File URLSearchHook: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 - (No Name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No File URLSearchHook: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 - (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File URLSearchHook: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 - (No Name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - No File URLSearchHook: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 - (No Name) - {32b29df0-2237-4370-9a29-37cebb730e9b} - No File SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} SearchScopes: HKU\.DEFAULT -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKU\.DEFAULT -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\.DEFAULT -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://www.bigseekpro.com/search/browser/hypercam/{61D7ABD8-C559-4848-85E9-8085D2F49E0E}?q={searchTerms} SearchScopes: HKU\S-1-5-20 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&ts=1433842141&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001 -> Plasmoo URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&ts=1433842141&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&ts=1433842141&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001 -> {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&ts=1433842141&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&ts=1433842141&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&ts=1433842141&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&ts=1433842141&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001 -> {78EED61A-6EE4-44FF-BEC0-A41DDCD5D13E} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&ts=1433842141&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001 -> {8389FA95-7BD2-47FF-947C-FBD5B055FEE2} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&ts=1433842141&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&ts=1433842141&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&ts=1433842141&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&ts=1433842141&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001 -> {A61A117D-F271-47A4-86B4-A16985096ADF} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&ts=1433842141&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001 -> {B77B74EE-2F20-43F2-A4BF-16DACDBC34EB} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&ts=1433842141&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&ts=1433842141&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001 -> {B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&ts=1433842141&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&ts=1433842141&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&ts=1433842141&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&ts=1433842141&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&ts=1433842141&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&ts=1433962686&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007 -> Backup.Old.DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&ts=1433962686&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&ts=1433962686&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&ts=1433962686&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&ts=1433962686&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&ts=1433962686&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&ts=1433962686&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 -> Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 -> {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17434 SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://blekko.com/ws/?source=017d87aa&tbp=rbox&toolbarid=blekkotb_020&u=20120429A1C949BDB74ACAEEDA80B3FC&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 -> {78EED61A-6EE4-44FF-BEC0-A41DDCD5D13E} URL = hxxp://websearch.search-results.com/redirect?client=ie&tb=STC-SRS&o=41648033&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=96&apn_dtid=YYYYYYYYDE&apn_uid=0851B858-91A0-4267-A19E-93D9222E4961&apn_sauid=2ABEA026-E4A1-49B0-8CF6-BF03C8E3ABF1 SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 -> {8389FA95-7BD2-47FF-947C-FBD5B055FEE2} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={ADBFAEBF-3188-4F7E-9C70-E26D374DDAA2}&mid=9aa297324e8247d1ab0dbd2b2b780e56-23e21bbdfdbf2f14c19b5c0abd64a6799e478410&lang=de&ds=is015&pr=sa&d=2012-02-16 10:19:27&v=12.2.5.32&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://www.bigseekpro.com/search/browser/hypercam/{ED21B813-9355-4B94-ADDB-F42FB2F374D7}?q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 -> {A61A117D-F271-47A4-86B4-A16985096ADF} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=69cd63a0-3040-4717-a6b4-9e129c79295d&apn_sauid=39299AE4-06E8-4699-AB8D-F9E396486B69 SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 -> {B77B74EE-2F20-43F2-A4BF-16DACDBC34EB} URL = hxxp://search.softonic.com/MON00016/tb_v1?q={searchTerms}&SearchSource=4&cc= SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 -> {B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} URL = hxxp://eu.ask.com/web?l=dis&o=APN10020&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^DE&apn_ptnrs=^A4G &apn_uid=0320198552744229&p2=^A4G ^YYYYYY^YY^DE&q={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Desktops SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-30] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) BHO: shopperz -> {d0174004-bb12-464b-b666-9ba9bdbd750a} -> C:\Program Files\shopperz\Gaalmi64.dll [2015-06-07] () BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-30] (Oracle Corporation) BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-11-20] (DVDVideoSoft Ltd.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-05-11] (RealPlayer) BHO-x32: No Name -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> No File BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.) BHO-x32: shopperz -> {d0174004-bb12-464b-b666-9ba9bdbd750a} -> C:\Program Files\shopperz\Gaalmi.dll [2015-06-07] () BHO-x32: Soda PDF 2012 Helper -> {ebe8b562-cba0-40d8-b920-af7cfe0c9d94} -> C:\Program Files (x86)\Soda PDF 2012\PDFIEHelper.dll [2012-01-27] (LULU Software) BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-01-13] (DVDVideoSoft Ltd.) Toolbar: HKLM - No Name - !!{D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) Toolbar: HKLM-x32 - Soda PDF 2012 Toolbar - {a8c9d542-fd91-4834-a2e8-adb9ae692b8b} - C:\Program Files (x86)\Soda PDF 2012\PDFIEPlugin.dll [2012-01-27] (LULU Software) Toolbar: HKLM-x32 - No Name - !!{D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.) Toolbar: HKU\.DEFAULT -> No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File Toolbar: HKU\.DEFAULT -> No Name - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File Toolbar: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001 -> No Name - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No File Toolbar: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001 -> No Name - {26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - No File Toolbar: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001 -> No Name - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - No File Toolbar: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File Toolbar: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001 -> No Name - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - No File Toolbar: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) Toolbar: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001 -> No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File Toolbar: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) Toolbar: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 -> No Name - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No File Toolbar: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 -> No Name - {26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - No File Toolbar: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 -> No Name - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - No File Toolbar: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File Toolbar: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 -> No Name - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - No File Toolbar: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) Toolbar: HKU\S-1-5-21-2355925718-3238339638-3018866954-1012 -> No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1433839150&z=896e5b047982f8f49d7236eg2z9c6cdb1c8t6g7w3o&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612 FireFox: ======== FF ProfilePath: C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-23] () FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-30] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-30] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-23] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-11-14] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @real.com/nppl3260;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2012-05-11] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll [2012-05-11] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-05-11] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-05-11] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2012-05-11] (RealPlayer) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2355925718-3238339638-3018866954-1007: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Spieler.HeikeHarder-HP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-08-20] (Unity Technologies ApS) FF user.js: detected! => C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\user.js [2015-06-09] FF Extension: WEB.DE MailCheck - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\Extensions\toolbar@web.de.xpi [2014-01-25] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-01-25] FF HKLM\...\Firefox\Extensions: [{d0174004-bb12-464b-b666-9ba9bdbd750a}] - C:\Program Files\shopperz\Firefox FF Extension: shopperz - C:\Program Files\shopperz\Firefox [2015-06-09] FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-05-11] FF HKLM-x32\...\Firefox\Extensions: [{d0174004-bb12-464b-b666-9ba9bdbd750a}] - C:\Program Files\shopperz\Firefox FF HKU\S-1-5-21-2355925718-3238339638-3018866954-1001\...\Firefox\Extensions: [addlyrics@addlyrics.net] - C:\Program Files (x86)\AddLyrics\FF FF HKU\S-1-5-21-2355925718-3238339638-3018866954-1012\...\Firefox\Extensions: [addlyrics@addlyrics.net] - C:\Program Files (x86)\AddLyrics\FF FF Extension: No Name - C:\Program Files (x86)\Better-Surf\ff [not found] FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [not found] FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-08] FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha718\ff [not found] FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1479\ff [not found] FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3700\ff [not found] FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha9390\ff [not found] FF Extension: No Name - C:\Program Files (x86)\SuperLyrics\FF [not found] FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta541\ff [not found] FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha701\ff [not found] FF Extension: No Name - C:\Program Files\Video downloader\Firefox [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\4433da5b-eb52-495d-8865-b2a7468567f6@927544a3-fdfb-4485-a78b-21e1113eee35.com [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\crossriderapp2258@crossrider.com [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\e46480cf-7cf6-495e-af69-573053f52c72@b33ab36d-5952-49aa-adb2-a41b3dbe51a5.com [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\ffxtlbr@babylon.com [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\ffxtlbr@funmoods.com [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\lightningnewtab@gmail.com.xpi [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\{17372c46-39f1-4c28-8f8c-b25d9b57d042} [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [not found] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found] Opera: ======= OPR Extension: (DVDVideoSoft) - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Opera Software\Opera Stable\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-05-02] OPR Extension: (Adblock Plus) - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-08-26] StartMenuInternet: (HKLM) Opera - C:\Program Files (x86)\Opera\Opera.exe hxxp://www.mystartsearch.com/?type=sc&ts=1433839150&z=896e5b047982f8f49d7236eg2z9c6cdb1c8t6g7w3o&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612 ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Professional.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [814344 2009-12-22] (ABBYY) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-01] (Adobe Systems) [File not signed] S4 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] () S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-09] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-09] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG) S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed] R2 csrcc; C:\Program Files\shopperz\csrcc.exe [1448808 2015-06-07] () R2 d54b8bbd-6b74-4d90-b801-8120aa8b2438; C:\Program Files\shopperz\Jmahzov.exe [285544 2015-06-07] () R2 DokanMounter; C:\Program Files\COMPUTERBILD-Cloud\Data\Tools\mounter.exe [14848 2012-02-15] () [File not signed] S4 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-01-27] (Macrovision Europe Ltd.) [File not signed] S4 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [681528 2010-08-06] (Hewlett-Packard) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 kysykiti; C:\Users\Spieler.HeikeHarder-HP\AppData\Local\22CAFA80-1433844267-1016-BFEA-A7801F358095\snss5210.tmp [147456 2015-06-09] () [File not signed] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 MSSQL$BWDATOOLSET; C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-09] (Electronic Arts) S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc) R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.) R2 qyjuhomu; C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095\nst47C2.tmp [229376 2015-06-11] () [File not signed] R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2010-08-19] () R2 shopperz Updater; C:\Program Files\shopperz\Jvpmajlij.exe [174440 2015-06-07] () S3 Soda PDF 2012 Helper Service; C:\Program Files (x86)\Soda PDF 2012\HelperService.exe [827224 2012-01-27] (LULU Software) R2 Soda PDF 2012 Service; C:\Program Files (x86)\Soda PDF 2012\ConversionService.exe [905560 2012-01-27] (LULU Software) R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 zedepory; C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095\hnsbDB0C.tmp [166912 2015-06-09] () [File not signed] S2 ttsvc; "C:\Program Files (x86)\TermTutor\Service\ttsvc.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21600 2013-03-14] (Advanced Micro Devices, Inc.) S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [558592 2007-05-16] (Atheros Communications, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-09] (Avira Operations GmbH & Co. KG) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-03-19] (AVG Technologies) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-06-09] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-17] (Avira Operations GmbH & Co. KG) R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61336 2015-05-31] (Cherimoya Ltd) R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2012-02-15] (Windows (R) Win 7 DDK provider) S3 GrabsterSeries.X64; C:\Windows\System32\DRIVERS\GrabsterSeries.X64.SYS [377152 2010-01-22] () S3 hid7906; C:\Windows\SysWOW64\drivers\hid7906.sys [34963 2007-12-12] (Compuware Corporation) [File not signed] S3 hid8101; C:\Windows\SysWOW64\drivers\hid8101.sys [37024 2007-12-03] (Compuware Corporation) [File not signed] S3 hid8103; C:\Windows\SysWOW64\drivers\hid8103.sys [34587 2007-11-28] (Compuware Corporation) [File not signed] S3 iComp; C:\Windows\System32\DRIVERS\p2usbhum.sys [1794112 2009-12-09] (Conexant Systems Inc.) R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF64.sys [157696 2011-10-20] (Matrox Graphics Inc.) S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation ) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [32936 2015-02-05] (Synaptics Incorporated) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2011-08-04] () [File not signed] R1 ttnfd; C:\Windows\System32\drivers\ttnfd.sys [58232 2014-09-04] (Term Tutor) S3 usbio; C:\Windows\System32\Drivers\dsiarhwprog_x64.sys [51600 2007-02-08] (Thesycon GmbH, Germany) S3 ZD1211BU(ZyDAS); C:\Windows\System32\DRIVERS\zd1211Bu.sys [493440 2005-10-28] (ZyDAS Technology Corporation) S3 ZDPSp50a64; C:\Windows\SysWOW64\Drivers\ZDPSp50a64.sys [31744 2005-03-18] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] U3 aemasfhh; C:\Windows\System32\Drivers\aemasfhh.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder) S3 connctfy; system32\DRIVERS\connctfy.sys [X] S3 connctfyMP; system32\DRIVERS\connctfy.sys [X] S3 cpuz134; \??\C:\Users\SPIELE~1.HEI\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S1 toqvakfe; \??\C:\Windows\system32\drivers\toqvakfe.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-11 18:34 - 2015-06-11 18:34 - 00002774 _____ C:\Windows\PFRO.log 2015-06-11 18:34 - 2015-06-11 18:34 - 00000056 _____ C:\Windows\setupact.log 2015-06-11 18:34 - 2015-06-11 18:34 - 00000000 _____ C:\Windows\setuperr.log 2015-06-11 17:48 - 2015-06-11 17:51 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Desktop\Santiano 2015-06-11 13:04 - 2015-06-11 13:04 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Downloads\FRST-OlderVersion 2015-06-11 10:00 - 2015-06-11 10:00 - 00153880 _____ C:\Users\Heike Harder\AppData\Local\GDIPFONTCACHEV1.DAT 2015-06-10 20:58 - 2015-06-10 20:58 - 00613255 _____ (CMI Limited) C:\Users\Spieler.HeikeHarder-HP\AppData\Local\nsjE85C.tmp 2015-06-10 20:57 - 2015-06-10 21:13 - 00000000 ____D C:\ProgramData\MailUpdate 2015-06-10 20:57 - 2015-06-10 20:57 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\MailUpdate 2015-06-10 11:29 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-06-10 11:29 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-06-10 11:29 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-06-10 11:29 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-06-10 11:29 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-06-10 11:29 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-06-10 11:29 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-06-10 11:29 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-06-10 11:29 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-06-10 11:29 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-06-10 11:29 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-06-10 11:29 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-06-10 11:29 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-06-10 11:29 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-06-10 11:29 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-06-10 11:29 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-06-10 11:29 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-06-10 11:29 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-06-10 11:29 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-06-10 11:29 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-06-10 11:29 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-06-10 11:29 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-06-10 11:29 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-06-10 11:29 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-06-10 11:29 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-06-10 11:29 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-06-10 11:29 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-06-10 11:29 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-06-10 11:29 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-06-10 11:29 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-06-10 11:29 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-06-10 11:29 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-06-10 11:29 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-06-10 11:29 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-06-10 11:29 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-06-10 11:29 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-06-10 11:29 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-06-10 11:29 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-06-10 11:29 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-06-10 11:29 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-06-10 11:29 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-06-10 11:29 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-06-10 11:29 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-06-10 11:29 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-06-10 11:29 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-06-10 11:29 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-06-10 11:29 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-06-10 11:29 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-06-10 11:29 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-06-10 11:29 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-06-10 11:29 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-06-10 11:29 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-06-10 11:29 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-06-10 11:29 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-06-10 11:29 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-06-10 11:29 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-06-10 11:29 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-06-10 11:29 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-06-10 11:29 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-06-10 11:29 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-06-10 11:28 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-06-10 11:24 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-06-10 11:24 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-06-10 11:24 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-06-10 11:24 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-06-10 11:24 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-06-10 11:24 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-06-10 11:24 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-06-10 11:24 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-06-10 11:24 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-06-10 11:24 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-06-10 11:24 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-06-10 11:24 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-06-10 11:23 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-06-10 11:23 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-06-10 11:23 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-06-10 11:23 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-06-10 11:23 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-06-10 11:23 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-06-10 11:23 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-06-10 11:23 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-06-10 11:23 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-06-10 11:23 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-06-10 11:23 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-06-10 11:23 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-06-10 11:23 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-06-10 11:23 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-06-10 11:23 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-06-10 11:23 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-06-10 11:23 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-06-10 11:23 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-06-10 11:23 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-06-10 11:23 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-06-10 11:23 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-06-10 11:23 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-06-10 11:23 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-06-10 11:23 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-06-10 11:23 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-06-10 11:23 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-06-10 11:23 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-06-10 11:23 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-06-10 11:23 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2015-06-10 11:23 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2015-06-10 11:23 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys 2015-06-09 21:01 - 2015-06-09 21:01 - 00613255 _____ (CMI Limited) C:\Users\Spieler.HeikeHarder-HP\AppData\Local\nsnC6FC.tmp 2015-06-09 21:01 - 2015-06-09 21:01 - 00000000 __SHD C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\AnyProtectEx 2015-06-09 21:01 - 2015-06-09 21:01 - 00000000 _____ C:\Windows\prleth.sys 2015-06-09 21:01 - 2015-06-09 21:01 - 00000000 _____ C:\Windows\hgfs.sys 2015-06-09 20:07 - 2015-06-11 03:33 - 00506848 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-09 17:00 - 2015-06-09 19:45 - 00000000 ____D C:\Users\Heike Harder\Documents\The Witcher 3 2015-06-09 15:14 - 2015-06-09 15:14 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Spieler.HeikeHarder-HP\Downloads\revosetup95 (1).exe 2015-06-09 12:19 - 2015-06-09 12:19 - 00000000 ____D C:\Users\Heike Harder\AppData\Local\Steam 2015-06-09 12:09 - 2015-06-09 12:09 - 00000000 ____D C:\Users\Heike Harder\AppData\Roaming\Origin 2015-06-09 11:31 - 2015-06-09 11:31 - 00613255 _____ (CMI Limited) C:\Users\Heike Harder\AppData\Local\nsjD2F4.tmp 2015-06-09 10:41 - 2015-06-11 03:33 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP3.job 2015-06-09 10:41 - 2015-06-11 03:33 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP2.job 2015-06-09 10:41 - 2015-06-10 21:18 - 00000378 _____ C:\Windows\Tasks\APSnotifierPP1.job 2015-06-09 10:41 - 2015-06-10 20:58 - 00002832 _____ C:\Windows\System32\Tasks\APSnotifierPP1 2015-06-09 10:41 - 2015-06-10 20:58 - 00002830 _____ C:\Windows\System32\Tasks\APSnotifierPP3 2015-06-09 10:41 - 2015-06-10 20:58 - 00002830 _____ C:\Windows\System32\Tasks\APSnotifierPP2 2015-06-09 10:41 - 2015-06-09 10:41 - 00000000 ____D C:\Windows\SysWOW64\Flash 2015-06-09 10:41 - 2015-06-09 10:40 - 00613255 _____ (CMI Limited) C:\Users\Heike Harder\AppData\Local\nsmA09A.tmp 2015-06-09 10:40 - 2015-06-09 10:40 - 00000000 __SHD C:\Users\Heike Harder\AppData\Roaming\AnyProtectEx 2015-06-09 10:04 - 2015-06-11 18:39 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Local\22CAFA80-1433844267-1016-BFEA-A7801F358095 2015-06-09 10:02 - 2015-06-09 10:02 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Local\22CAFA80-1433844131-1016-BFEA-A7801F358095 2015-06-09 10:01 - 2015-06-11 17:34 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095 2015-06-09 10:01 - 2015-06-09 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\SimpleFiles 2015-06-09 10:01 - 2015-06-09 10:01 - 00003632 _____ C:\Windows\System32\Tasks\Papuir 2015-06-09 10:01 - 2015-06-09 10:01 - 00000000 ____D C:\Program Files\shopperz 2015-06-09 10:01 - 2015-05-31 10:37 - 00061336 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys 2015-06-09 10:01 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak 2015-06-09 09:59 - 2015-06-09 09:59 - 03824002 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\reimage_repair_keygen.zip 2015-06-09 09:08 - 2015-06-09 09:09 - 00000156 _____ C:\Windows\Reimage.ini 2015-06-09 09:07 - 2015-06-09 09:08 - 00771872 _____ (Reimage®) C:\Users\Spieler.HeikeHarder-HP\Downloads\ReimageRepair.exe 2015-06-08 23:22 - 2015-06-08 23:06 - 45315620 _____ C:\Users\Spieler.HeikeHarder-HP\Desktop\Produce_0.wmv 2015-06-08 16:24 - 2015-06-08 16:35 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Desktop\stream musik 2015-06-05 14:23 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-06-05 14:23 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-06-05 14:23 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-06-05 14:23 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-06-05 14:23 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-06-05 14:23 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-06-05 14:23 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-06-05 14:23 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-06-04 22:08 - 2015-06-04 22:14 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Desktop\server new 2015-06-04 22:08 - 2015-06-04 22:09 - 10174813 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\minecraft_server.1.8.6.exe 2015-06-03 23:21 - 2015-06-03 23:21 - 28683704 _____ (DVDVideoSoft Ltd. ) C:\Users\Spieler.HeikeHarder-HP\Downloads\FreeVideoToJPGConverter (2).exe 2015-06-03 09:51 - 2015-06-03 09:51 - 00000000 ____D C:\Users\Heike Harder\AppData\Roaming\Avira 2015-05-28 21:19 - 2015-05-28 21:19 - 03716517 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\powersaves3ds-software-128.zip 2015-05-28 21:19 - 2015-05-28 13:45 - 03747890 _____ (Datel Design & Development ) C:\Users\Spieler.HeikeHarder-HP\Downloads\powersaves_setup_v1.28.exe 2015-05-27 11:22 - 2015-05-27 11:22 - 00684008 _____ (Opera Software) C:\Users\Spieler.HeikeHarder-HP\Downloads\Opera_NI_stable.exe 2015-05-24 20:50 - 2015-06-03 12:24 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Desktop\all 2015-05-15 23:29 - 2015-05-15 23:29 - 00001538 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2015-05-15 23:28 - 2015-05-15 23:28 - 36088824 _____ (DVDVideoSoft Ltd. ) C:\Users\Spieler.HeikeHarder-HP\Downloads\FreeYouTubeToMP3Converter.exe 2015-05-15 20:12 - 2015-05-16 12:58 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Desktop\pbs 2015-05-14 03:37 - 2015-05-14 03:37 - 00000000 _____ C:\Windows\SysWOW64\shoB6AC.tmp 2015-05-14 03:04 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-14 03:04 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 10:45 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-13 10:45 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-13 10:44 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-13 10:44 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-13 10:44 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-13 10:44 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-13 10:44 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-13 10:44 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-05-13 10:44 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-05-13 10:44 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-13 10:44 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-05-13 10:44 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-13 10:44 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-13 10:44 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-05-13 10:44 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-05-13 10:44 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-05-13 10:44 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2015-05-13 10:44 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-05-13 10:44 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-13 10:44 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll 2015-05-12 21:00 - 2015-05-12 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher Enhanced Edition 2015-05-12 20:45 - 2015-05-12 21:00 - 00000000 ____D C:\Program Files (x86)\The Witcher Enhanced Edition 2015-05-12 20:45 - 2015-05-12 20:59 - 00000000 ____D C:\Users\Public\Documents\The Witcher ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-11 19:03 - 2015-04-01 23:18 - 00053584 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\FRST.txt 2015-06-11 19:03 - 2015-04-01 23:18 - 00000000 ____D C:\FRST 2015-06-11 19:03 - 2013-09-03 22:45 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\TS3Client 2015-06-11 18:44 - 2009-07-14 06:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-11 18:44 - 2009-07-14 06:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-11 18:36 - 2014-06-24 16:10 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Local\LogMeIn Hamachi 2015-06-11 18:35 - 2011-03-16 16:37 - 00000441 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2015-06-11 18:35 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2015-06-11 18:34 - 2015-02-19 17:01 - 00002586 _____ C:\Windows\System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c 2015-06-11 18:34 - 2015-02-19 17:01 - 00000308 _____ C:\Windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job 2015-06-11 18:34 - 2011-03-09 17:38 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\PDF Software 2015-06-11 18:34 - 2011-01-27 20:36 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-11 18:34 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-11 18:33 - 2012-06-04 16:38 - 01630025 _____ C:\Windows\WindowsUpdate.log 2015-06-11 18:05 - 2011-01-27 20:36 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-11 17:51 - 2011-07-10 23:06 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\vlc 2015-06-11 16:17 - 2013-01-07 23:41 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\.minecraft 2015-06-11 14:52 - 2013-01-20 00:21 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Skype 2015-06-11 14:51 - 2015-02-17 13:50 - 00002409 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\desmume.ini 2015-06-11 14:50 - 2014-08-28 20:02 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Documents\lp 2015-06-11 13:04 - 2015-04-01 23:18 - 02108928 _____ (Farbar) C:\Users\Spieler.HeikeHarder-HP\Downloads\FRST64.exe 2015-06-11 10:00 - 2014-09-30 21:27 - 00000000 ____D C:\Users\Heike Harder\AppData\Local\LogMeIn Hamachi 2015-06-11 04:24 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-06-11 03:41 - 2011-01-07 21:54 - 00799382 _____ C:\Windows\system32\perfh007.dat 2015-06-11 03:41 - 2011-01-07 21:54 - 00188890 _____ C:\Windows\system32\perfc007.dat 2015-06-11 03:41 - 2009-07-14 07:13 - 01903918 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-11 03:38 - 2014-06-03 11:02 - 00003860 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1387178156 2015-06-11 03:38 - 2011-01-27 12:58 - 00000000 ____D C:\Program Files (x86)\Opera 2015-06-11 03:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-06-11 03:07 - 2013-08-16 09:04 - 00000000 ____D C:\Windows\system32\MRT 2015-06-11 03:02 - 2011-01-31 19:17 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-06-10 20:57 - 2013-12-16 09:15 - 00001431 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 30.lnk 2015-06-10 20:57 - 2011-04-06 19:06 - 00001333 _____ C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-06-09 21:05 - 2012-09-11 10:43 - 00000000 ____D C:\ProgramData\NexonUS 2015-06-09 20:23 - 2012-06-12 19:26 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-06-09 20:23 - 2012-03-07 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2015-06-09 19:45 - 2011-01-07 21:18 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-06-09 17:00 - 2014-08-06 12:01 - 00000000 ____D C:\ProgramData\Package Cache 2015-06-09 16:39 - 2014-12-14 18:06 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\OBS 2015-06-09 14:59 - 2011-01-29 14:11 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\SoftGrid Client 2015-06-09 12:14 - 2011-03-04 12:43 - 00000000 ____D C:\ProgramData\Origin 2015-06-09 12:09 - 2011-07-07 09:25 - 00000000 ____D C:\Users\Heike Harder\AppData\Local\Origin 2015-06-09 12:08 - 2011-07-07 09:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2015-06-09 12:08 - 2011-07-07 09:23 - 00000000 ____D C:\Program Files (x86)\Origin 2015-06-09 11:28 - 2014-09-30 21:27 - 00002555 _____ C:\Users\Heike Harder\Desktop\Google Chrome.lnk 2015-06-09 11:28 - 2011-04-07 08:16 - 00001729 _____ C:\Users\Heike Harder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-06-09 11:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2015-06-09 10:57 - 2011-02-11 12:08 - 00000000 ____D C:\Users\Heike Harder\AppData\Roaming\PDF Software 2015-06-09 10:49 - 2014-06-24 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-06-09 10:47 - 2015-03-23 17:22 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-06-09 10:47 - 2015-03-23 17:22 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-06-08 19:08 - 2015-02-17 13:51 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Downloads\Battery 2015-06-08 19:08 - 2014-08-21 22:58 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Desktop\uni 2015-06-08 18:49 - 2013-10-04 14:37 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\alles 2015-06-08 15:37 - 2015-05-11 21:44 - 00000512 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\Digimon - Battle Spirit (D, F, E).sav 2015-06-08 15:37 - 2015-03-23 11:31 - 00002441 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\vba.ini 2015-06-08 13:41 - 2014-12-14 18:06 - 00000000 ____D C:\Program Files (x86)\OBS 2015-06-08 11:15 - 2014-12-14 18:06 - 00000000 ____D C:\Program Files\OBS 2015-06-06 03:16 - 2014-12-11 04:23 - 00000000 ____D C:\Windows\system32\appraiser 2015-06-06 03:16 - 2014-05-01 03:02 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-06-05 21:35 - 2014-06-25 12:44 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Powersaves3DS 2015-06-04 22:14 - 2015-02-05 11:50 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Desktop\server 2015-06-04 14:57 - 2011-03-02 15:03 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\KlebezettelNG 2015-06-03 23:22 - 2015-04-03 11:17 - 00001514 _____ C:\Users\Public\Desktop\Free Video to JPG Converter.lnk 2015-06-03 23:22 - 2015-04-03 11:17 - 00001247 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2015-06-03 23:22 - 2014-09-21 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-06-03 23:22 - 2014-09-21 20:49 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft 2015-06-03 23:21 - 2012-12-30 13:01 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\DVDVideoSoft 2015-06-03 15:36 - 2012-04-06 20:04 - 00000000 ____D C:\ProgramData\Skype 2015-06-03 09:53 - 2012-04-12 13:23 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-29 11:18 - 2011-01-29 12:51 - 00153880 _____ C:\Users\Spieler.HeikeHarder-HP\AppData\Local\GDIPFONTCACHEV1.DAT 2015-05-28 21:20 - 2014-06-25 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Action Replay PowerSaves 3DS 2015-05-28 21:20 - 2014-06-25 13:55 - 00000000 ____D C:\Program Files (x86)\Action Replay PowerSaves 3DS 2015-05-27 11:18 - 2012-06-08 18:21 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Google 2015-05-25 16:25 - 2015-02-20 21:06 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Downloads\Cheats 2015-05-23 14:27 - 2011-01-27 20:36 - 00000000 ____D C:\Program Files (x86)\Google 2015-05-23 12:17 - 2012-04-12 13:23 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-05-23 12:17 - 2012-04-12 13:23 - 00003824 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-05-23 12:17 - 2011-05-23 10:55 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-05-23 12:16 - 2014-10-17 07:57 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Adobe 2015-05-21 03:00 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-05-21 03:00 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\system32\GWX 2015-05-21 01:01 - 2014-05-02 14:03 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Winamp 2015-05-16 12:00 - 2011-01-27 20:36 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-16 12:00 - 2011-01-27 20:36 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-15 23:29 - 2014-12-08 23:51 - 00000000 ____D C:\Program Files (x86)\Free Codec Pack 2015-05-14 20:57 - 2011-02-16 14:05 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Local\The Witcher 2015-05-14 03:41 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal 2015-05-14 03:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers 2015-05-14 03:19 - 2011-01-27 18:45 - 01930536 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2015-05-14 03:19 - 2011-01-27 18:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2015-05-14 03:04 - 2013-03-13 16:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-14 03:03 - 2013-03-13 16:15 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-05-14 03:03 - 2013-03-13 16:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight ==================== Files in the root of some directories ======= 2014-08-18 16:36 - 2014-08-18 16:56 - 0004608 _____ () C:\Users\Spieler.HeikeHarder-HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-06-10 20:58 - 2015-06-10 20:58 - 0613255 _____ (CMI Limited) C:\Users\Spieler.HeikeHarder-HP\AppData\Local\nsjE85C.tmp 2015-06-09 21:01 - 2015-06-09 21:01 - 0613255 _____ (CMI Limited) C:\Users\Spieler.HeikeHarder-HP\AppData\Local\nsnC6FC.tmp 2015-03-15 15:52 - 2015-03-15 15:52 - 0001507 _____ () C:\Users\Spieler.HeikeHarder-HP\AppData\Local\recently-used.xbel 2014-04-21 13:47 - 2014-04-21 13:47 - 0007600 _____ () C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Resmon.ResmonCfg 2011-12-22 20:26 - 2011-12-23 17:15 - 0000088 __RSH () C:\ProgramData\674D61C93E.sys 2011-12-22 20:26 - 2012-01-03 22:39 - 0001682 ___SH () C:\ProgramData\KGyGaAvL.sys Some files in TEMP: ==================== C:\Users\Heike Harder\AppData\Local\Temp\avgnt.exe C:\Users\Heike Harder\AppData\Local\Temp\handle.exe C:\Users\Heike Harder\AppData\Local\Temp\sdfC207.exe C:\Users\Heike Harder\AppData\Local\Temp\sdfF0A4.exe C:\Users\Heike Harder\AppData\Local\Temp\Uninstall.exe C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Temp\avgnt.exe C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Temp\fsd6EC4.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-03 00:44 ==================== End of log ============================ |
11.06.2015, 18:49 | #2 |
/// the machine /// TB-Ausbilder | Nervige Popups, Videos so wie ständiges selbst Installieren von Anyprotect und Mystartserac Hi,
__________________Addition.txt von FRST fehlt noch
__________________ |
11.06.2015, 18:54 | #3 |
| Nervige Popups, Videos so wie ständiges selbst Installieren von Anyprotect und Mystartserac [QUOTE]Additional
__________________FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015 Ran by Spieler at 2015-06-11 19:52:06 Running from C:\Users\Spieler.HeikeHarder-HP\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2355925718-3238339638-3018866954-500 - Administrator - Disabled) Gast (S-1-5-21-2355925718-3238339638-3018866954-501 - Limited - Disabled) => C:\Users\Gast Heike Harder (S-1-5-21-2355925718-3238339638-3018866954-1001 - Administrator - Enabled) => C:\Users\Heike Harder HomeGroupUser$ (S-1-5-21-2355925718-3238339638-3018866954-1013 - Limited - Enabled) Spieler (S-1-5-21-2355925718-3238339638-3018866954-1007 - Administrator - Enabled) => C:\Users\Spieler.HeikeHarder-HP UpdatusUser (S-1-5-21-2355925718-3238339638-3018866954-1012 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3RVX (HKLM-x32\...\{66BB5D8F-D9BD-4799-A9FA-5731B3B7839A}) (Version: 2.5 - matt.malensek.net) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) ABBYY FineReader 10 Professional Edition (HKLM-x32\...\{F1000000-0001-0000-0000-074957833700}) (Version: 10.501.159.70013 - ABBYY) Action Replay DSi Code Manager (HKLM-x32\...\Action Replay DSi Code Manager_is1) (Version: - ) Action Replay PowerSaves 3DS Version 1.28 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.28 - Datel Design & Development) ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.) Adobe Creative Suite 2 (HKLM-x32\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version: - ) Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - ) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated) Adobe Photoshop Elements 6.0 (HKLM-x32\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems, Inc.) Adobe Reader X (10.1.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated) Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.) Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.12.2400) (Version: 1.12.2400 - Aeria Games & Entertainment) Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.12.2400 - Aeria Games & Entertainment) Aeria Ignite (x32 Version: 1.12.2400 - Aeria Games & Entertainment) Hidden Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden Akamai NetSession Interface (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Akamai) (Version: - Akamai Technologies, Inc) Amazon Music (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC) Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ashampoo Burning Studio Elements 10.0.9 (HKLM-x32\...\Ashampoo Burning Studio Elements_is1) (Version: 3.1.1 - Ashampoo GmbH & Co. KG) Ashampoo Office 2008 (C:\Program Files (x86)\Ashampoo\Ashampoo Office 2008) (HKLM-x32\...\sm-un1.u32) (Version: - SoftMaker Software GmbH) Ashampoo Photo Commander 7.60 (HKLM-x32\...\Ashampoo Photo Commander 7_is1) (Version: 7.6.0 - ashampoo GmbH & Co. KG) Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team) Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.10 - Audible, Inc.) Autostart ok-s 2.0 (HKLM-x32\...\{83832C13-FE26-4058-9BEB-89C422F569B3}) (Version: 1.0 - Olaf Koch) Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - ) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden BenVista PhotoZoom Classic 2.0 (HKU\S-1-5-21-2355925718-3238339638-3018866954-1001\...\PhotoZoom Classic 2) (Version: 2.0 - BenVista Ltd) BenVista PhotoZoom Classic 2.0 (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\PhotoZoom Classic 2) (Version: 2.0 - BenVista Ltd) BenVista PhotoZoom Classic 2.0 (HKU\S-1-5-21-2355925718-3238339638-3018866954-1012\...\PhotoZoom Classic 2) (Version: 2.0 - BenVista Ltd) BenVista PhotoZoom Express 3.0 (HKU\S-1-5-21-2355925718-3238339638-3018866954-1001\...\PhotoZoom Express 3) (Version: 3.0 - BenVista Ltd) BenVista PhotoZoom Express 3.0 (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\PhotoZoom Express 3) (Version: 3.0 - BenVista Ltd) BenVista PhotoZoom Express 3.0 (HKU\S-1-5-21-2355925718-3238339638-3018866954-1012\...\PhotoZoom Express 3) (Version: 3.0 - BenVista Ltd) Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Book Alter (HKLM-x32\...\SoftwareUpdater) (Version: 1.0.0.0 - Book Alter) Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden Brother MFL-Pro Suite MFC-J6510DW (HKLM-x32\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 1.0.20.0 - Brother Industries, Ltd.) Build-a-Lot - The Elizabethan Era (x32 Version: 2.2.0.95 - WildTangent) Hidden Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden CCEnhancer 3.2 (HKLM-x32\...\CCEnhancer) (Version: 3.2 - ) CCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform) Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version: - Dark Byte) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) COMPUTERBILD App-Center (HKLM-x32\...\{21295604-BBCA-4A3E-B1D1-1B8A746C4A52}) (Version: 1.0.23 - J3S) COMPUTERBILD-Cloud (HKLM\...\COMPUTERBILD-Cloud_is1) (Version: - CyberGhost S.R.L.) Curse Client (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\101a9f93b8f0bb6f) (Version: 5.1.1.792 - Curse) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Defraggler (HKLM\...\Defraggler) (Version: 2.01 - Piriform) DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 1.0.1.46 - INTENIUM GmbH) Die Jade-Münze (HKLM-x32\...\Die Jade-Münze) (Version: 1.0.0.0 - INTENIUM GmbH) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden DomainInspect (HKLM-x32\...\DomainInspect) (Version: - AntsSoft) Drakensang 2 Savegame Editor (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Drakensang 2 Savegame Editor) (Version: - Philipp Jardas) Drakensang Savegame Editor (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Drakensang Savegame Editor) (Version: - Philipp Jardas) DriverMax 7 (HKLM-x32\...\DMX5_is1) (Version: 7.53.0.1091 - Innovative Solutions) DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard) DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden DVD Video Soft Toolbar (HKLM-x32\...\dvdvideosofttoolbar) (Version: 1.0.0.12 - ) DVDVideoSoftTB Toolbar (HKLM-x32\...\DVDVideoSoftTB Toolbar) (Version: 6.9.0.16 - DVDVideoSoftTB) EA Shared Game Component: Activation (HKLM-x32\...\com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1) (Version: 2.2.0.62 - Electronic Arts) EA Shared Game Component: Activation (x32 Version: 2.2.0 - Electronic Arts) Hidden EPSON SX430 Series Printer Uninstall (HKLM\...\EPSON SX430 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION) Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Free 3GP Video Converter version 5.0.13.608 (HKLM-x32\...\Free 3GP Video Converter_is1) (Version: 5.0.13.608 - DVDVideoSoft Ltd.) Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.) Free Audio Converter version 5.0.21.1212 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.21.1212 - DVDVideoSoft Ltd.) Free Studio version 6.5.0.219 (HKLM-x32\...\Free Studio_is1) (Version: 6.5.0.219 - DVDVideoSoft Ltd.) Free Video to JPG Converter version 5.0.59.525 (HKLM-x32\...\Free Video to JPG Converter_is1) (Version: 5.0.59.525 - DVDVideoSoft Ltd.) Free YouTube Download 3 version 3.0.6.715 (HKLM-x32\...\Free YouTube Download 3_is1) (Version: - DVDVideoSoft Limited.) Free YouTube to DVD Converter version 3.0.3.923 (HKLM-x32\...\Free YouTube to DVD Converter_is1) (Version: - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.59.505 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.59.505 - DVDVideoSoft Ltd.) GameWiz32 (HKLM-x32\...\GameWiz32) (Version: 1.43 - Nico Ebert) Geheimnis von Montezuma (HKLM-x32\...\Geheimnis von Montezuma) (Version: 0.0.0.0 - INTENIUM GmbH) Geheimnis von Montezuma 2 (HKLM-x32\...\Geheimnis von Montezuma 2) (Version: 1.0.0.0 - INTENIUM GmbH) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Glitzerndes Troja (HKLM-x32\...\Glitzerndes Troja_is1) (Version: - Contendo Media GmbH) Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.) Harvard Publisher 6.0 (HKLM-x32\...\Harvard Publisher 6.0) (Version: - ) Harvard Publisher 6.0 Inhalts-CD-ROM (HKLM-x32\...\Harvard Publisher 6.0 Inhalts-CD-ROM) (Version: - ) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent) HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard) HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard) HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard) HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard) HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}) (Version: 5.1.8.12 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard) HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard) HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden Hühner-Attacke (HKLM-x32\...\Hühner-Attacke) (Version: 0.0.0.0 - INTENIUM GmbH) Hühner-Rache Deluxe Special (HKLM-x32\...\Hühner-Rache Deluxe Special) (Version: - ) HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.29.01 - Hyperionics Technology LLC) Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) Internet Turbo Engine (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\{28583d9b-8f7d-474c-b990-7328c7428bae}) (Version: 10.197.20.13927 - ReSoft Ltd.) iTunes (HKLM\...\{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}) (Version: 10.5.2.11 - Apple Inc.) Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle) JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH) Jewel Quest II (x32 Version: 2.2.0.95 - WildTangent) Hidden Jewel Quest Solitaire (HKLM-x32\...\Jewel Quest Solitaire) (Version: 1.0.0.0 - INTENIUM GmbH) Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden Jewel Quest Solitaire II (HKLM-x32\...\Jewel Quest Solitaire II) (Version: 1.0.0.0 - INTENIUM GmbH) Jewel Quest Solitaire III (HKLM-x32\...\Jewel Quest Solitaire III) (Version: 1.0.0.0 - INTENIUM GmbH) John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Klebezettel NG (Version 2.9.14) (HKLM-x32\...\{4F81901F-3655-4340-8227-F687F69A3C79}}_is1) (Version: - ) Land der Magie (HKLM-x32\...\Land der Magie) (Version: 1.0.0.0 - INTENIUM GmbH) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) Hidden LoiLo Game Recorder (HKLM\...\{89E4163C-BD19-45A9-BCEB-980741786799}_is1) (Version: 1.1.0.0 - LoiLo inc.) LoiLoScope 2 (HKLM-x32\...\{CAB75FFC-2377-4B95-A8FA-C9234B812A92}_is1) (Version: 2.5.3.2 - LoiLo inc) LookThisUp (HKLM\...\LookThisUp) (Version: 1.0.2 - LookThisUp) <==== ATTENTION! M6 Processing 1.0 (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\M6 Processing) (Version: 1.0 - Pysy Software S.L.) Magelo Sync (uninstall only) (HKLM\...\Magelo Sync) (Version: - ) MAGIX Filme auf DVD Download-Version (x32 Version: 9.0.1.2 - MAGIX AG) Hidden MAGIX Video deluxe 17 Download-Version (x32 Version: 10.0.1.14 - MAGIX AG) Hidden Mah Jong Quest (HKLM-x32\...\Mah Jong Quest) (Version: 0.0.0.0 - INTENIUM GmbH) Mah Jong Quest II (HKLM-x32\...\Mah Jong Quest II) (Version: 0.0.0.0 - INTENIUM GmbH) Mah Jong Quest III (HKLM-x32\...\Mah Jong Quest III) (Version: 0.0.0.0 - INTENIUM GmbH) Mahjongg – Ancient Egypt (HKLM-x32\...\Mahjongg – Ancient Egypt) (Version: 1.0.0.0 - INTENIUM GmbH) Mahjongg – Ancient Mayas (HKLM-x32\...\Mahjongg – Ancient Mayas) (Version: 0.0.0.0 - INTENIUM GmbH) Mahjongg Artifacts (HKLM-x32\...\Mahjongg Artifacts) (Version: 0.0.0.0 - INTENIUM GmbH) Mahjongg Artifacts 2 (HKLM-x32\...\Mahjongg Artifacts 2) (Version: 0.0.0.0 - INTENIUM GmbH) Mahjongg Dimensions Deluxe: Tiles in Time (HKLM-x32\...\Mahjongg Dimensions Deluxe: Tiles in Time) (Version: 1.0.0.0 - INTENIUM GmbH) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office XP Professional (HKLM-x32\...\{91110407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Moorhuhn Schatzjäger 3 (HKLM-x32\...\Moorhuhn Schatzjäger 3) (Version: 1.00 - phenomedia publishing gmbh) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard) Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden Mozilla Thunderbird (3.1.7) (HKLM-x32\...\Mozilla Thunderbird (3.1.7)) (Version: 3.1.7 (de) - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) Mystery Solitaire: Secret Island (HKLM-x32\...\Mystery Solitaire: Secret Island) (Version: 0.0.0.0 - INTENIUM GmbH) NC Launcher (GameForge) (HKLM-x32\...\NCLauncher_GameForge) (Version: - NCsoft) No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23) Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) NVIDIA 3D Vision Controller-Treiber 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.90 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation) Office-Bibliothek (HKLM-x32\...\{5C81B189-5456-40C4-9313-7FE6FA6DD64C}) (Version: 5.00.3 - Bibliographisches Institut & F.A. Brockhaus AG) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org) Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA) Opera Stable 30.0.1835.59 (HKLM-x32\...\Opera 30.0.1835.59) (Version: 30.0.1835.59 - Opera Software) Origin (HKLM-x32\...\Origin) (Version: 9.1.13.85 - Electronic Arts, Inc.) paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC) PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.) PCSUITE ADVISOR (HKLM-x32\...\PCSUITE_ADVISOR_PRO_is1) (Version: - Markement GmbH) PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company) Pinball Escape (HKLM\...\UDK-4601a1a3-d3ca-4b8b-99ca-a569081d9943) (Version: - Epic Games, Inc.) Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.) PowerDirector (Version: 10.00.0000 - CyberLink Corp.) Hidden QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6622 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden Restricted Area (HKLM-x32\...\Restricted Area_is1) (Version: Restricted Area - Master Creating) Retter in der Not (HKLM-x32\...\Retter in der Not) (Version: 1.0.0.0 - INTENIUM GmbH) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) RIFT (HKU\S-1-5-21-2355925718-3238339638-3018866954-1001\...\RIFT) (Version: - Trion Worlds, Inc.) RIFT (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\RIFT) (Version: - Trion Worlds, Inc.) RIFT (HKU\S-1-5-21-2355925718-3238339638-3018866954-1012\...\RIFT) (Version: - Trion Worlds, Inc.) RIFT Beta (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\RIFT-Beta) (Version: - Trion Worlds, Inc.) Ritter Arthur (HKLM-x32\...\Ritter Arthur) (Version: 1.0.0.0 - INTENIUM GmbH) Scansoft PDF Professional (x32 Version: - ) Hidden Serif PhotoPlus X2 (HKLM-x32\...\{FC935397-C56E-4EE3-B9BC-1F7F3EA6CE41}) (Version: 12.0.3.013 - Serif (Europe) Ltd) Shaiya-DE (HKLM-x32\...\Shaiya-DE) (Version: - ) shopperz 2.0.0.461 (HKLM\...\{d0174004-bb12-464b-b666-9ba9bdbd750a}_is1) (Version: 2.0.0.461 - shopperz) Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.) Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Soda PDF 2012 (HKLM-x32\...\{A5EB5C60-5303-46C2-ABC8-860D94A8A973}) (Version: 2.0.33.2835 - LULU Software) South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH) TeamSpeak 3 Client (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\TeamSpeak 3 Client) (Version: 3.0.12 - TeamSpeak Systems GmbH) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer) The Witcher Enhanced Edition Version 1.6 (HKLM-x32\...\The Witcher Enhanced Edition_is1) (Version: 1.6 - CD Projekt RED) The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD PROJEKT RED) TileSetMaker (HKLM-x32\...\TileSetMaker) (Version: - ) Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore) Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore) TP-LINK Wireless Client Utility (HKLM-x32\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK) TQ Defiler.NET (HKLM-x32\...\{F4CB0C1E-A88F-46D7-AC9A-03B349A8D64F}) (Version: 1.3.7 - Soul's Software) TQVault 2.11 (HKLM-x32\...\TQVault_is1) (Version: - bman654) Treiber-Studio 2013 (HKLM\...\{7660521A-062D-41F5-AA5E-CBA0E0511131}) (Version: 8.0.519 - Publish Data) Unity Web Player (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\UnityWebPlayer) (Version: - Unity Technologies ApS) USB Audio/Video Driver (HKLM-x32\...\InstallShield_{015C057F-D7B9-4D82-B266-FBCF0178F382}) (Version: 1.00.0000 - ) USB Audio/Video Driver (x32 Version: 1.00.0000 - ) Hidden USB Network Driver (HKLM-x32\...\{66ED8E01-C915-41F5-B33E-C5C31F27B885}) (Version: 2007.07.3 - ) Video Thumbnails Maker by Scorp (remove only) (HKLM-x32\...\Video Thumbnails Maker) (Version: - ) ViGlance (HKLM-x32\...\ViGlance) (Version: 1001194 - Lee-Soft.com) Vindictus (HKLM-x32\...\Vindictus) (Version: - ) Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version: - ) Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden Vista Start Menu 3.36 (HKLM-x32\...\Vista Start Menu_is1) (Version: 3.36 - OrdinarySoft) VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN) VP3 Codec Version 3.2.6.1 (HKLM-x32\...\VP3 Codec Version 3.2.6.1) (Version: - ) Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation) Winload Toolbar (HKLM-x32\...\Winload Toolbar) (Version: 6.8.9.0 - Winload) Word Processor Text Wrap (HKLM-x32\...\wincheck) (Version: 1.0.0.0 - Word Processor Text Wrap) <==== ATTENTION XLink Kai Evolution 7 (HKLM-x32\...\{F90592EC-5E58-4EE6-A333-EC05ED57ACF4}) (Version: 7.1.7.7 - Team XLink) Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC) Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden Zombie News (HKLM-x32\...\ZombieNews) (Version: 2.7.67 - Time Lapse Solutions) <==== ATTENTION Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File CustomCLSID: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007_Classes\CLSID\{b24abb2f-a278-4d8e-953c-24d702c5cd73}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 10-06-2015 20:58:19 Revo Uninstaller's restore point - mystartsearch uninstall 10-06-2015 20:59:04 Revo Uninstaller's restore point - AnyProtect 11-06-2015 03:00:39 Windows Update 11-06-2015 12:55:08 Revo Uninstaller's restore point - Pando Media Booster 11-06-2015 19:06:40 Revo Uninstaller's restore point - mystartsearch uninstall 11-06-2015 19:10:41 Revo Uninstaller's restore point - AnyProtect ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01A8FBEE-F847-42AC-BA4F-00A1898D52EA} - System32\Tasks\{A1B14BEA-175E-4E8C-BEE2-5DDA0F36CE9D} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {07B88545-8678-48F3-A6C7-1FBFFD50D661} - System32\Tasks\{1003CA87-689D-4BA1-9991-D848D14F3F1C} => pcalua.exe -a E:\AUTOSTARTER.EXE -d E:\ Task: {07C3EB77-BAD1-4CE8-A8AC-7F7B2FC0B156} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-09-27] () Task: {099D38D9-347D-4927-A8D6-717739F0B2D9} - System32\Tasks\{7F6DEF33-A300-41FA-A541-DBEC7DD61924} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {0BB09DF1-229E-407A-B1B9-3AC39272E7CB} - System32\Tasks\{2FE07B1C-ECD4-4699-B785-2C1187027CF6} => C:\Program Files (x86)\TQVault\TQVault.exe [2007-03-18] () Task: {10767F79-86BB-4CBE-A00F-FFEEAF2BB163} - System32\Tasks\{66C961E8-5007-4324-903F-35DBDB476678} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {14001BFE-1F98-4D9A-A750-6AE835038689} - System32\Tasks\{E285D0AD-6380-4D20-A7E3-50700C93908A} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {170BCD56-2CA0-49B4-9F7C-5EBAE2C2D462} - System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe [2015-03-17] (Innovative Solutions) Task: {1759C3E3-2931-441F-8EF6-565E7B4B967C} - System32\Tasks\{AD853451-27EC-49FA-BE81-3E72E4EC04B2} => pcalua.exe -a E:\setup.exe -d E:\ Task: {1BF75E84-A4B3-4CD0-B537-E9B1CEB547A9} - System32\Tasks\{D618E586-8508-4056-B127-BCB49FAA1349} => pcalua.exe -a "C:\Program Files (x86)\Dragon Age\bin_ship\EAProxyInstaller.exe" -d "C:\Program Files (x86)\Dragon Age\bin_ship" Task: {1CE42E40-BEA3-40D6-B42D-C54E78338C19} - System32\Tasks\{AC8529D0-457C-4858-B446-99E3F2D44A5F} => C:\Program Files\HyperCam 2\HyCam2.exe Task: {1D253A63-D540-4C66-B6C6-563742BC0F6E} - System32\Tasks\{9CA9B3AA-1AD3-4D26-BB36-A9DA9005BE34} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {1EDA99EA-7455-4F84-A4AD-D1CC2C972E15} - System32\Tasks\{A67E58E4-AE88-49A7-85A6-7453A92EB2A9} => C:\Program Files (x86)\Drakensang Online\thinclient.exe Task: {228BDEE1-C8C3-4C7F-BEE3-91A0B6F66C2F} - System32\Tasks\{67DA8AEA-6354-42CE-B407-E33C42A282D5} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {23B7FBBE-A7D5-4A34-AD46-060CC765D92E} - System32\Tasks\{7FD504B3-841B-408D-8619-E88E190DA8D6} => C:\Program Files (x86)\Divinity II - Ego Draconis\Divinity_II_Patch_1.03_GERMAN.exe Task: {245A5C11-D036-4CE3-A206-3D0087FF869D} - System32\Tasks\{85FDF290-C320-404D-84B8-6779231A31E0} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {2521C72D-ACF7-4E0D-9F18-A11B57FE74CC} - System32\Tasks\{68E7106A-FDBD-4F0D-8550-DF8A459AFE69} => C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe Task: {2553768B-2AE4-48DF-A613-C7A4A494EE9C} - System32\Tasks\{9CA5AF8D-3F0F-42C7-BD91-D915420ACFE3} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {29C47B50-5DFF-438F-99CB-706D6E748C95} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.) Task: {2BEC5C53-25E2-4659-9513-0C6DC990BD02} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation) Task: {2D359077-ABF9-455A-A2BD-11A8CA7A3FAE} - System32\Tasks\{C9EE2AD4-524E-414F-A50C-DA6B832B5BF8} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {2F1A4251-378C-4421-97E8-3C7D0897D184} - System32\Tasks\{5C73300B-5FF6-46B9-B37C-1D01610BE815} => pcalua.exe -a E:\3DS_Capture_Card_driver\3ds_driver_setup_(WinXP_Vista_7_8_8.1).exe -d E:\3DS_Capture_Card_driver Task: {2FACFEC7-8956-4637-BE32-542A810B26F5} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {31A6B50D-488E-4A4A-BE59-F4D33832D8A7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation) Task: {32D184EF-A82C-44B6-9E6E-23488E1E6F81} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation) Task: {336613B4-A4E0-4242-B841-6A7B83C0D918} - System32\Tasks\{472CECA2-D1CA-452A-A9CD-2E5F66E02CBF} => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2015-03-30] (LogMeIn Inc.) Task: {38BD3EA0-C784-4ADE-AABD-97FF17CFBBE9} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {3DF64CDE-D27B-4C6D-BDBE-B77C15AE6721} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2355925718-3238339638-3018866954-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.) Task: {42D0900A-C5EC-4543-8898-EF24BA29F137} - System32\Tasks\Papuir => C:\Program Files\shopperz\Asyofakaz.bat [2015-06-07] () Task: {42D95011-430F-42F0-A494-B45A84D8E644} - System32\Tasks\{897D3095-7A62-409F-BEF5-A770BF0CF4DE} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {49C78CDC-889A-45FC-B75C-6600F9966CAB} - System32\Tasks\{79015419-0F92-45C0-8EE4-4E179F736190} => C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe Task: {50806D0A-2107-49B6-A98D-57965254570C} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {55C47305-75B5-48A0-908E-0D9AF695E449} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-18] (Hewlett-Packard Company) Task: {56506F83-9B43-4450-B403-9696BE10DBD9} - System32\Tasks\{0D8E4BFB-4760-4899-941A-A04A53FD3A39} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {58C2BEB1-2B7A-4C4C-B1A1-AC302CE23429} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.) Task: {5A2C67D9-88D2-4AEC-B074-A4829C40D7C8} - System32\Tasks\{36C8FF93-8BD8-4E30-A5D6-ED25FFEC2812} => C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe [2014-08-10] (TeamSpeak Systems GmbH) Task: {5D92F5D7-5F78-4E3B-AF91-2B41FEE2270B} - System32\Tasks\{4973F1FB-630E-40E2-9C70-88009C1BB43E} => C:\Program Files (x86)\Monte Cristo\Silverfall - Wächter der Elemente - Demo\SilverfallDemo.exe Task: {5DF0F1DF-816A-4B0D-8969-D28DE8BE9CD6} - System32\Tasks\{1E96FC8D-8C2B-460C-9F54-28CBC2884878} => C:\Program Files (x86)\CyberLink\PowerDirector\PDR.exe Task: {71B4D24B-817F-41DE-BE2E-C87686063F41} - System32\Tasks\{500EE935-E46A-4AA0-AD58-8D8A54253987} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {71C80375-1CDC-4DA3-AEB3-2CCF2A77A05B} - System32\Tasks\{2D02A1A1-B88D-4F22-BE09-2AAC6542545D} => pcalua.exe -a "C:\Program Files\TeamSpeak 3 Client\plugins\ts3overlay\InstallHook.exe" -d "C:\Program Files\TeamSpeak 3 Client\plugins\ts3overlay\" -c ts3overlay_hook_win32.dll 10000 Task: {74FB1AD8-296D-4FA7-B1F0-D01E746BCD72} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {7537B895-1433-4A0A-B8F3-77C5129BD106} - System32\Tasks\{CC601210-52A7-4E2E-8BE7-E2E5643F0396} => C:\Program Files\HyperCam 2\HyCam2.exe Task: {839A0A3D-2712-483E-83AE-1B228A4E11D7} - System32\Tasks\Opera scheduled Autoupdate 1387178156 => C:\Program Files (x86)\Opera\launcher.exe [2015-06-10] (Opera Software) Task: {8A6FC5E8-EF62-41F8-A8A5-3E3757027530} - System32\Tasks\{C58DA0D1-31F7-475E-BE33-B1F7592A93B5} => C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe [2014-08-10] (TeamSpeak Systems GmbH) Task: {953B319A-52DE-4460-B15C-45ED8C6E5A27} - System32\Tasks\{7BDD7497-A7C0-4293-AC7A-CA49768B3715} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {955B8679-972C-4699-9C2B-4FE7E7281651} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {9A3001AE-0F9D-453E-BAFE-78FE333C8D39} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-08-20] (CyberLink) Task: {9EE58FF6-A4F8-4493-89EB-61F5B8006377} - System32\Tasks\{83F7BE8B-3672-4C01-806C-B8D7BADBA939} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {9F7A8A39-9A36-4B20-989E-CFCE33B1E8F2} - System32\Tasks\{EDA016A9-6648-481B-BB50-DF45ED33DA31} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {9F7CA800-2D8A-4033-A94A-9FC9B217E7A7} - System32\Tasks\{412675ED-C224-4FF8-8571-5445803EC050} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {AB2859EC-7065-4D93-AE2D-344A32FF0098} - System32\Tasks\{088F98D3-4398-4748-B038-7915992C069D} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {AC239D12-5FF9-4F16-8A55-EBEBEDA89C6D} - System32\Tasks\{AB9E4B60-D7D4-4489-A561-614D85309523} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {ADC8DFD5-05B7-48C8-A7CC-B236983A1808} - System32\Tasks\{F779D376-AED6-4FEE-B8E4-143428962663} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {B3279C17-9920-4EFF-98BD-52652976909F} - System32\Tasks\{8DB3F366-A097-4A5D-A000-0C16DFFE209E} => C:\Program Files (x86)\JoWooD\SpellForce Demo\SpellForced.exe Task: {B63FF6D1-52A1-44F6-8079-FC59CAC150F7} - System32\Tasks\{19AA9B0E-513F-411F-8A36-5A48E0FDB28B} => C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe Task: {BE152DD4-9412-404F-975A-AA8027D5757E} - System32\Tasks\{C14076FC-5996-456C-B87D-9D686938FE02} => C:\Program Files (x86)\Datel\WiFi MAX\WM.EXE Task: {BF2F502A-C412-4289-B7B9-25BBA3E3FE9F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-18] (Hewlett-Packard Company) Task: {BFA5AF4D-028E-475B-A3B7-2AE64B277C07} - System32\Tasks\{3D75B136-7B65-4B54-B0DB-4CD1368B54AD} => pcalua.exe -a "C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\uninstbb.exe" Task: {C248182A-7AED-4A14-AA1D-C49D29BC0100} - System32\Tasks\{A4983898-78F0-4A6A-AA6C-34ECA5EC873B} => pcalua.exe -a C:\Users\Spieler.HeikeHarder-HP\Documents\RIFT\setup.exe -d C:\Users\Spieler.HeikeHarder-HP\Documents\RIFT Task: {C3C4839D-E51F-4CC8-8008-55D1A3457968} - System32\Tasks\{2B5D54DC-6890-4BD3-A388-01346A0139FE} => pcalua.exe -a C:\Users\Spieler\Documents\Downlodes\MahjonggArtifacts2.exe -d C:\Users\Spieler\Documents\Downlodes Task: {C62C9580-EE55-4935-93AC-F8A8A80A7E06} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2355925718-3238339638-3018866954-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.) Task: {C82A8F19-42FF-4733-BFA1-701EEB2196A2} - System32\Tasks\{2EB9F633-1C7D-471B-9D41-7930F7192F42} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\Uninstall.exe" Task: {C9E22DA0-7805-4B28-B265-7F0002E168C2} - System32\Tasks\{FAE212E9-0CA9-4EF9-881B-FB56B5519A36} => C:\Program Files (x86)\TQVault\TQVault.exe [2007-03-18] () Task: {CB364AAC-8A72-4DD4-B732-AA4FB27DADC6} - System32\Tasks\{FD932190-4DCE-4EFB-8275-CCB6841E084C} => C:\Program Files (x86)\CyberLink\PowerDirector\PDR.exe Task: {CD7FF6C1-E9D1-4FA5-9131-A6B5D93F3C3C} - System32\Tasks\{B26BBC9F-AC7C-4953-9FA7-CA011047A7F0} => C:\Program Files (x86)\CyberLink\PowerDirector\PDR.exe Task: {CEE50F7D-568E-4C99-8A87-4447E08921F9} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {D0E886EE-2AB7-4E36-BEDA-B15643EBDA63} - System32\Tasks\{7A4735AA-26B5-4F00-A23A-E669986102AD} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {DC4A8E46-4BBC-43C4-B86A-962F9763E636} - System32\Tasks\{7DD8442C-43A1-46AA-8D56-18DE6AC9AA25} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {DC8D724C-1FC6-4E88-BFA8-431DBC63E82E} - System32\Tasks\{F003A125-9256-4022-8C48-DEA75D2EC1F8} => C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe Task: {DF306A0E-1234-4ED8-87C5-2E79D3A61B6C} - System32\Tasks\{42254E81-80B3-4EBB-A425-E87D1499C5F1} => pcalua.exe -a C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes\sacreduw2_21ger\SacredUW_ger_2.21_retail.exe -d C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes\sacreduw2_21ger Task: {E5B5252D-CA06-4DB0-BEE5-3A0D0ED561BD} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2014-11-22] (Microsoft Corporation) Task: {EB112395-5E92-4203-9283-9439B69C0623} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-23] (Adobe Systems Incorporated) Task: {F0265FC3-20B1-4069-B9C3-B431DE2697DA} - System32\Tasks\{17F06A71-0601-42A9-B5DB-F57D4063A6DE} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {FCC9FE11-4486-43AD-A901-3B347B5C4622} - System32\Tasks\{C8CA1BFE-1690-4854-B670-51C2140AF22E} => pcalua.exe -a C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes\Avatar_The_Game_Demo.exe -d C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes Task: {FDB3A3A8-567C-4150-A17A-4444C631180E} - System32\Tasks\{13F537D5-0AB6-4A55-9307-8A4EF1088C32} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2011-04-07 23:19 - 2015-02-05 21:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-04-05 20:06 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll 2015-06-09 10:01 - 2015-06-07 11:47 - 00297832 _____ () C:\Program Files\shopperz\Xpnsbedno64.DLL 2015-06-09 10:01 - 2015-06-07 11:47 - 01448808 _____ () C:\Program Files\shopperz\csrcc.exe 2015-06-09 10:01 - 2015-06-07 11:47 - 00285544 _____ () C:\Program Files\shopperz\Jmahzov.exe 2015-06-09 10:01 - 2015-06-07 11:47 - 00434024 _____ () C:\Program Files\shopperz\Huyde.exe 2015-06-09 10:01 - 2015-06-07 11:47 - 00464744 _____ () C:\Program Files\shopperz\Huyde64.exe 2015-06-09 10:01 - 2015-06-07 11:47 - 00631144 _____ () C:\Program Files\shopperz\Dhnayvhf64.DLL 2015-06-09 10:01 - 2015-06-07 11:47 - 00276328 _____ () C:\Program Files\shopperz\Keeqcb64.DLL 2015-06-09 10:01 - 2015-06-07 11:47 - 00337256 _____ () C:\Program Files\shopperz\Xeelfeze64.DLL 2012-06-04 12:03 - 2012-02-15 17:05 - 00014848 _____ () C:\Program Files\COMPUTERBILD-Cloud\Data\Tools\mounter.exe 2015-06-09 10:04 - 2015-06-09 10:04 - 00147456 _____ () C:\Users\Spieler.HeikeHarder-HP\AppData\Local\22CAFA80-1433844267-1016-BFEA-A7801F358095\snss5210.tmp 2015-06-11 17:34 - 2015-06-11 17:34 - 00229376 _____ () C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095\nst47C2.tmp 2012-04-20 16:30 - 2010-08-19 11:43 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2015-06-09 10:01 - 2015-06-07 11:47 - 00174440 _____ () C:\Program Files\shopperz\Jvpmajlij.exe 2015-06-09 10:01 - 2015-06-09 10:01 - 00166912 _____ () C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095\hnsbDB0C.tmp 2014-03-19 19:34 - 2014-03-19 19:34 - 00175424 _____ () C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\M6 Processing\vm6.exe 2014-12-22 17:43 - 2014-12-08 08:27 - 06277952 _____ () C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Amazon Music\Amazon Music Helper.exe 2014-03-14 15:15 - 2014-03-14 15:15 - 00173568 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll 2014-03-14 15:15 - 2014-03-14 15:15 - 01080832 _____ () C:\Program Files\TeamSpeak 3 Client\platforms\qwindows.dll 2014-03-14 15:15 - 2014-03-14 15:15 - 00833024 _____ () C:\Program Files\TeamSpeak 3 Client\sqldrivers\qsqlite.dll 2013-08-06 09:19 - 2014-08-10 13:36 - 00102344 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll 2013-08-06 09:19 - 2014-08-10 13:36 - 00108488 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll 2014-03-14 15:15 - 2014-03-14 15:15 - 00030208 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qgif.dll 2014-03-14 15:15 - 2014-03-14 15:15 - 00233984 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg.dll 2013-08-06 09:19 - 2014-08-10 13:36 - 00563656 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll 2013-09-09 15:49 - 2014-08-10 13:36 - 00579016 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll 2014-03-14 15:15 - 2014-03-14 15:15 - 00159232 _____ () C:\Program Files\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll 2015-06-11 19:24 - 2015-06-11 19:24 - 00310272 _____ () C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\.minecraft\versions\1.8\1.8-natives-3064001763653\lwjgl64.dll 2015-06-11 19:24 - 2015-06-11 19:24 - 00653832 _____ () C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\.minecraft\versions\1.8\1.8-natives-3064001763653\avutil-ttv-51.dll 2015-06-11 19:24 - 2015-06-11 19:24 - 00361103 _____ () C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\.minecraft\versions\1.8\1.8-natives-3064001763653\swresample-ttv-0.dll 2015-06-11 19:24 - 2015-06-11 19:24 - 00688161 _____ () C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\.minecraft\versions\1.8\1.8-natives-3064001763653\libmp3lame-ttv.dll 2015-06-11 19:24 - 2015-06-11 19:24 - 01384960 _____ () C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\.minecraft\versions\1.8\1.8-natives-3064001763653\twitchsdk.dll 2015-06-11 19:24 - 2015-06-11 19:24 - 00382464 _____ () C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\.minecraft\versions\1.8\1.8-natives-3064001763653\OpenAL64.dll 2015-06-09 10:01 - 2015-06-07 11:47 - 00291688 _____ () C:\Program Files\shopperz\Xpnsbedno.DLL 2015-06-09 10:01 - 2015-06-07 11:47 - 00620392 _____ () C:\Program Files\shopperz\Dhnayvhf.DLL 2015-06-09 10:01 - 2015-06-07 11:47 - 00242024 _____ () C:\Program Files\shopperz\Keeqcb.DLL 2015-06-09 10:01 - 2015-06-07 11:47 - 00312168 _____ () C:\Program Files\shopperz\Xeelfeze.DLL 2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll 2014-09-25 15:58 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\SPIELE~1.HEI\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll 2014-10-17 03:37 - 2014-10-17 03:37 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll 2011-01-07 21:20 - 2010-03-04 06:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2015-06-10 21:01 - 2015-06-10 11:45 - 01649272 _____ () C:\Program Files (x86)\Opera\30.0.1835.59\libglesv2.dll 2015-06-10 21:01 - 2015-06-10 11:45 - 00081016 _____ () C:\Program Files (x86)\Opera\30.0.1835.59\libegl.dll 2015-05-23 12:17 - 2015-05-23 12:17 - 16867504 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001\...\aeriagames.com -> hxxps://aeriagames.com IE trusted site: HKU\S-1-5-21-2355925718-3238339638-3018866954-1001\...\aeriagames.com -> hxxp://aeriagames.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2355925718-3238339638-3018866954-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Heike Harder\Pictures\8447_606443969380405_1402658725_n.bmp HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\Control Panel\Desktop\\Wallpaper -> C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-2355925718-3238339638-3018866954-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe MSCONFIG\startupreg: PDFHook => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{6F159590-F9EE-405C-92E2-5B09FB1D1E6A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe FirewallRules: [{15C67800-BBFC-414C-8B98-E62EFB38C80F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe FirewallRules: [{5F2976A3-5F02-4530-81BC-C10F417059C9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe FirewallRules: [{9BB9333A-7A3D-416E-A0E4-F317493C83B7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe FirewallRules: [{5EE8AE3D-2A41-4343-A174-EE9BFCEA2E71}] => (Allow) C:\Program Files (x86)\Opera\opera.exe FirewallRules: [{801DFBD7-522B-4A71-B7A9-7E9A8D88B387}] => (Allow) C:\Program Files (x86)\Opera\opera.exe FirewallRules: [{819340E0-4709-4B64-82F4-D89223B8A6C6}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe FirewallRules: [{0D722415-C356-4E7A-9941-278232AEC200}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe FirewallRules: [{2417B56B-554C-4657-8B50-852585B2E81D}] => (Allow) C:\Program Files (x86)\Dragon Age 2 Demo\bin_ship\DragonAge2Demo.exe FirewallRules: [{6D2EFA79-1591-4229-ADED-3A9BF9ED94D3}] => (Allow) C:\Program Files (x86)\Dragon Age 2 Demo\bin_ship\DragonAge2Demo.exe FirewallRules: [{DA761083-4AE2-4205-8FA1-3D4FC39174E9}] => (Allow) C:\Program Files (x86)\Dragon Age 2 Demo\DragonAge2Launcher.exe FirewallRules: [{6CAA586A-27DE-43D7-8818-75299052AFF2}] => (Allow) C:\Program Files (x86)\Dragon Age 2 Demo\DragonAge2Launcher.exe FirewallRules: [{E1E09099-0C3D-4267-8C27-9AFDC4248662}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe FirewallRules: [{4C2186E3-9B2C-4DFC-9BC5-FAAA86C17D21}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe FirewallRules: [{1B31A976-1337-49BE-8C38-F5FE83BB2441}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe FirewallRules: [{AD0C4460-7E65-48B5-8A3D-096B2DEC0741}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe FirewallRules: [{527ED179-B165-41C6-9F32-FB2A75BEEDDD}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe FirewallRules: [{86CA4E5F-CF1F-4998-B0BD-5838CD69FDA4}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe FirewallRules: [{60A927CB-5486-4AA3-9BF0-6DF4EB2AB853}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\DragonAgeToolset.exe FirewallRules: [{57340D1C-15C1-404D-A584-53AD4B9F19E1}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\DragonAgeToolset.exe FirewallRules: [{6B768E72-FEC5-456A-B142-322071645CBF}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\RPU.exe FirewallRules: [{B73B0F07-E28B-4187-8A52-D984FFF7E134}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\RPU.exe FirewallRules: [{6035805E-318D-4499-A13A-95BEFDF23CA1}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\lightmapper\eclipseRay.exe FirewallRules: [{ADABE4D9-B04B-4D9D-AB65-F804AB21F7DD}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\lightmapper\eclipseRay.exe FirewallRules: [{33BC236E-319D-4F0E-9A41-AF97BD24809C}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\GffEditor.exe FirewallRules: [{CBF1DDE2-F642-4B95-BFFD-1E71B39BAE4F}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\GffEditor.exe FirewallRules: [{63B9C041-4F50-4FAD-B40F-27E4D04D6307}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\ErfEditor.exe FirewallRules: [{E470A057-8BC1-40E5-A350-5DECCC4BFD86}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\ErfEditor.exe FirewallRules: [{2516B809-1052-430A-9339-F87AFE54D08B}] => (Allow) C:\Program Files (x86)\Electronic Arts\Dragon Age™ II\DragonAge2Launcher.exe FirewallRules: [{6E176826-C3CC-47C0-A9CF-4704BCC2BB48}] => (Allow) C:\Program Files (x86)\Electronic Arts\Dragon Age™ II\DragonAge2Launcher.exe FirewallRules: [{F6176C02-071E-4D22-AC74-BCB85B133D11}] => (Allow) C:\Program Files (x86)\Electronic Arts\Dragon Age™ II\bin_ship\DragonAge2.exe FirewallRules: [{4C3FDC35-B0E4-47CB-BFD5-DBD2BCC9CFCA}] => (Allow) C:\Program Files (x86)\Electronic Arts\Dragon Age™ II\bin_ship\DragonAge2.exe FirewallRules: [TCP Query User{4A5854F6-3ED6-4662-94C1-97E82CFC80AE}C:\program files (x86)\dragon age\bin_ship\eacoreserver.exe] => (Allow) C:\program files (x86)\dragon age\bin_ship\eacoreserver.exe FirewallRules: [UDP Query User{98430E31-A9F5-4B51-91B0-58E0A6749F37}C:\program files (x86)\dragon age\bin_ship\eacoreserver.exe] => (Allow) C:\program files (x86)\dragon age\bin_ship\eacoreserver.exe FirewallRules: [TCP Query User{A5395EBD-934F-4171-9AA1-4723F825F4AE}C:\program files (x86)\klebezettel ng\klebez.exe] => (Allow) C:\program files (x86)\klebezettel ng\klebez.exe FirewallRules: [UDP Query User{FC5C4DA2-977A-41A8-9D62-A2B5869D71D9}C:\program files (x86)\klebezettel ng\klebez.exe] => (Allow) C:\program files (x86)\klebezettel ng\klebez.exe FirewallRules: [{9A8F3F19-5FC4-47B3-8E5D-5EA7812C6017}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{00558BB0-4B05-4A54-B748-CE04997E9F86}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{ED4541F1-ABBC-4A96-95FC-289CED792913}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{5E40CCC2-0209-49F7-ABE4-A4A3808140AE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{798D9C81-1195-4969-A713-DD70955D72F4}] => (Allow) C:\Program Files (x86)\dvdvideosofttoolbar\dtUser.exe FirewallRules: [{05AD985E-D1BB-41CE-9963-5C0791F229E7}] => (Allow) C:\Program Files (x86)\dvdvideosofttoolbar\dtUser.exe FirewallRules: [{A879AB2C-C5C2-4D59-9FF7-5967648EA1E4}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Temp\incredibar_install.exe FirewallRules: [{A5DF45FA-D09F-4E16-9F2C-73D415C0D1FA}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Temp\incredibar_install.exe FirewallRules: [{72D07DA2-B07F-48C9-90EC-7A6456035F7C}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [TCP Query User{AC5A31E6-8323-4D80-A083-983AE9CDB577}C:\program files\computerbild-cloud\cgcclient.exe] => (Allow) C:\program files\computerbild-cloud\cgcclient.exe FirewallRules: [UDP Query User{A87DCF95-4398-4F00-9A18-D76C84D411DA}C:\program files\computerbild-cloud\cgcclient.exe] => (Allow) C:\program files\computerbild-cloud\cgcclient.exe FirewallRules: [{06006B24-8237-47FA-A188-F99C685AA0AF}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe FirewallRules: [{00FE4F15-CA1F-48E9-931E-79E65DB176D0}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe FirewallRules: [TCP Query User{9D3694EF-F427-4978-8858-6C5B6A3D1B83}C:\udk\pinball escape\binaries\win32\udk.exe] => (Allow) C:\udk\pinball escape\binaries\win32\udk.exe FirewallRules: [UDP Query User{68F11D0C-61B3-46EA-AD1D-82B67A2391C9}C:\udk\pinball escape\binaries\win32\udk.exe] => (Allow) C:\udk\pinball escape\binaries\win32\udk.exe FirewallRules: [{2005AB84-160A-4B7E-83DD-885B69882EE0}] => (Allow) C:\Windows\SysWOW64\msiexec.exe FirewallRules: [{73AAF6D2-6053-4400-89EF-F5F6D75EF666}] => (Allow) C:\Windows\SysWOW64\msiexec.exe FirewallRules: [{04AE6B38-E291-4322-8402-E39BB7FC5F9E}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe FirewallRules: [{7EA09265-89F4-45F1-92D8-919D84732F54}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe FirewallRules: [TCP Query User{52CD8642-1A2E-419E-821B-E4FC88BA4F77}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe FirewallRules: [UDP Query User{54430A44-DF12-4CE4-9FFA-930A8E3E626F}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe FirewallRules: [{3569EDD6-A1FB-4041-87F7-13792876F91F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe FirewallRules: [{85AF71EA-EFFB-473C-A395-9D87426EFC4B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe FirewallRules: [{A808E69C-DA8F-4374-86E7-7FBCCD60ACC0}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe FirewallRules: [{E8686FB3-78C2-42DA-9E89-3F94004B54A1}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe FirewallRules: [{17D5A69F-F132-4062-BC8B-BB7D994BB297}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFile.exe FirewallRules: [{1D7119B5-CC02-4584-8B5B-6D64E9837DC6}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFile.exe FirewallRules: [{F344C086-4EC5-4D0D-9FC6-3E5734BC8160}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{B4770A83-1936-4D43-BAFF-FF1F1A3E913C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{F95DA01A-2A07-4A75-B54B-ACB4C96FB9D7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{60571C3F-3945-44E5-9D58-BD8CCF89A086}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{25270CAA-6DA7-44CA-8F26-E05F233E0380}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{066518B3-8AB9-4A2D-A7A6-8627454CB7B5}] => (Allow) LPort=2869 FirewallRules: [{36FD6F47-1A42-48C6-B3AB-8FF6E4FE7F8C}] => (Allow) LPort=1900 FirewallRules: [{473E7DD4-8DDC-446E-ACE1-14C3E428CE05}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [TCP Query User{FCE8FB8E-EB31-40A3-B87B-5011C03156EE}C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{DFD22FBD-D151-4B60-813F-20BF14C58419}C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{4801D630-0C4B-400B-82BB-FAF0BC8D2060}C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{8ABDF673-063C-4BB4-9D46-010988E3B6F2}C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{02615D70-3568-442E-BF65-A2E920150BB8}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{B6C2DD51-1F6A-453D-B67F-6775C2BAC6B3}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [{C6F53048-A8A0-4C36-B97F-DEC635656600}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Temp\DSOClient\dlcache\app.n3app FirewallRules: [{99EFFFB2-EE08-4E70-8336-97503517EBDB}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Temp\DSOClient\dlcache\app.n3app FirewallRules: [{96F2E4DA-42AC-44E5-B29F-C85147507A75}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [TCP Query User{C8A97289-2B12-4581-AFBF-720A9483B8F2}C:\program files (x86)\klebezettel ng\klebez.exe] => (Allow) C:\program files (x86)\klebezettel ng\klebez.exe FirewallRules: [UDP Query User{0CEFB062-4B08-45CE-92F5-C869F16B5862}C:\program files (x86)\klebezettel ng\klebez.exe] => (Allow) C:\program files (x86)\klebezettel ng\klebez.exe FirewallRules: [TCP Query User{28BDC226-A1AB-49CA-954F-88DC7ABAFE31}C:\program files (x86)\opera\opera.exe] => (Allow) C:\program files (x86)\opera\opera.exe FirewallRules: [UDP Query User{628C23BB-80C6-4A9B-B350-BE25BCE4CF97}C:\program files (x86)\opera\opera.exe] => (Allow) C:\program files (x86)\opera\opera.exe FirewallRules: [TCP Query User{47EBC918-0B7E-470A-B943-60C7E80BE457}C:\users\spieler.heikeharder-hp\appdata\local\temp\gw2.exe] => (Allow) C:\users\spieler.heikeharder-hp\appdata\local\temp\gw2.exe FirewallRules: [UDP Query User{6EA8BE3E-5C58-47FD-911F-EE6140C85677}C:\users\spieler.heikeharder-hp\appdata\local\temp\gw2.exe] => (Allow) C:\users\spieler.heikeharder-hp\appdata\local\temp\gw2.exe FirewallRules: [TCP Query User{7F92D705-43AD-43F4-91FA-34FF4ADB8745}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe FirewallRules: [UDP Query User{9D2F2A39-3823-4C30-8A7F-DEAF70E1EE09}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe FirewallRules: [TCP Query User{00B0C59A-BD3C-4C80-AE13-8F392C985195}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{1817EB15-3D9B-49DC-9F7C-1997FB3B1A8A}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [{4DB13907-CDF2-41AD-A816-A0BFBE34D886}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{88C692CA-B695-490F-AE2F-D90445EFCEF3}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{3436E184-A084-4462-A05B-DAD4434654D6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{9DC12100-48C6-42A9-8D02-788648976707}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{41B942A5-51CC-4358-B0B1-136AF036DAC6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{55D9CA2D-F919-46D2-B44E-3DCC76BCFA90}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [TCP Query User{D3107EBB-9BFF-4A22-978D-B005BEC5F034}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe] => (Allow) C:\program files (x86)\thq\titan quest immortal throne\tqit.exe FirewallRules: [UDP Query User{204E4B92-FBE4-42A5-9FE6-0EDE38C450F2}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe] => (Allow) C:\program files (x86)\thq\titan quest immortal throne\tqit.exe FirewallRules: [TCP Query User{6895E600-F1D4-4AD0-9D2B-FF0CCD85943E}C:\windows\syswow64\regsvr32.exe] => (Allow) C:\windows\syswow64\regsvr32.exe FirewallRules: [UDP Query User{149CBE0E-3727-4D5F-A243-E6235A04A67F}C:\windows\syswow64\regsvr32.exe] => (Allow) C:\windows\syswow64\regsvr32.exe FirewallRules: [TCP Query User{B534578A-198E-41DA-AA20-A11D8F94470C}C:\users\spieler.heikeharder-hp\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\spieler.heikeharder-hp\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{F2FF6743-8A62-4455-84EC-C632C3D836BA}C:\users\spieler.heikeharder-hp\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\spieler.heikeharder-hp\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{A8E5E449-3344-4F4C-B038-CA92025C037C}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\Desktop\server\minecraft_server.1.8.1.exe FirewallRules: [{74F86F68-4E08-47B2-9FC6-AB70063DF20E}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\Desktop\server\minecraft_server.1.8.1.exe FirewallRules: [{A3963321-530F-4856-97EA-E7DB21C309B7}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\Desktop\server\minecraft_server.1.8.1.exe FirewallRules: [{C9EA4C5F-377E-4A6E-95B5-A4717710E886}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\Desktop\server\minecraft_server.1.8.1.exe FirewallRules: [{BE9562F2-20A3-4402-B24F-6BD193313BC9}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe FirewallRules: [{192E9E1C-6281-430B-83ED-C2DD54C99FE9}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe FirewallRules: [{8C7766C3-05EE-4070-B396-43A435C2816F}] => (Allow) C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe FirewallRules: [{B7B68659-6728-4AF9-8110-56868CDB24B5}] => (Allow) C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe FirewallRules: [{355D6EEF-77C8-4AD1-80BE-8DA96DE9F6A9}] => (Allow) C:\Program Files (x86)\SimpleFiles\downloader.exe FirewallRules: [{B9FD3AE0-8795-4519-BD55-167EE409B04E}] => (Allow) C:\Program Files (x86)\SimpleFiles\downloader.exe ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Realtek PCIe GBE Family Controller Description: Realtek PCIe GBE Family Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: RTL8168 Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39) Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. ==================== Event log errors: ========================= Application errors: ================== Error: (06/11/2015 06:42:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/22D5D8DF8F0231D18DF79DB7CF8A2D64C93F6C3A.crt>. Fehler: 12002 (0x2ee2). Error: (06/11/2015 06:35:41 PM) (Source: Adobe Version Cue CS2) (EventID: 3) (User: ) Description: VersionCueCS2Tray.exe: openVCService - OpenService() failed <1060> Error: (06/11/2015 11:28:07 AM) (Source: Adobe Version Cue CS2) (EventID: 3) (User: ) Description: VersionCueCS2Tray.exe: openVCService - OpenService() failed <1060> Error: (06/11/2015 10:00:51 AM) (Source: Adobe Version Cue CS2) (EventID: 3) (User: ) Description: VersionCueCS2Tray.exe: openVCService - OpenService() failed <1060> Error: (06/11/2015 03:26:09 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_DiagTrack, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8bfa Ausnahmecode: 0xc000000d Fehleroffset: 0x000000000006ec12 ID des fehlerhaften Prozesses: 0x8bc Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_DiagTrack0 Pfad der fehlerhaften Anwendung: svchost.exe_DiagTrack1 Pfad des fehlerhaften Moduls: svchost.exe_DiagTrack2 Berichtskennung: svchost.exe_DiagTrack3 Error: (06/09/2015 08:29:34 PM) (Source: Adobe Version Cue CS2) (EventID: 3) (User: ) Description: VersionCueCS2Tray.exe: openVCService - OpenService() failed <1060> Error: (06/09/2015 08:26:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_DiagTrack, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8bfa Ausnahmecode: 0xc000000d Fehleroffset: 0x000000000006ec12 ID des fehlerhaften Prozesses: 0x8c0 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_DiagTrack0 Pfad der fehlerhaften Anwendung: svchost.exe_DiagTrack1 Pfad des fehlerhaften Moduls: svchost.exe_DiagTrack2 Berichtskennung: svchost.exe_DiagTrack3 Error: (06/09/2015 08:11:25 PM) (Source: Adobe Version Cue CS2) (EventID: 3) (User: ) Description: VersionCueCS2Tray.exe: openVCService - OpenService() failed <1060> Error: (06/09/2015 07:43:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddWin32ServiceFiles: Unable to back up image of service IHProtect Service since QueryServiceConfig API failed System Error: Das System kann die angegebene Datei nicht finden. . Error: (06/09/2015 07:43:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddWin32ServiceFiles: Unable to back up image of service WindowsMangerProtect Service since QueryServiceConfig API failed System Error: Das System kann die angegebene Datei nicht finden. . System errors: ============= Error: (06/11/2015 07:14:31 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (06/11/2015 06:37:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (06/11/2015 06:37:42 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (06/11/2015 06:35:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: amdkmafd Error: (06/11/2015 06:34:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Term Tutor Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (06/11/2015 06:30:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Device Cut" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/11/2015 05:48:04 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (06/11/2015 04:51:05 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (06/11/2015 03:20:44 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (06/11/2015 11:35:52 AM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Microsoft Office: ========================= Error: (06/11/2015 06:42:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/22D5D8DF8F0231D18DF79DB7CF8A2D64C93F6C3A.crt12002 (0x2ee2) Error: (06/11/2015 06:35:41 PM) (Source: Adobe Version Cue CS2) (EventID: 3) (User: ) Description: VersionCueCS2Tray.exeopenVCService - OpenService() failed <1060> Error: (06/11/2015 11:28:07 AM) (Source: Adobe Version Cue CS2) (EventID: 3) (User: ) Description: VersionCueCS2Tray.exeopenVCService - OpenService() failed <1060> Error: (06/11/2015 10:00:51 AM) (Source: Adobe Version Cue CS2) (EventID: 3) (User: ) Description: VersionCueCS2Tray.exeopenVCService - OpenService() failed <1060> Error: (06/11/2015 03:26:09 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe_DiagTrack6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18839553e8bfac000000d000000000006ec128bc01d0a2e232e21575C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dlld64e65a6-0fd8-11e5-b084-aa380dcd1862 Error: (06/09/2015 08:29:34 PM) (Source: Adobe Version Cue CS2) (EventID: 3) (User: ) Description: VersionCueCS2Tray.exeopenVCService - OpenService() failed <1060> Error: (06/09/2015 08:26:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe_DiagTrack6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18839553e8bfac000000d000000000006ec128c001d0a2df34a54592C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll0d3e19b8-0ed5-11e5-963d-9f2cad33ad7d Error: (06/09/2015 08:11:25 PM) (Source: Adobe Version Cue CS2) (EventID: 3) (User: ) Description: VersionCueCS2Tray.exeopenVCService - OpenService() failed <1060> Error: (06/09/2015 07:43:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddWin32ServiceFiles: Unable to back up image of service IHProtect Service since QueryServiceConfig API failed System Error: Das System kann die angegebene Datei nicht finden. Error: (06/09/2015 07:43:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddWin32ServiceFiles: Unable to back up image of service WindowsMangerProtect Service since QueryServiceConfig API failed System Error: Das System kann die angegebene Datei nicht finden. CodeIntegrity Errors: =================================== Date: 2014-05-02 13:07:32.885 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-05-02 13:07:32.634 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz Percentage of memory in use: 52% Total physical RAM: 8055.08 MB Available physical RAM: 3852.27 MB Total Pagefile: 16108.36 MB Available Pagefile: 10244.22 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:1383.24 GB) (Free:827.91 GB) NTFS Drive d: (HP_RECOVERY) (Fixed) (Total:13.92 GB) (Free:1.72 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1397.3 GB) (Disk ID: B3DBC71D) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1383.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=13.9 GB) - (Type=07 NTFS) ==================== End of log ============================ Bitte ^^ |
12.06.2015, 17:00 | #4 |
/// the machine /// TB-Ausbilder | Nervige Popups, Videos so wie ständiges selbst Installieren von Anyprotect und Mystartserac Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
12.06.2015, 17:44 | #5 |
| Nervige Popups, Videos so wie ständiges selbst Installieren von Anyprotect und MystartseracCode:
ATTFilter ComboFix 15-06-09.01 - Spieler 12.06.2015 18:26:27.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8055.5418 [GMT 2:00] ausgeführt von:: c:\users\Spieler.HeikeHarder-HP\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\program files (x86)\JMHL Loader c:\programdata\674D61C93E.sys c:\users\Heike Harder\AppData\Local\nsjD2F4.tmp c:\users\Heike Harder\AppData\Local\nsmA09A.tmp c:\users\Heike Harder\AppData\Roaming\AnyProtectEx c:\users\Heike Harder\AppData\Roaming\AnyProtectEx\installer\ab.test.json c:\users\Heike Harder\AppData\Roaming\AnyProtectEx\installer\tempfile.t c:\users\Heike Harder\AppData\Roaming\AnyProtectEx\language\de.xml c:\users\Heike Harder\AppData\Roaming\AnyProtectEx\language\en.xml c:\users\Heike Harder\AppData\Roaming\AnyProtectEx\language\fr.xml c:\users\Heike Harder\AppData\Roaming\AnyProtectEx\scan_results\aps.scan.quick.results c:\users\Heike Harder\AppData\Roaming\AnyProtectEx\scan_results\aps.scan.results c:\users\Heike Harder\AppData\Roaming\AnyProtectEx\swf\mov01.swf c:\users\Heike Harder\AppData\Roaming\Origin c:\users\Heike Harder\AppData\Roaming\Origin\Cloud Saves\blacklist c:\users\Heike Harder\AppData\Roaming\Origin\local.xml c:\users\Heike Harder\Documents\DPE.DUS c:\users\Heike Harder\videos\IS_AP_STA_7x_D-1.3.2.0_VA-3.1.5.0_RU-2.1.9.0_VA-2.2.4.0_AU-2.0.9.0_VA-2.0.9.0_111108_1.0.6.0_Free.exe c:\users\Heike Harder\videos\SoftonicDownloader_fuer_hypercam.exe c:\users\Heike Harder\videos\TerraTec_G5_Grabster_AV_450_MX_Drv_Setup_6.270.13.00_XP_Vista_7.exe c:\users\Heike Harder\videos\ZD1211_drv200127.exe c:\users\Spieler.HeikeHarder-HP\AppData\Local\nscD0EB.tmp c:\users\Spieler.HeikeHarder-HP\AppData\Local\nsjE85C.tmp c:\users\Spieler.HeikeHarder-HP\AppData\Local\nsnC6FC.tmp c:\windows\IsUn0407.exe c:\windows\msdownld.tmp . . ((((((((((((((((((((((( Dateien erstellt von 2015-05-12 bis 2015-06-12 )))))))))))))))))))))))))))))) . . 2015-06-12 16:34 . 2015-06-12 16:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2015-06-12 16:21 . 2015-06-12 16:21 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8CDB2EF-F398-4F23-862E-309A911A7510}\offreg.3604.dll 2015-06-12 09:38 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8CDB2EF-F398-4F23-862E-309A911A7510}\mpengine.dll 2015-06-10 18:57 . 2015-06-11 17:21 -------- d-----w- c:\programdata\MailUpdate 2015-06-10 18:57 . 2015-06-10 18:57 -------- d-----w- c:\users\Spieler.HeikeHarder-HP\AppData\Roaming\MailUpdate 2015-06-10 09:28 . 2015-05-25 17:08 3206144 ----a-w- c:\windows\system32\win32k.sys 2015-06-10 09:23 . 2015-05-25 18:19 424960 ----a-w- c:\windows\system32\KernelBase.dll 2015-06-09 19:01 . 2015-06-09 19:01 0 ----a-w- c:\windows\prleth.sys 2015-06-09 19:01 . 2015-06-09 19:01 0 ----a-w- c:\windows\hgfs.sys 2015-06-09 10:19 . 2015-06-09 10:19 -------- d-----w- c:\users\Heike Harder\AppData\Local\Steam 2015-06-09 08:41 . 2015-06-09 08:41 -------- d-----w- c:\windows\SysWow64\Flash 2015-06-09 08:04 . 2015-06-12 16:16 -------- d-----w- c:\users\Spieler.HeikeHarder-HP\AppData\Local\22CAFA80-1433844267-1016-BFEA-A7801F358095 2015-06-09 08:01 . 2015-06-12 15:26 -------- d-----w- c:\users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095 2015-06-09 08:01 . 2015-05-31 08:37 61336 ----a-w- c:\windows\system32\drivers\cherimoya.sys 2015-06-09 08:01 . 2015-06-09 08:01 -------- d-----w- c:\program files\shopperz 2015-06-05 12:23 . 2015-05-22 18:18 1021440 ----a-w- c:\windows\system32\appraiser.dll 2015-06-05 12:23 . 2015-05-22 18:18 700416 ----a-w- c:\windows\system32\generaltel.dll 2015-06-05 12:23 . 2015-05-22 18:18 757248 ----a-w- c:\windows\system32\invagent.dll 2015-06-05 12:23 . 2015-05-22 18:18 423424 ----a-w- c:\windows\system32\devinv.dll 2015-06-05 12:23 . 2015-05-22 18:18 45568 ----a-w- c:\windows\system32\acmigration.dll 2015-06-05 12:23 . 2015-05-22 18:18 227328 ----a-w- c:\windows\system32\aepdu.dll 2015-06-05 12:23 . 2015-05-22 18:13 1119232 ----a-w- c:\windows\system32\aeinv.dll 2015-06-05 12:23 . 2015-05-21 13:19 193536 ----a-w- c:\windows\system32\aepic.dll 2015-05-14 01:37 . 2015-05-14 01:37 0 ----a-w- c:\windows\SysWow64\shoB6AC.tmp 2015-05-14 01:04 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-14 01:04 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-06-11 01:02 . 2011-01-31 17:17 140135120 ----a-w- c:\windows\system32\MRT.exe 2015-05-25 18:01 . 2015-06-10 09:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2015-05-23 10:17 . 2012-04-12 11:23 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-05-23 10:17 . 2011-05-23 08:55 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-04-20 03:17 . 2015-05-13 08:44 1179136 ----a-w- c:\windows\system32\FntCache.dll 2015-04-20 03:17 . 2015-05-13 08:44 1647104 ----a-w- c:\windows\system32\DWrite.dll 2015-04-20 02:56 . 2015-05-13 08:44 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll 2015-04-18 03:10 . 2015-05-13 08:45 460800 ----a-w- c:\windows\system32\certcli.dll 2015-04-18 02:56 . 2015-05-13 08:45 342016 ----a-w- c:\windows\SysWow64\certcli.dll 2015-04-13 03:28 . 2015-05-13 08:44 328704 ----a-w- c:\windows\system32\services.exe 2015-04-08 03:29 . 2015-05-13 08:44 275456 ----a-w- c:\windows\system32\InkEd.dll 2015-04-08 03:29 . 2015-05-13 08:44 24576 ----a-w- c:\windows\system32\jnwmon.dll 2015-04-08 03:14 . 2015-05-13 08:44 216064 ----a-w- c:\windows\SysWow64\InkEd.dll 2015-03-30 13:25 . 2014-06-24 17:57 33856 ---ha-w- c:\windows\system32\hamachi.sys 2015-03-25 03:24 . 2015-04-16 19:32 98304 ----a-w- c:\windows\system32\wudriver.dll 2015-03-25 03:24 . 2015-04-16 19:32 37376 ----a-w- c:\windows\system32\wups2.dll 2015-03-25 03:24 . 2015-04-16 19:32 35328 ----a-w- c:\windows\system32\wups.dll 2015-03-25 03:24 . 2015-04-16 19:32 3298816 ----a-w- c:\windows\system32\wucltux.dll 2015-03-25 03:24 . 2015-04-16 19:32 2553856 ----a-w- c:\windows\system32\wuaueng.dll 2015-03-25 03:24 . 2015-04-16 19:32 191488 ----a-w- c:\windows\system32\wuwebv.dll 2015-03-25 03:24 . 2015-04-16 19:32 696320 ----a-w- c:\windows\system32\wuapi.dll 2015-03-25 03:24 . 2015-04-16 19:32 60416 ----a-w- c:\windows\system32\WinSetupUI.dll 2015-03-25 03:23 . 2015-04-16 19:32 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll 2015-03-25 03:23 . 2015-04-16 19:32 36864 ----a-w- c:\windows\system32\wuapp.exe 2015-03-25 03:23 . 2015-04-16 19:32 135168 ----a-w- c:\windows\system32\wuauclt.exe 2015-03-25 03:00 . 2015-04-16 19:32 92672 ----a-w- c:\windows\SysWow64\wudriver.dll 2015-03-25 03:00 . 2015-04-16 19:32 566784 ----a-w- c:\windows\SysWow64\wuapi.dll 2015-03-25 03:00 . 2015-04-16 19:32 29696 ----a-w- c:\windows\SysWow64\wups.dll 2015-03-25 03:00 . 2015-04-16 19:32 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll 2015-03-25 03:00 . 2015-04-16 19:32 33792 ----a-w- c:\windows\SysWow64\wuapp.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{d0174004-bb12-464b-b666-9ba9bdbd750a}] 2015-06-07 09:47 176488 ----a-w- c:\program files\shopperz\Gaalmi.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}] 2015-01-13 16:44 297128 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-02-05 20:46 220632 ----a-w- c:\users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-02-05 20:46 220632 ----a-w- c:\users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-02-05 20:46 220632 ----a-w- c:\users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] "Akamai NetSession Interface"="c:\users\Spieler.HeikeHarder-HP\AppData\Local\Akamai\netsession_win.exe" [2014-10-29 4673432] "vm6"="c:\users\Spieler.HeikeHarder-HP\AppData\Roaming\M6 Processing\vm6.exe" [2014-03-19 175424] "Amazon Music"="c:\users\Spieler.HeikeHarder-HP\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-12-08 6277952] "DriverMax"="c:\program files (x86)\Innovative Solutions\DriverMax\drivermax.exe" [2015-03-17 8833400] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152] "Adobe Version Cue CS2"="c:\users\Heike Harder\Documents\Downloads\Creative Suite 2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-06 856064] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2015-03-30 3978600] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . c:\users\Spieler.HeikeHarder-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CurseClientStartup.ccip [2013-3-18 0] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\ Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe /Startup [2009-4-29 1787224] Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableSecureUIAPath"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "c:\programdata\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "DATAMNGR"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE . R0 amdkmafd;AMD Audio Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmafd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmafd.sys [x] R1 toqvakfe;toqvakfe;c:\windows\system32\drivers\toqvakfe.sys;c:\windows\SYSNATIVE\drivers\toqvakfe.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 DokanMounter;DokanMounter;c:\program files\COMPUTERBILD-Cloud\Data\Tools\mounter.exe;c:\program files\COMPUTERBILD-Cloud\Data\Tools\mounter.exe [x] R2 kysykiti;Template Flatbed Scanner;c:\users\Spieler.HeikeHarder-HP\AppData\Local\22CAFA80-1433844267-1016-BFEA-A7801F358095\snss5210.tmp;c:\users\Spieler.HeikeHarder-HP\AppData\Local\22CAFA80-1433844267-1016-BFEA-A7801F358095\snss5210.tmp [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 ttsvc;Term Tutor Client Service;c:\program files (x86)\TermTutor\Service\ttsvc.exe;c:\program files (x86)\TermTutor\Service\ttsvc.exe [x] R2 zedepory;Subscription Clear;c:\users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095\hnsbDB0C.tmp;c:\users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095\hnsbDB0C.tmp [x] R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys;c:\windows\SYSNATIVE\DRIVERS\athrxusb.sys [x] R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x] R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x] R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x] R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x] R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys;c:\windows\SYSNATIVE\DRIVERS\connctfy.sys [x] R3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys;c:\windows\SYSNATIVE\DRIVERS\connctfy.sys [x] R3 cpuz134;cpuz134;c:\users\SPIELE~1.HEI\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\SPIELE~1.HEI\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x] R3 GrabsterSeries.X64;GRABSTER SERIES, Service X64;c:\windows\system32\DRIVERS\GrabsterSeries.X64.SYS;c:\windows\SYSNATIVE\DRIVERS\GrabsterSeries.X64.SYS [x] R3 hid7906;hid7906;c:\windows\system32\drivers\hid7906.sys;c:\windows\SYSNATIVE\drivers\hid7906.sys [x] R3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.sys;c:\windows\SYSNATIVE\drivers\hid8101.sys [x] R3 hid8103;hid8103;c:\windows\system32\drivers\hid8103.sys;c:\windows\SYSNATIVE\drivers\hid8103.sys [x] R3 iComp;TerraTec G5 service;c:\windows\system32\DRIVERS\p2usbhum.sys;c:\windows\SYSNATIVE\DRIVERS\p2usbhum.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x] R3 netr7364;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x] R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] R3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x] R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192cu.sys [x] R3 Soda PDF 2012 Helper Service;Soda PDF 2012 Helper Service;c:\program files (x86)\Soda PDF 2012\HelperService.exe;c:\program files (x86)\Soda PDF 2012\HelperService.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 ZDPSp50a64;ZDPSp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\ZDPSp50a64.sys;c:\windows\SYSNATIVE\Drivers\ZDPSp50a64.sys [x] R4 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x] R4 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [x] R4 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x] R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x] R4 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x] S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF64.sys;c:\windows\SYSNATIVE\DRIVERS\MxEFUF64.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] S1 cherimoya;cherimoya;c:\windows\system32\drivers\cherimoya.sys;c:\windows\SYSNATIVE\drivers\cherimoya.sys [x] S1 ttnfd;ttnfd;c:\windows\system32\drivers\ttnfd.sys;c:\windows\SYSNATIVE\drivers\ttnfd.sys [x] S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [x] S2 csrcc;csrcc;c:\program files\shopperz\csrcc.exe;c:\program files\shopperz\csrcc.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 d54b8bbd-6b74-4d90-b801-8120aa8b2438;d54b8bbd-6b74-4d90-b801-8120aa8b2438;c:\program files\shopperz\Jmahzov.exe;c:\program files\shopperz\Jmahzov.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys;c:\windows\SYSNATIVE\drivers\dokan.sys [x] S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x] S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x] S2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [x] S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 shopperz Updater;shopperz Updater;c:\program files\shopperz\Jvpmajlij.exe;c:\program files\shopperz\Jvpmajlij.exe [x] S2 Soda PDF 2012 Service;Soda PDF 2012 Service;c:\program files (x86)\Soda PDF 2012\ConversionService.exe;c:\program files (x86)\Soda PDF 2012\ConversionService.exe [x] S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . Inhalt des "geplante Tasks" Ordners . 2015-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 10:17] . 2015-06-12 c:\windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job - c:\program files (x86)\Innovative Solutions\DriverMax\innostp.exe [2015-02-19 06:31] . 2015-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-27 23:49] . 2015-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-27 23:49] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d0174004-bb12-464b-b666-9ba9bdbd750a}] 2015-06-07 09:47 215400 ----a-w- c:\program files\shopperz\Gaalmi64.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}] 2014-11-20 13:53 357376 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-02-05 20:46 244696 ----a-w- c:\users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-02-05 20:46 244696 ----a-w- c:\users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-02-05 20:46 244696 ----a-w- c:\users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CloudIcon_DOWNLOAD] @="{C3DBFBE2-A521-4619-9F32-502318CB4EC2}" [HKEY_CLASSES_ROOT\CLSID\{C3DBFBE2-A521-4619-9F32-502318CB4EC2}] 2012-04-25 06:29 110128 ----a-w- c:\program files\COMPUTERBILD-Cloud\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CloudIcon_ERROR] @="{851C758E-C636-4045-B323-059931A3A331}" [HKEY_CLASSES_ROOT\CLSID\{851C758E-C636-4045-B323-059931A3A331}] 2012-04-25 06:29 110128 ----a-w- c:\program files\COMPUTERBILD-Cloud\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CloudIcon_INSYNC] @="{580030D3-492E-45EA-A1C9-A0AC525BEB26}" [HKEY_CLASSES_ROOT\CLSID\{580030D3-492E-45EA-A1C9-A0AC525BEB26}] 2012-04-25 06:29 110128 ----a-w- c:\program files\COMPUTERBILD-Cloud\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CloudIcon_REFRESH] @="{FEBF62C8-B6B3-43B7-BEC4-1A9CD61BDCD2}" [HKEY_CLASSES_ROOT\CLSID\{FEBF62C8-B6B3-43B7-BEC4-1A9CD61BDCD2}] 2012-04-25 06:29 110128 ----a-w- c:\program files\COMPUTERBILD-Cloud\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CloudIcon_UPLOAD] @="{EBED3602-8915-43F9-81F7-CAA6FC4F70D6}" [HKEY_CLASSES_ROOT\CLSID\{EBED3602-8915-43F9-81F7-CAA6FC4F70D6}] 2012-04-25 06:29 110128 ----a-w- c:\program files\COMPUTERBILD-Cloud\ShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-04-24 12480616] "shopperz"="c:\program files\shopperz\Huyde.exe" [2015-06-07 434024] "shopperz64"="c:\program files\shopperz\Huyde64.exe" [2015-06-07 464744] . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.mystartsearch.com/?type=hp&ts=1434042341&z=a2045063ac6b84ba15460eagbz9cbz5e1z2oecezaw&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612 uLocal Page = c:\windows\system32\blank.htm mDefault_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1434042341&z=a2045063ac6b84ba15460eagbz9cbz5e1z2oecezaw&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&q={searchTerms} mDefault_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1434042341&z=a2045063ac6b84ba15460eagbz9cbz5e1z2oecezaw&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612 mStart Page = hxxp://www.mystartsearch.com/?type=hp&ts=1434042341&z=a2045063ac6b84ba15460eagbz9cbz5e1z2oecezaw&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612 mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1434042341&z=a2045063ac6b84ba15460eagbz9cbz5e1z2oecezaw&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612&q={searchTerms} uInternet Settings,ProxyOverride = <local> mSearchAssistant = IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm IE: Free YouTube to DVD Converter - c:\users\Spieler.HeikeHarder-HP\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm IE: Mit PDF Viewer Plus öffnen - c:\program files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000 IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll Trusted Zone: aeriagames.com . - - - - Entfernte verwaiste Registrierungseinträge - - - - . BHO-{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} - (no file) Toolbar-10 - (no file) Toolbar-!!{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) Toolbar-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file) Wow6432Node-HKCU-Run-Klebezettel NG - (no file) Wow6432Node-HKCU-Run-DriverMax_RESTART - (no file) Wow6432Node-HKLM-Run-Aeria Ignite - c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe Wow6432Node-HKLM-Run-ConvertAd - c:\users\Spieler.HeikeHarder-HP\AppData\Local\ConvertAd\ConvertAd.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-10 - (no file) AddRemove-DVDVideoSoftTB Toolbar - c:\program files (x86)\DVDVideoSoftTB\uninstall.exe AddRemove-dvdvideosofttoolbar - c:\program files (x86)\dvdvideosofttoolbar\uninstall.exe AddRemove-Free 3GP Video Converter_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe AddRemove-Free Audio CD to MP3 Converter_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe AddRemove-Free YouTube Download 3_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe AddRemove-Free YouTube to DVD Converter_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe AddRemove-GameWiz32 - c:\windows\system32\GKSUI18.EXE AddRemove-Harvard Publisher 6.0 - c:\windows\IsUn0407.exe AddRemove-Harvard Publisher 6.0 Inhalts-CD-ROM - c:\windows\IsUn0407.exe AddRemove-Steam App 20900 - c:\program files (x86)\Steam\steam.exe AddRemove-Steam App 213670 - c:\program files (x86)\Steam\steam.exe AddRemove-Vindictus - c:\programdata\NexonUS\NGM\NGM.exe AddRemove-Winload Toolbar - c:\program files (x86)\Winload\uninstall.exe AddRemove-{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8} - c:\program files (x86)\InstallShield Installation Information\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\kysykiti] "ImagePath"="c:\users\Spieler.HeikeHarder-HP\AppData\Local\22CAFA80-1433844267-1016-BFEA-A7801F358095\snss5210.tmp" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\zedepory] "ImagePath"="c:\users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095\hnsbDB0C.tmp" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:b3,87,5c,3e,34,26,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2015-06-12 18:36:56 ComboFix-quarantined-files.txt 2015-06-12 16:36 . Vor Suchlauf: 26 Verzeichnis(se), 888.405.172.224 Bytes frei Nach Suchlauf: 33 Verzeichnis(se), 888.040.611.840 Bytes frei . - - End Of File - - FB6712E8FC1C02F245C3DFE9CBF96742 |
13.06.2015, 13:47 | #6 |
/// the machine /// TB-Ausbilder | Nervige Popups, Videos so wie ständiges selbst Installieren von Anyprotect und Mystartserac Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Nervige Popups, Videos so wie ständiges selbst Installieren von Anyprotect und Mystartserac |
13.06.2015, 17:12 | #7 |
| Nervige Popups, Videos so wie ständiges selbst Installieren von Anyprotect und MystartseracCode:
ATTFilter # AdwCleaner v4.206 - Bericht erstellt 13/06/2015 um 17:52:48 # Aktualisiert 01/06/2015 von Xplode # Datenbank : 2015-06-09.1 [Server] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64) # Benutzername : Spieler - HEIKEHARDER-HP # Gestarted von : C:\Users\Spieler.HeikeHarder-HP\Downloads\AdwCleaner_4.206.exe # Option : Löschen ***** [ Dienste ] ***** [#] Dienst Gelöscht : cherimoya [#] Dienst Gelöscht : csrcc [#] Dienst Gelöscht : shopperz Updater [#] Dienst Gelöscht : TTNFD [#] Dienst Gelöscht : ttsvc [#] Dienst Gelöscht : d54b8bbd-6b74-4d90-b801-8120aa8b2438 ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\MailUpdate Ordner Gelöscht : C:\ProgramData\Innovative Solutions Ordner Gelöscht : C:\ProgramData\70e7a22bf8ff262c Ordner Gelöscht : C:\Users\Public\Documents\iWin Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\SimpleFiles Ordner Gelöscht : C:\Program Files (x86)\DownloadManager Ordner Gelöscht : C:\Program Files (x86)\Innovative Solutions Ordner Gelöscht : C:\Program Files\TermTutor Ordner Gelöscht : C:\Program Files\shopperz Datei Gelöscht : C:\Windows\Reimage.ini Datei Gelöscht : C:\Windows\System32\drivers\cherimoya.sys Datei Gelöscht : C:\Windows\System32\drivers\ttnfd.sys ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 30.lnk Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher Enhanced Edition\The Witcher.lnk Verknüpfung Desinfiziert : C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Verknüpfung Desinfiziert : C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Verknüpfung Desinfiziert : C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Verknüpfung Desinfiziert : C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera 30.lnk ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{733413F4-5FB9-4EE9-8536-BF7AB1731A19} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43} Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} Schlüssel Gelöscht : HKCU\Software\APN PIP Schlüssel Gelöscht : HKCU\Software\simplytech Schlüssel Gelöscht : HKCU\Software\Reimage Schlüssel Gelöscht : HKCU\Software\LookThisUp Schlüssel Gelöscht : HKCU\Software\gameo Schlüssel Gelöscht : HKCU\Software\WajIEnhance Schlüssel Gelöscht : HKCU\Software\WajIntEnhance Schlüssel Gelöscht : HKLM\SOFTWARE\TermTutor Schlüssel Gelöscht : HKLM\SOFTWARE\shopperz Schlüssel Gelöscht : HKLM\SOFTWARE\Taronja Schlüssel Gelöscht : HKLM\SOFTWARE\WajIntEnhance Schlüssel Gelöscht : HKLM\SOFTWARE\SpeedBit Schlüssel Gelöscht : HKLM\SOFTWARE\searchult Schlüssel Gelöscht : HKU\.DEFAULT\Software\AskPartnerNetwork Schlüssel Gelöscht : HKU\.DEFAULT\Software\AVG Secure Search Schlüssel Gelöscht : HKU\.DEFAULT\Software\Blabbers Schlüssel Gelöscht : HKU\.DEFAULT\Software\Blabbers Schlüssel Gelöscht : HKU\.DEFAULT\Software\Funmoods Schlüssel Gelöscht : HKU\.DEFAULT\Software\IBUpdaterService Schlüssel Gelöscht : HKU\.DEFAULT\Software\incredibar.com Schlüssel Gelöscht : HKU\.DEFAULT\Software\Softonic Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Reimage Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\shopperz Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LookThisUp Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:60245;hxxps=127.0.0.1:60245 Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1 Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback> Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local> ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17840 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] -\\ Mozilla Firefox v -\\ Chromium v -\\ Opera v30.0.1835.59 ************************* AdwCleaner[R0].txt - [12555 Bytes] - [13/06/2015 17:29:29] AdwCleaner[S0].txt - [9562 Bytes] - [13/06/2015 17:52:48] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9621 Bytes] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.9.4 (06.13.2015:2) OS: Windows 7 Home Premium x64 Ran by Spieler on 13.06.2015 at 18:04:03,47 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks Successfully deleted: [Task] C:\Windows\system32\tasks\Papuir ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{a8c9d542-fd91-4834-a2e8-adb9ae692b8b} Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{a8c9d542-fd91-4834-a2e8-adb9ae692b8b} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{d0174004-bb12-464b-b666-9ba9bdbd750a} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{ebe8b562-cba0-40d8-b920-af7cfe0c9d94} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d0174004-bb12-464b-b666-9ba9bdbd750a} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ebe8b562-cba0-40d8-b920-af7cfe0c9d94} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{d0174004-bb12-464b-b666-9ba9bdbd750a} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{ebe8b562-cba0-40d8-b920-af7cfe0c9d94} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update SmarterPower Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util SmarterPower ~~~ Files ~~~ Folders Successfully deleted: [Folder] C:\ProgramData\esellerate Successfully deleted: [Folder] C:\Users\Spieler.HeikeHarder-HP\appdata\local\innovative solutions Successfully deleted: [Folder] C:\Users\Spieler.HeikeHarder-HP\appdata\locallow\company Successfully deleted: [Folder] C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\innovative solutions Successfully deleted: [Folder] C:\Users\Spieler.HeikeHarder-HP\appdata\locallow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} [Adware.JS] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 13.06.2015 at 18:05:50,49 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015 Ran by Spieler (administrator) on HEIKEHARDER-HP on 13-06-2015 18:07:49 Running from C:\Users\Spieler.HeikeHarder-HP\Downloads Loaded Profiles: Spieler (Available Profiles: Heike Harder & Spieler & UpdatusUser & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE () C:\Users\Spieler.HeikeHarder-HP\AppData\Local\22CAFA80-1433844267-1016-BFEA-A7801F358095\snss5210.tmp (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE () C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095\hnsbDB0C.tmp (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\alg.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-24] (Realtek Semiconductor) HKLM\...\Run: [shopperz] => C:\Program Files\shopperz\Huyde.exe HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\Huyde64.exe HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Version Cue CS2] => c:\Users\Heike Harder\Documents\Downloads\Creative Suite 2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-12-08] (Apple Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Run: [Akamai NetSession Interface] => C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.) HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Run: [vm6] => C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\M6 Processing\vm6.exe [175424 2014-03-19] () HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Run: [Amazon Music] => C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] () HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Run: [DriverMax] => "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -agent Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013-02-01] ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011-02-11] () Startup: C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2013-03-18] () Startup: C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2013-03-18] () ShellIconOverlayIdentifiers: [CloudIcon_DOWNLOAD] -> {C3DBFBE2-A521-4619-9F32-502318CB4EC2} => C:\Program Files\COMPUTERBILD-Cloud\ShellExt64.dll [2012-04-25] (CyberGhost SRL) ShellIconOverlayIdentifiers: [CloudIcon_ERROR] -> {851C758E-C636-4045-B323-059931A3A331} => C:\Program Files\COMPUTERBILD-Cloud\ShellExt64.dll [2012-04-25] (CyberGhost SRL) ShellIconOverlayIdentifiers: [CloudIcon_INSYNC] -> {580030D3-492E-45EA-A1C9-A0AC525BEB26} => C:\Program Files\COMPUTERBILD-Cloud\ShellExt64.dll [2012-04-25] (CyberGhost SRL) ShellIconOverlayIdentifiers: [CloudIcon_REFRESH] -> {FEBF62C8-B6B3-43B7-BEC4-1A9CD61BDCD2} => C:\Program Files\COMPUTERBILD-Cloud\ShellExt64.dll [2012-04-25] (CyberGhost SRL) ShellIconOverlayIdentifiers: [CloudIcon_UPLOAD] -> {EBED3602-8915-43F9-81F7-CAA6FC4F70D6} => C:\Program Files\COMPUTERBILD-Cloud\ShellExt64.dll [2012-04-25] (CyberGhost SRL) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled ProxyServer: [.DEFAULT] => http=127.0.0.1:60245;https=127.0.0.1:60245 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007 -> Backup.Old.DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-30] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) BHO: shopperz -> {d0174004-bb12-464b-b666-9ba9bdbd750a} -> C:\Program Files\shopperz\Gaalmi64.dll No File BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-30] (Oracle Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-05-11] (RealPlayer) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) Toolbar: HKLM-x32 - No Name - !!{D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.) Toolbar: HKU\.DEFAULT -> No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File Toolbar: HKU\.DEFAULT -> No Name - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File Toolbar: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-23] () FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-30] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-30] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-23] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-11-14] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @real.com/nppl3260;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2012-05-11] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll [2012-05-11] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-05-11] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-05-11] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2012-05-11] (RealPlayer) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2355925718-3238339638-3018866954-1007: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Spieler.HeikeHarder-HP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-08-20] (Unity Technologies ApS) FF user.js: detected! => C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\user.js [2015-06-09] FF Extension: WEB.DE MailCheck - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\Extensions\toolbar@web.de.xpi [2014-01-25] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-01-25] FF HKLM\...\Firefox\Extensions: [{d0174004-bb12-464b-b666-9ba9bdbd750a}] - C:\Program Files\shopperz\Firefox FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-05-11] FF HKLM-x32\...\Firefox\Extensions: [{d0174004-bb12-464b-b666-9ba9bdbd750a}] - C:\Program Files\shopperz\Firefox FF Extension: No Name - C:\Program Files (x86)\Better-Surf\ff [not found] FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [not found] FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-08] FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha718\ff [not found] FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1479\ff [not found] FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3700\ff [not found] FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha9390\ff [not found] FF Extension: No Name - C:\Program Files (x86)\SuperLyrics\FF [not found] FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta541\ff [not found] FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha701\ff [not found] FF Extension: No Name - C:\Program Files\Video downloader\Firefox [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\4433da5b-eb52-495d-8865-b2a7468567f6@927544a3-fdfb-4485-a78b-21e1113eee35.com [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\crossriderapp2258@crossrider.com [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\e46480cf-7cf6-495e-af69-573053f52c72@b33ab36d-5952-49aa-adb2-a41b3dbe51a5.com [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\ffxtlbr@babylon.com [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\ffxtlbr@funmoods.com [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\lightningnewtab@gmail.com.xpi [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\{17372c46-39f1-4c28-8f8c-b25d9b57d042} [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [not found] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found] Opera: ======= OPR Extension: (DVDVideoSoft) - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Opera Software\Opera Stable\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-05-02] StartMenuInternet: (HKLM) Opera - C:\Program Files (x86)\Opera\Opera.exe hxxp://www.mystartsearch.com/?type=sc&ts=1433839150&z=896e5b047982f8f49d7236eg2z9c6cdb1c8t6g7w3o&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612 ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 ABBYY.Licensing.FineReader.Professional.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [814344 2009-12-22] (ABBYY) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-01] (Adobe Systems) [File not signed] S4 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] () R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG) S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed] S2 DokanMounter; C:\Program Files\COMPUTERBILD-Cloud\Data\Tools\mounter.exe [14848 2012-02-15] () [File not signed] S4 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-01-27] (Macrovision Europe Ltd.) [File not signed] S4 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [681528 2010-08-06] (Hewlett-Packard) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 kysykiti; C:\Users\Spieler.HeikeHarder-HP\AppData\Local\22CAFA80-1433844267-1016-BFEA-A7801F358095\snss5210.tmp [147456 2015-06-09] () [File not signed] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S2 MSSQL$BWDATOOLSET; C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-09] (Electronic Arts) S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc) S2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.) S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2010-08-19] () S3 Soda PDF 2012 Helper Service; C:\Program Files (x86)\Soda PDF 2012\HelperService.exe [827224 2012-01-27] (LULU Software) S2 Soda PDF 2012 Service; C:\Program Files (x86)\Soda PDF 2012\ConversionService.exe [905560 2012-01-27] (LULU Software) S2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 zedepory; C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095\hnsbDB0C.tmp [166912 2015-06-09] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21600 2013-03-14] (Advanced Micro Devices, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [558592 2007-05-16] (Atheros Communications, Inc.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-03-19] (AVG Technologies) R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2012-02-15] (Windows (R) Win 7 DDK provider) S3 GrabsterSeries.X64; C:\Windows\System32\DRIVERS\GrabsterSeries.X64.SYS [377152 2010-01-22] () S3 hid7906; C:\Windows\SysWOW64\drivers\hid7906.sys [34963 2007-12-12] (Compuware Corporation) [File not signed] S3 hid8101; C:\Windows\SysWOW64\drivers\hid8101.sys [37024 2007-12-03] (Compuware Corporation) [File not signed] S3 hid8103; C:\Windows\SysWOW64\drivers\hid8103.sys [34587 2007-11-28] (Compuware Corporation) [File not signed] S3 iComp; C:\Windows\System32\DRIVERS\p2usbhum.sys [1794112 2009-12-09] (Conexant Systems Inc.) R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF64.sys [157696 2011-10-20] (Matrox Graphics Inc.) S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation ) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [32936 2015-02-05] (Synaptics Incorporated) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2011-08-04] () [File not signed] S3 usbio; C:\Windows\System32\Drivers\dsiarhwprog_x64.sys [51600 2007-02-08] (Thesycon GmbH, Germany) S3 ZD1211BU(ZyDAS); C:\Windows\System32\DRIVERS\zd1211Bu.sys [493440 2005-10-28] (ZyDAS Technology Corporation) S3 ZDPSp50a64; C:\Windows\SysWOW64\Drivers\ZDPSp50a64.sys [31744 2005-03-18] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] U3 avro4yj0; C:\Windows\System32\Drivers\avro4yj0.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 connctfy; system32\DRIVERS\connctfy.sys [X] S3 connctfyMP; system32\DRIVERS\connctfy.sys [X] S3 cpuz134; \??\C:\Users\SPIELE~1.HEI\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S1 toqvakfe; \??\C:\Windows\system32\drivers\toqvakfe.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-13 18:07 - 2015-06-13 18:08 - 00026180 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\FRST.txt 2015-06-13 18:05 - 2015-06-13 18:05 - 00002856 _____ C:\Users\Spieler.HeikeHarder-HP\Desktop\JRT.txt 2015-06-13 18:04 - 2015-06-13 18:04 - 00000207 _____ C:\Windows\tweaking.com-regbackup-HEIKEHARDER-HP-Windows-7-Home-Premium-(64-bit).dat 2015-06-13 18:04 - 2015-06-13 18:04 - 00000000 ____D C:\RegBackup 2015-06-13 17:29 - 2015-06-13 17:56 - 00000000 ____D C:\AdwCleaner 2015-06-13 17:28 - 2015-06-13 17:28 - 02943739 _____ (Thisisu) C:\Users\Spieler.HeikeHarder-HP\Downloads\JRT.exe 2015-06-13 17:28 - 2015-06-13 17:28 - 02231296 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\AdwCleaner_4.206.exe 2015-06-12 18:45 - 2015-06-12 18:45 - 00001198 _____ C:\Users\Public\Desktop\Avira.lnk 2015-06-12 18:45 - 2015-06-12 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-06-12 18:44 - 2015-06-12 18:44 - 04683232 _____ (Avira Operations GmbH & Co. KG) C:\Users\Spieler.HeikeHarder-HP\Downloads\avira_de_av_557b041b509c2__ws.exe 2015-06-12 18:36 - 2015-06-12 18:36 - 00035225 _____ C:\ComboFix.txt 2015-06-12 18:22 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2015-06-12 18:22 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2015-06-12 18:22 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-06-12 18:22 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-06-12 18:22 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-06-12 18:22 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2015-06-12 18:22 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2015-06-12 18:22 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2015-06-12 18:07 - 2015-06-12 18:36 - 00000000 ____D C:\Qoobox 2015-06-12 18:06 - 2015-06-12 18:35 - 00000000 ____D C:\Windows\erdnt 2015-06-12 18:04 - 2015-06-12 18:04 - 05628161 ____R (Swearware) C:\Users\Spieler.HeikeHarder-HP\Downloads\ComboFix.exe 2015-06-11 20:03 - 2015-06-11 20:04 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Downloads\FRST-app 2015-06-11 18:34 - 2015-06-13 17:55 - 00008496 _____ C:\Windows\PFRO.log 2015-06-11 18:34 - 2015-06-13 17:55 - 00000448 _____ C:\Windows\setupact.log 2015-06-11 18:34 - 2015-06-11 18:34 - 00000000 _____ C:\Windows\setuperr.log 2015-06-11 17:48 - 2015-06-11 17:51 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Desktop\Santiano 2015-06-11 13:04 - 2015-06-13 18:07 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Downloads\FRST-OlderVersion 2015-06-11 10:00 - 2015-06-11 10:00 - 00153880 _____ C:\Users\Heike Harder\AppData\Local\GDIPFONTCACHEV1.DAT 2015-06-10 20:57 - 2015-06-10 20:57 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\MailUpdate 2015-06-10 11:29 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-06-10 11:29 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-06-10 11:29 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-06-10 11:29 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-06-10 11:29 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-06-10 11:29 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-06-10 11:29 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-06-10 11:29 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-06-10 11:29 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-06-10 11:29 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-06-10 11:29 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-06-10 11:29 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-06-10 11:29 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-06-10 11:29 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-06-10 11:29 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-06-10 11:29 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-06-10 11:29 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-06-10 11:29 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-06-10 11:29 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-06-10 11:29 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-06-10 11:29 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-06-10 11:29 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-06-10 11:29 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-06-10 11:29 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-06-10 11:29 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-06-10 11:29 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-06-10 11:29 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-06-10 11:29 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-06-10 11:29 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-06-10 11:29 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-06-10 11:29 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-06-10 11:29 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-06-10 11:29 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-06-10 11:29 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-06-10 11:29 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-06-10 11:29 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-06-10 11:29 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-06-10 11:29 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-06-10 11:29 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-06-10 11:29 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-06-10 11:29 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-06-10 11:29 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-06-10 11:29 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-06-10 11:29 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-06-10 11:29 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-06-10 11:29 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-06-10 11:29 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-06-10 11:29 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-06-10 11:29 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-06-10 11:29 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-06-10 11:29 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-06-10 11:29 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-06-10 11:29 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-06-10 11:29 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-06-10 11:29 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-06-10 11:29 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-06-10 11:29 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-06-10 11:29 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-06-10 11:29 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-06-10 11:29 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-06-10 11:28 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-06-10 11:24 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-06-10 11:24 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-06-10 11:24 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-06-10 11:24 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-06-10 11:24 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-06-10 11:24 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-06-10 11:24 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-06-10 11:24 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-06-10 11:24 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-06-10 11:24 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-06-10 11:24 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-06-10 11:24 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-06-10 11:23 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-06-10 11:23 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-06-10 11:23 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-06-10 11:23 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-06-10 11:23 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-06-10 11:23 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-06-10 11:23 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-06-10 11:23 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-06-10 11:23 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-06-10 11:23 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-06-10 11:23 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-06-10 11:23 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-06-10 11:23 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-06-10 11:23 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-06-10 11:23 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-06-10 11:23 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-06-10 11:23 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-06-10 11:23 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-06-10 11:23 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-06-10 11:23 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-06-10 11:23 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-06-10 11:23 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-06-10 11:23 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-06-10 11:23 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-06-10 11:23 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-06-10 11:23 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-06-10 11:23 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-06-10 11:23 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-06-10 11:23 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2015-06-10 11:23 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2015-06-10 11:23 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys 2015-06-09 21:01 - 2015-06-09 21:01 - 00000000 _____ C:\Windows\prleth.sys 2015-06-09 21:01 - 2015-06-09 21:01 - 00000000 _____ C:\Windows\hgfs.sys 2015-06-09 20:07 - 2015-06-11 03:33 - 00506848 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-09 17:00 - 2015-06-09 19:45 - 00000000 ____D C:\Users\Heike Harder\Documents\The Witcher 3 2015-06-09 15:14 - 2015-06-09 15:14 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Spieler.HeikeHarder-HP\Downloads\revosetup95 (1).exe 2015-06-09 12:19 - 2015-06-09 12:19 - 00000000 ____D C:\Users\Heike Harder\AppData\Local\Steam 2015-06-09 10:41 - 2015-06-09 10:41 - 00000000 ____D C:\Windows\SysWOW64\Flash 2015-06-09 10:04 - 2015-06-13 18:00 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Local\22CAFA80-1433844267-1016-BFEA-A7801F358095 2015-06-09 10:01 - 2015-06-12 17:26 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095 2015-06-09 10:01 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak 2015-06-09 09:59 - 2015-06-09 09:59 - 03824002 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\reimage_repair_keygen.zip 2015-06-09 09:07 - 2015-06-09 09:08 - 00771872 _____ (Reimage®) C:\Users\Spieler.HeikeHarder-HP\Downloads\ReimageRepair.exe 2015-06-08 23:22 - 2015-06-08 23:06 - 45315620 _____ C:\Users\Spieler.HeikeHarder-HP\Desktop\Produce_0.wmv 2015-06-08 16:24 - 2015-06-08 16:35 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Desktop\stream musik 2015-06-05 14:23 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-06-05 14:23 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-06-05 14:23 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-06-05 14:23 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-06-05 14:23 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-06-05 14:23 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-06-05 14:23 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-06-05 14:23 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-06-04 22:08 - 2015-06-13 11:50 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Desktop\server new 2015-06-04 22:08 - 2015-06-04 22:09 - 10174813 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\minecraft_server.1.8.6.exe 2015-06-03 23:21 - 2015-06-03 23:21 - 28683704 _____ (DVDVideoSoft Ltd. ) C:\Users\Spieler.HeikeHarder-HP\Downloads\FreeVideoToJPGConverter (2).exe 2015-05-28 21:19 - 2015-05-28 21:19 - 03716517 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\powersaves3ds-software-128.zip 2015-05-28 21:19 - 2015-05-28 13:45 - 03747890 _____ (Datel Design & Development ) C:\Users\Spieler.HeikeHarder-HP\Downloads\powersaves_setup_v1.28.exe 2015-05-27 11:22 - 2015-05-27 11:22 - 00684008 _____ (Opera Software) C:\Users\Spieler.HeikeHarder-HP\Downloads\Opera_NI_stable.exe 2015-05-24 20:50 - 2015-06-03 12:24 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Desktop\all 2015-05-15 23:29 - 2015-05-15 23:29 - 00001538 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2015-05-15 23:28 - 2015-05-15 23:28 - 36088824 _____ (DVDVideoSoft Ltd. ) C:\Users\Spieler.HeikeHarder-HP\Downloads\FreeYouTubeToMP3Converter.exe 2015-05-15 20:12 - 2015-05-16 12:58 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Desktop\pbs 2015-05-14 03:37 - 2015-05-14 03:37 - 00000000 _____ C:\Windows\SysWOW64\shoB6AC.tmp 2015-05-14 03:04 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-14 03:04 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-13 18:07 - 2015-04-01 23:18 - 02109952 _____ (Farbar) C:\Users\Spieler.HeikeHarder-HP\Downloads\FRST64.exe 2015-06-13 18:07 - 2015-04-01 23:18 - 00000000 ____D C:\FRST 2015-06-13 18:05 - 2011-01-27 20:36 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-13 18:04 - 2009-07-14 06:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-13 18:04 - 2009-07-14 06:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-13 18:00 - 2012-06-04 16:38 - 01764048 _____ C:\Windows\WindowsUpdate.log 2015-06-13 17:56 - 2014-06-24 16:10 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Local\LogMeIn Hamachi 2015-06-13 17:56 - 2011-03-16 16:37 - 00000441 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2015-06-13 17:55 - 2015-02-19 17:01 - 00000308 _____ C:\Windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job 2015-06-13 17:55 - 2011-03-09 17:38 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\PDF Software 2015-06-13 17:55 - 2011-01-27 20:36 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-13 17:55 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-13 17:53 - 2015-05-12 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher Enhanced Edition 2015-06-13 17:53 - 2013-12-16 09:15 - 00001000 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 30.lnk 2015-06-13 17:53 - 2011-04-06 19:06 - 00001031 _____ C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-06-13 14:13 - 2014-06-25 12:44 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Powersaves3DS 2015-06-13 11:49 - 2015-02-05 11:50 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Desktop\server 2015-06-13 00:03 - 2013-09-03 22:45 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\TS3Client 2015-06-12 19:38 - 2013-01-07 23:41 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\.minecraft 2015-06-12 18:45 - 2014-08-06 12:01 - 00000000 ____D C:\ProgramData\Package Cache 2015-06-12 18:45 - 2014-06-24 19:23 - 00000000 ____D C:\ProgramData\Avira 2015-06-12 18:45 - 2014-06-24 19:23 - 00000000 ____D C:\Program Files (x86)\Avira 2015-06-12 18:36 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2015-06-12 18:34 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2015-06-12 18:11 - 2015-02-19 17:01 - 00002586 _____ C:\Windows\System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c 2015-06-11 18:35 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2015-06-11 17:51 - 2011-07-10 23:06 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\vlc 2015-06-11 14:52 - 2013-01-20 00:21 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Skype 2015-06-11 14:51 - 2015-02-17 13:50 - 00002409 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\desmume.ini 2015-06-11 14:50 - 2014-08-28 20:02 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Documents\lp 2015-06-11 12:57 - 2012-08-16 23:15 - 00000000 ____D C:\Program Files (x86)\Pando Networks 2015-06-11 10:00 - 2014-09-30 21:27 - 00000000 ____D C:\Users\Heike Harder\AppData\Local\LogMeIn Hamachi 2015-06-11 04:24 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-06-11 03:41 - 2011-01-07 21:54 - 00799382 _____ C:\Windows\system32\perfh007.dat 2015-06-11 03:41 - 2011-01-07 21:54 - 00188890 _____ C:\Windows\system32\perfc007.dat 2015-06-11 03:41 - 2009-07-14 07:13 - 01903918 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-11 03:38 - 2014-06-03 11:02 - 00003860 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1387178156 2015-06-11 03:38 - 2011-01-27 12:58 - 00000000 ____D C:\Program Files (x86)\Opera 2015-06-11 03:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-06-11 03:07 - 2013-08-16 09:04 - 00000000 ____D C:\Windows\system32\MRT 2015-06-11 03:02 - 2011-01-31 19:17 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-06-09 21:05 - 2012-09-11 10:43 - 00000000 ____D C:\ProgramData\NexonUS 2015-06-09 20:23 - 2012-06-12 19:26 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-06-09 20:23 - 2012-03-07 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2015-06-09 19:45 - 2011-01-07 21:18 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-06-09 16:39 - 2014-12-14 18:06 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\OBS 2015-06-09 14:59 - 2011-01-29 14:11 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\SoftGrid Client 2015-06-09 12:14 - 2011-03-04 12:43 - 00000000 ____D C:\ProgramData\Origin 2015-06-09 12:09 - 2011-07-07 09:25 - 00000000 ____D C:\Users\Heike Harder\AppData\Local\Origin 2015-06-09 12:08 - 2011-07-07 09:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2015-06-09 12:08 - 2011-07-07 09:23 - 00000000 ____D C:\Program Files (x86)\Origin 2015-06-09 11:28 - 2014-09-30 21:27 - 00002555 _____ C:\Users\Heike Harder\Desktop\Google Chrome.lnk 2015-06-09 11:28 - 2011-04-07 08:16 - 00001729 _____ C:\Users\Heike Harder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-06-09 11:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2015-06-09 10:57 - 2011-02-11 12:08 - 00000000 ____D C:\Users\Heike Harder\AppData\Roaming\PDF Software 2015-06-08 19:08 - 2015-02-17 13:51 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Downloads\Battery 2015-06-08 19:08 - 2014-08-21 22:58 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Desktop\uni 2015-06-08 18:49 - 2013-10-04 14:37 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\alles 2015-06-08 15:37 - 2015-05-11 21:44 - 00000512 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\Digimon - Battle Spirit (D, F, E).sav 2015-06-08 15:37 - 2015-03-23 11:31 - 00002441 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\vba.ini 2015-06-08 13:41 - 2014-12-14 18:06 - 00000000 ____D C:\Program Files (x86)\OBS 2015-06-08 11:15 - 2014-12-14 18:06 - 00000000 ____D C:\Program Files\OBS 2015-06-06 03:16 - 2014-12-11 04:23 - 00000000 ____D C:\Windows\system32\appraiser 2015-06-06 03:16 - 2014-05-01 03:02 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-06-04 14:57 - 2011-03-02 15:03 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\KlebezettelNG 2015-06-03 23:22 - 2015-04-03 11:17 - 00001514 _____ C:\Users\Public\Desktop\Free Video to JPG Converter.lnk 2015-06-03 23:22 - 2015-04-03 11:17 - 00001247 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2015-06-03 23:22 - 2014-09-21 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-06-03 23:22 - 2014-09-21 20:49 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft 2015-06-03 23:21 - 2012-12-30 13:01 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\DVDVideoSoft 2015-06-03 15:36 - 2012-04-06 20:04 - 00000000 ____D C:\ProgramData\Skype 2015-06-03 09:53 - 2012-04-12 13:23 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-29 11:18 - 2011-01-29 12:51 - 00153880 _____ C:\Users\Spieler.HeikeHarder-HP\AppData\Local\GDIPFONTCACHEV1.DAT 2015-05-28 21:20 - 2014-06-25 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Action Replay PowerSaves 3DS 2015-05-28 21:20 - 2014-06-25 13:55 - 00000000 ____D C:\Program Files (x86)\Action Replay PowerSaves 3DS 2015-05-27 11:18 - 2012-06-08 18:21 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Google 2015-05-25 16:25 - 2015-02-20 21:06 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Downloads\Cheats 2015-05-23 14:27 - 2011-01-27 20:36 - 00000000 ____D C:\Program Files (x86)\Google 2015-05-23 12:17 - 2012-04-12 13:23 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-05-23 12:17 - 2012-04-12 13:23 - 00003824 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-05-23 12:17 - 2011-05-23 10:55 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-05-23 12:16 - 2014-10-17 07:57 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Adobe 2015-05-21 03:00 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-05-21 03:00 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\system32\GWX 2015-05-21 01:01 - 2014-05-02 14:03 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Winamp 2015-05-16 12:00 - 2011-01-27 20:36 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-16 12:00 - 2011-01-27 20:36 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-15 23:29 - 2014-12-08 23:51 - 00000000 ____D C:\Program Files (x86)\Free Codec Pack 2015-05-14 20:57 - 2011-02-16 14:05 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Local\The Witcher 2015-05-14 03:41 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal 2015-05-14 03:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers 2015-05-14 03:19 - 2011-01-27 18:45 - 01930536 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2015-05-14 03:19 - 2011-01-27 18:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2015-05-14 03:04 - 2013-03-13 16:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-14 03:03 - 2013-03-13 16:15 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-05-14 03:03 - 2013-03-13 16:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight ==================== Files in the root of some directories ======= 2014-08-18 16:36 - 2014-08-18 16:56 - 0004608 _____ () C:\Users\Spieler.HeikeHarder-HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-03-15 15:52 - 2015-03-15 15:52 - 0001507 _____ () C:\Users\Spieler.HeikeHarder-HP\AppData\Local\recently-used.xbel 2014-04-21 13:47 - 2014-04-21 13:47 - 0007600 _____ () C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Resmon.ResmonCfg 2011-12-22 20:26 - 2012-01-03 22:39 - 0001682 ___SH () C:\ProgramData\KGyGaAvL.sys Some files in TEMP: ==================== C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Temp\Quarantine.exe C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-03 00:44 ==================== End of log ====================== |
13.06.2015, 17:13 | #8 |
| Nervige Popups, Videos so wie ständiges selbst Installieren von Anyprotect und Mystartserac [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015 Ran by Spieler at 2015-06-13 18:08:47 Running from C:\Users\Spieler.HeikeHarder-HP\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2355925718-3238339638-3018866954-500 - Administrator - Disabled) Gast (S-1-5-21-2355925718-3238339638-3018866954-501 - Limited - Disabled) => C:\Users\Gast Heike Harder (S-1-5-21-2355925718-3238339638-3018866954-1001 - Administrator - Enabled) => C:\Users\Heike Harder HomeGroupUser$ (S-1-5-21-2355925718-3238339638-3018866954-1013 - Limited - Enabled) Spieler (S-1-5-21-2355925718-3238339638-3018866954-1007 - Administrator - Enabled) => C:\Users\Spieler.HeikeHarder-HP UpdatusUser (S-1-5-21-2355925718-3238339638-3018866954-1012 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3RVX (HKLM-x32\...\{66BB5D8F-D9BD-4799-A9FA-5731B3B7839A}) (Version: 2.5 - matt.malensek.net) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) ABBYY FineReader 10 Professional Edition (HKLM-x32\...\{F1000000-0001-0000-0000-074957833700}) (Version: 10.501.159.70013 - ABBYY) Action Replay DSi Code Manager (HKLM-x32\...\Action Replay DSi Code Manager_is1) (Version: - ) Action Replay PowerSaves 3DS Version 1.28 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.28 - Datel Design & Development) ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.) Adobe Creative Suite 2 (HKLM-x32\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version: - ) Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - ) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated) Adobe Photoshop Elements 6.0 (HKLM-x32\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems, Inc.) Adobe Reader X (10.1.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated) Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.) Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.12.2400) (Version: 1.12.2400 - Aeria Games & Entertainment) Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.12.2400 - Aeria Games & Entertainment) Aeria Ignite (x32 Version: 1.12.2400 - Aeria Games & Entertainment) Hidden Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden Akamai NetSession Interface (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Akamai) (Version: - Akamai Technologies, Inc) Amazon Music (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC) Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ashampoo Burning Studio Elements 10.0.9 (HKLM-x32\...\Ashampoo Burning Studio Elements_is1) (Version: 3.1.1 - Ashampoo GmbH & Co. KG) Ashampoo Office 2008 (C:\Program Files (x86)\Ashampoo\Ashampoo Office 2008) (HKLM-x32\...\sm-un1.u32) (Version: - SoftMaker Software GmbH) Ashampoo Photo Commander 7.60 (HKLM-x32\...\Ashampoo Photo Commander 7_is1) (Version: 7.6.0 - ashampoo GmbH & Co. KG) Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team) Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.10 - Audible, Inc.) Autostart ok-s 2.0 (HKLM-x32\...\{83832C13-FE26-4058-9BEB-89C422F569B3}) (Version: 1.0 - Olaf Koch) Avira (HKLM-x32\...\{0696cc37-db90-4000-be99-4a173ca7c8af}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Hidden Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - ) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden BenVista PhotoZoom Classic 2.0 (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\PhotoZoom Classic 2) (Version: 2.0 - BenVista Ltd) BenVista PhotoZoom Express 3.0 (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\PhotoZoom Express 3) (Version: 3.0 - BenVista Ltd) Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden Brother MFL-Pro Suite MFC-J6510DW (HKLM-x32\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 1.0.20.0 - Brother Industries, Ltd.) Build-a-Lot - The Elizabethan Era (x32 Version: 2.2.0.95 - WildTangent) Hidden Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden CCEnhancer 3.2 (HKLM-x32\...\CCEnhancer) (Version: 3.2 - ) CCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform) Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version: - Dark Byte) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) COMPUTERBILD App-Center (HKLM-x32\...\{21295604-BBCA-4A3E-B1D1-1B8A746C4A52}) (Version: 1.0.23 - J3S) COMPUTERBILD-Cloud (HKLM\...\COMPUTERBILD-Cloud_is1) (Version: - CyberGhost S.R.L.) Curse Client (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\101a9f93b8f0bb6f) (Version: 5.1.1.792 - Curse) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Defraggler (HKLM\...\Defraggler) (Version: 2.01 - Piriform) DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 1.0.1.46 - INTENIUM GmbH) Die Jade-Münze (HKLM-x32\...\Die Jade-Münze) (Version: 1.0.0.0 - INTENIUM GmbH) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden DomainInspect (HKLM-x32\...\DomainInspect) (Version: - AntsSoft) Drakensang 2 Savegame Editor (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Drakensang 2 Savegame Editor) (Version: - Philipp Jardas) Drakensang Savegame Editor (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Drakensang Savegame Editor) (Version: - Philipp Jardas) DriverMax 7 (HKLM-x32\...\DMX5_is1) (Version: 7.53.0.1091 - Innovative Solutions) DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard) DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden DVD Video Soft Toolbar (HKLM-x32\...\dvdvideosofttoolbar) (Version: 1.0.0.12 - ) DVDVideoSoftTB Toolbar (HKLM-x32\...\DVDVideoSoftTB Toolbar) (Version: 6.9.0.16 - DVDVideoSoftTB) EA Shared Game Component: Activation (HKLM-x32\...\com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1) (Version: 2.2.0.62 - Electronic Arts) EA Shared Game Component: Activation (x32 Version: 2.2.0 - Electronic Arts) Hidden EPSON SX430 Series Printer Uninstall (HKLM\...\EPSON SX430 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION) Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Free 3GP Video Converter version 5.0.13.608 (HKLM-x32\...\Free 3GP Video Converter_is1) (Version: 5.0.13.608 - DVDVideoSoft Ltd.) Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.) Free Audio Converter version 5.0.21.1212 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.21.1212 - DVDVideoSoft Ltd.) Free Studio version 6.5.0.219 (HKLM-x32\...\Free Studio_is1) (Version: 6.5.0.219 - DVDVideoSoft Ltd.) Free Video to JPG Converter version 5.0.59.525 (HKLM-x32\...\Free Video to JPG Converter_is1) (Version: 5.0.59.525 - DVDVideoSoft Ltd.) Free YouTube Download 3 version 3.0.6.715 (HKLM-x32\...\Free YouTube Download 3_is1) (Version: - DVDVideoSoft Limited.) Free YouTube to DVD Converter version 3.0.3.923 (HKLM-x32\...\Free YouTube to DVD Converter_is1) (Version: - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.59.505 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.59.505 - DVDVideoSoft Ltd.) GameWiz32 (HKLM-x32\...\GameWiz32) (Version: 1.43 - Nico Ebert) Geheimnis von Montezuma (HKLM-x32\...\Geheimnis von Montezuma) (Version: 0.0.0.0 - INTENIUM GmbH) Geheimnis von Montezuma 2 (HKLM-x32\...\Geheimnis von Montezuma 2) (Version: 1.0.0.0 - INTENIUM GmbH) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Glitzerndes Troja (HKLM-x32\...\Glitzerndes Troja_is1) (Version: - Contendo Media GmbH) Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.) Harvard Publisher 6.0 (HKLM-x32\...\Harvard Publisher 6.0) (Version: - ) Harvard Publisher 6.0 Inhalts-CD-ROM (HKLM-x32\...\Harvard Publisher 6.0 Inhalts-CD-ROM) (Version: - ) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent) HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard) HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard) HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard) HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard) HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}) (Version: 5.1.8.12 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard) HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard) HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden Hühner-Attacke (HKLM-x32\...\Hühner-Attacke) (Version: 0.0.0.0 - INTENIUM GmbH) Hühner-Rache Deluxe Special (HKLM-x32\...\Hühner-Rache Deluxe Special) (Version: - ) HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.29.01 - Hyperionics Technology LLC) Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) Internet Turbo Engine (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\{28583d9b-8f7d-474c-b990-7328c7428bae}) (Version: 10.197.20.13927 - ReSoft Ltd.) iTunes (HKLM\...\{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}) (Version: 10.5.2.11 - Apple Inc.) Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle) JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH) Jewel Quest II (x32 Version: 2.2.0.95 - WildTangent) Hidden Jewel Quest Solitaire (HKLM-x32\...\Jewel Quest Solitaire) (Version: 1.0.0.0 - INTENIUM GmbH) Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden Jewel Quest Solitaire II (HKLM-x32\...\Jewel Quest Solitaire II) (Version: 1.0.0.0 - INTENIUM GmbH) Jewel Quest Solitaire III (HKLM-x32\...\Jewel Quest Solitaire III) (Version: 1.0.0.0 - INTENIUM GmbH) John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Klebezettel NG (Version 2.9.14) (HKLM-x32\...\{4F81901F-3655-4340-8227-F687F69A3C79}}_is1) (Version: - ) Land der Magie (HKLM-x32\...\Land der Magie) (Version: 1.0.0.0 - INTENIUM GmbH) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) Hidden LoiLo Game Recorder (HKLM\...\{89E4163C-BD19-45A9-BCEB-980741786799}_is1) (Version: 1.1.0.0 - LoiLo inc.) LoiLoScope 2 (HKLM-x32\...\{CAB75FFC-2377-4B95-A8FA-C9234B812A92}_is1) (Version: 2.5.3.2 - LoiLo inc) M6 Processing 1.0 (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\M6 Processing) (Version: 1.0 - Pysy Software S.L.) Magelo Sync (uninstall only) (HKLM\...\Magelo Sync) (Version: - ) MAGIX Filme auf DVD Download-Version (x32 Version: 9.0.1.2 - MAGIX AG) Hidden MAGIX Video deluxe 17 Download-Version (x32 Version: 10.0.1.14 - MAGIX AG) Hidden Mah Jong Quest (HKLM-x32\...\Mah Jong Quest) (Version: 0.0.0.0 - INTENIUM GmbH) Mah Jong Quest II (HKLM-x32\...\Mah Jong Quest II) (Version: 0.0.0.0 - INTENIUM GmbH) Mah Jong Quest III (HKLM-x32\...\Mah Jong Quest III) (Version: 0.0.0.0 - INTENIUM GmbH) Mahjongg – Ancient Egypt (HKLM-x32\...\Mahjongg – Ancient Egypt) (Version: 1.0.0.0 - INTENIUM GmbH) Mahjongg – Ancient Mayas (HKLM-x32\...\Mahjongg – Ancient Mayas) (Version: 0.0.0.0 - INTENIUM GmbH) Mahjongg Artifacts (HKLM-x32\...\Mahjongg Artifacts) (Version: 0.0.0.0 - INTENIUM GmbH) Mahjongg Artifacts 2 (HKLM-x32\...\Mahjongg Artifacts 2) (Version: 0.0.0.0 - INTENIUM GmbH) Mahjongg Dimensions Deluxe: Tiles in Time (HKLM-x32\...\Mahjongg Dimensions Deluxe: Tiles in Time) (Version: 1.0.0.0 - INTENIUM GmbH) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office XP Professional (HKLM-x32\...\{91110407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Moorhuhn Schatzjäger 3 (HKLM-x32\...\Moorhuhn Schatzjäger 3) (Version: 1.00 - phenomedia publishing gmbh) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard) Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden Mozilla Thunderbird (3.1.7) (HKLM-x32\...\Mozilla Thunderbird (3.1.7)) (Version: 3.1.7 (de) - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) Mystery Solitaire: Secret Island (HKLM-x32\...\Mystery Solitaire: Secret Island) (Version: 0.0.0.0 - INTENIUM GmbH) NC Launcher (GameForge) (HKLM-x32\...\NCLauncher_GameForge) (Version: - NCsoft) No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23) Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) NVIDIA 3D Vision Controller-Treiber 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.90 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation) Office-Bibliothek (HKLM-x32\...\{5C81B189-5456-40C4-9313-7FE6FA6DD64C}) (Version: 5.00.3 - Bibliographisches Institut & F.A. Brockhaus AG) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org) Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA) Opera Stable 30.0.1835.59 (HKLM-x32\...\Opera 30.0.1835.59) (Version: 30.0.1835.59 - Opera Software) Origin (HKLM-x32\...\Origin) (Version: 9.1.13.85 - Electronic Arts, Inc.) paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC) PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.) PCSUITE ADVISOR (HKLM-x32\...\PCSUITE_ADVISOR_PRO_is1) (Version: - Markement GmbH) PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company) Pinball Escape (HKLM\...\UDK-4601a1a3-d3ca-4b8b-99ca-a569081d9943) (Version: - Epic Games, Inc.) Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.) PowerDirector (Version: 10.00.0000 - CyberLink Corp.) Hidden QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6622 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden Restricted Area (HKLM-x32\...\Restricted Area_is1) (Version: Restricted Area - Master Creating) Retter in der Not (HKLM-x32\...\Retter in der Not) (Version: 1.0.0.0 - INTENIUM GmbH) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) RIFT (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\RIFT) (Version: - Trion Worlds, Inc.) RIFT Beta (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\RIFT-Beta) (Version: - Trion Worlds, Inc.) Ritter Arthur (HKLM-x32\...\Ritter Arthur) (Version: 1.0.0.0 - INTENIUM GmbH) Scansoft PDF Professional (x32 Version: - ) Hidden Serif PhotoPlus X2 (HKLM-x32\...\{FC935397-C56E-4EE3-B9BC-1F7F3EA6CE41}) (Version: 12.0.3.013 - Serif (Europe) Ltd) Shaiya-DE (HKLM-x32\...\Shaiya-DE) (Version: - ) shopperz 2.0.0.461 (HKLM\...\{d0174004-bb12-464b-b666-9ba9bdbd750a}_is1) (Version: 2.0.0.461 - shopperz) Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.) Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Soda PDF 2012 (HKLM-x32\...\{A5EB5C60-5303-46C2-ABC8-860D94A8A973}) (Version: 2.0.33.2835 - LULU Software) South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH) TeamSpeak 3 Client (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\TeamSpeak 3 Client) (Version: 3.0.12 - TeamSpeak Systems GmbH) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer) The Witcher Enhanced Edition Version 1.6 (HKLM-x32\...\The Witcher Enhanced Edition_is1) (Version: 1.6 - CD Projekt RED) The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD PROJEKT RED) TileSetMaker (HKLM-x32\...\TileSetMaker) (Version: - ) Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore) Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore) TP-LINK Wireless Client Utility (HKLM-x32\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK) TQ Defiler.NET (HKLM-x32\...\{F4CB0C1E-A88F-46D7-AC9A-03B349A8D64F}) (Version: 1.3.7 - Soul's Software) TQVault 2.11 (HKLM-x32\...\TQVault_is1) (Version: - bman654) Treiber-Studio 2013 (HKLM\...\{7660521A-062D-41F5-AA5E-CBA0E0511131}) (Version: 8.0.519 - Publish Data) Unity Web Player (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\UnityWebPlayer) (Version: - Unity Technologies ApS) USB Audio/Video Driver (HKLM-x32\...\InstallShield_{015C057F-D7B9-4D82-B266-FBCF0178F382}) (Version: 1.00.0000 - ) USB Audio/Video Driver (x32 Version: 1.00.0000 - ) Hidden USB Network Driver (HKLM-x32\...\{66ED8E01-C915-41F5-B33E-C5C31F27B885}) (Version: 2007.07.3 - ) Video Thumbnails Maker by Scorp (remove only) (HKLM-x32\...\Video Thumbnails Maker) (Version: - ) ViGlance (HKLM-x32\...\ViGlance) (Version: 1001194 - Lee-Soft.com) Vindictus (HKLM-x32\...\Vindictus) (Version: - ) Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version: - ) Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden Vista Start Menu 3.36 (HKLM-x32\...\Vista Start Menu_is1) (Version: 3.36 - OrdinarySoft) VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN) VP3 Codec Version 3.2.6.1 (HKLM-x32\...\VP3 Codec Version 3.2.6.1) (Version: - ) Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation) Winload Toolbar (HKLM-x32\...\Winload Toolbar) (Version: 6.8.9.0 - Winload) XLink Kai Evolution 7 (HKLM-x32\...\{F90592EC-5E58-4EE6-A333-EC05ED57ACF4}) (Version: 7.1.7.7 - Team XLink) Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC) Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File CustomCLSID: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007_Classes\CLSID\{b24abb2f-a278-4d8e-953c-24d702c5cd73}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 11-06-2015 03:00:39 Windows Update 11-06-2015 12:55:08 Revo Uninstaller's restore point - Pando Media Booster 11-06-2015 19:06:40 Revo Uninstaller's restore point - mystartsearch uninstall 11-06-2015 19:10:41 Revo Uninstaller's restore point - AnyProtect 12-06-2015 15:23:52 Revo Uninstaller's restore point - Zombie News 12-06-2015 18:03:16 Revo Uninstaller's restore point - Word Processor Text Wrap 12-06-2015 18:08:49 Revo Uninstaller's restore point - Avira Antivirus 12-06-2015 18:20:04 Revo Uninstaller's restore point - Avira ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01A8FBEE-F847-42AC-BA4F-00A1898D52EA} - System32\Tasks\{A1B14BEA-175E-4E8C-BEE2-5DDA0F36CE9D} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {07B88545-8678-48F3-A6C7-1FBFFD50D661} - System32\Tasks\{1003CA87-689D-4BA1-9991-D848D14F3F1C} => pcalua.exe -a E:\AUTOSTARTER.EXE -d E:\ Task: {07C3EB77-BAD1-4CE8-A8AC-7F7B2FC0B156} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-09-27] () Task: {099D38D9-347D-4927-A8D6-717739F0B2D9} - System32\Tasks\{7F6DEF33-A300-41FA-A541-DBEC7DD61924} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {0BB09DF1-229E-407A-B1B9-3AC39272E7CB} - System32\Tasks\{2FE07B1C-ECD4-4699-B785-2C1187027CF6} => C:\Program Files (x86)\TQVault\TQVault.exe [2007-03-18] () Task: {10767F79-86BB-4CBE-A00F-FFEEAF2BB163} - System32\Tasks\{66C961E8-5007-4324-903F-35DBDB476678} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {14001BFE-1F98-4D9A-A750-6AE835038689} - System32\Tasks\{E285D0AD-6380-4D20-A7E3-50700C93908A} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {170BCD56-2CA0-49B4-9F7C-5EBAE2C2D462} - System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe Task: {1759C3E3-2931-441F-8EF6-565E7B4B967C} - System32\Tasks\{AD853451-27EC-49FA-BE81-3E72E4EC04B2} => pcalua.exe -a E:\setup.exe -d E:\ Task: {1BF75E84-A4B3-4CD0-B537-E9B1CEB547A9} - System32\Tasks\{D618E586-8508-4056-B127-BCB49FAA1349} => pcalua.exe -a "C:\Program Files (x86)\Dragon Age\bin_ship\EAProxyInstaller.exe" -d "C:\Program Files (x86)\Dragon Age\bin_ship" Task: {1CE42E40-BEA3-40D6-B42D-C54E78338C19} - System32\Tasks\{AC8529D0-457C-4858-B446-99E3F2D44A5F} => C:\Program Files\HyperCam 2\HyCam2.exe Task: {1D253A63-D540-4C66-B6C6-563742BC0F6E} - System32\Tasks\{9CA9B3AA-1AD3-4D26-BB36-A9DA9005BE34} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {1EDA99EA-7455-4F84-A4AD-D1CC2C972E15} - System32\Tasks\{A67E58E4-AE88-49A7-85A6-7453A92EB2A9} => C:\Program Files (x86)\Drakensang Online\thinclient.exe Task: {228BDEE1-C8C3-4C7F-BEE3-91A0B6F66C2F} - System32\Tasks\{67DA8AEA-6354-42CE-B407-E33C42A282D5} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {23B7FBBE-A7D5-4A34-AD46-060CC765D92E} - System32\Tasks\{7FD504B3-841B-408D-8619-E88E190DA8D6} => C:\Program Files (x86)\Divinity II - Ego Draconis\Divinity_II_Patch_1.03_GERMAN.exe Task: {245A5C11-D036-4CE3-A206-3D0087FF869D} - System32\Tasks\{85FDF290-C320-404D-84B8-6779231A31E0} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {2521C72D-ACF7-4E0D-9F18-A11B57FE74CC} - System32\Tasks\{68E7106A-FDBD-4F0D-8550-DF8A459AFE69} => C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe Task: {2553768B-2AE4-48DF-A613-C7A4A494EE9C} - System32\Tasks\{9CA5AF8D-3F0F-42C7-BD91-D915420ACFE3} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {29C47B50-5DFF-438F-99CB-706D6E748C95} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.) Task: {2BEC5C53-25E2-4659-9513-0C6DC990BD02} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation) Task: {2D359077-ABF9-455A-A2BD-11A8CA7A3FAE} - System32\Tasks\{C9EE2AD4-524E-414F-A50C-DA6B832B5BF8} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {2F1A4251-378C-4421-97E8-3C7D0897D184} - System32\Tasks\{5C73300B-5FF6-46B9-B37C-1D01610BE815} => pcalua.exe -a E:\3DS_Capture_Card_driver\3ds_driver_setup_(WinXP_Vista_7_8_8.1).exe -d E:\3DS_Capture_Card_driver Task: {31A6B50D-488E-4A4A-BE59-F4D33832D8A7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation) Task: {32D184EF-A82C-44B6-9E6E-23488E1E6F81} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation) Task: {336613B4-A4E0-4242-B841-6A7B83C0D918} - System32\Tasks\{472CECA2-D1CA-452A-A9CD-2E5F66E02CBF} => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2015-03-30] (LogMeIn Inc.) Task: {38BD3EA0-C784-4ADE-AABD-97FF17CFBBE9} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {3DF64CDE-D27B-4C6D-BDBE-B77C15AE6721} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2355925718-3238339638-3018866954-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.) Task: {42D0900A-C5EC-4543-8898-EF24BA29F137} - \Papuir No Task File <==== ATTENTION Task: {42D95011-430F-42F0-A494-B45A84D8E644} - System32\Tasks\{897D3095-7A62-409F-BEF5-A770BF0CF4DE} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {49C78CDC-889A-45FC-B75C-6600F9966CAB} - System32\Tasks\{79015419-0F92-45C0-8EE4-4E179F736190} => C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe Task: {50806D0A-2107-49B6-A98D-57965254570C} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {55C47305-75B5-48A0-908E-0D9AF695E449} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-18] (Hewlett-Packard Company) Task: {56506F83-9B43-4450-B403-9696BE10DBD9} - System32\Tasks\{0D8E4BFB-4760-4899-941A-A04A53FD3A39} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {58C2BEB1-2B7A-4C4C-B1A1-AC302CE23429} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.) Task: {5A2C67D9-88D2-4AEC-B074-A4829C40D7C8} - System32\Tasks\{36C8FF93-8BD8-4E30-A5D6-ED25FFEC2812} => C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe [2014-08-10] (TeamSpeak Systems GmbH) Task: {5D92F5D7-5F78-4E3B-AF91-2B41FEE2270B} - System32\Tasks\{4973F1FB-630E-40E2-9C70-88009C1BB43E} => C:\Program Files (x86)\Monte Cristo\Silverfall - Wächter der Elemente - Demo\SilverfallDemo.exe Task: {5DF0F1DF-816A-4B0D-8969-D28DE8BE9CD6} - System32\Tasks\{1E96FC8D-8C2B-460C-9F54-28CBC2884878} => C:\Program Files (x86)\CyberLink\PowerDirector\PDR.exe Task: {71B4D24B-817F-41DE-BE2E-C87686063F41} - System32\Tasks\{500EE935-E46A-4AA0-AD58-8D8A54253987} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {71C80375-1CDC-4DA3-AEB3-2CCF2A77A05B} - System32\Tasks\{2D02A1A1-B88D-4F22-BE09-2AAC6542545D} => pcalua.exe -a "C:\Program Files\TeamSpeak 3 Client\plugins\ts3overlay\InstallHook.exe" -d "C:\Program Files\TeamSpeak 3 Client\plugins\ts3overlay\" -c ts3overlay_hook_win32.dll 10000 Task: {74FB1AD8-296D-4FA7-B1F0-D01E746BCD72} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {7537B895-1433-4A0A-B8F3-77C5129BD106} - System32\Tasks\{CC601210-52A7-4E2E-8BE7-E2E5643F0396} => C:\Program Files\HyperCam 2\HyCam2.exe Task: {839A0A3D-2712-483E-83AE-1B228A4E11D7} - System32\Tasks\Opera scheduled Autoupdate 1387178156 => C:\Program Files (x86)\Opera\launcher.exe [2015-06-10] (Opera Software) Task: {8A6FC5E8-EF62-41F8-A8A5-3E3757027530} - System32\Tasks\{C58DA0D1-31F7-475E-BE33-B1F7592A93B5} => C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe [2014-08-10] (TeamSpeak Systems GmbH) Task: {953B319A-52DE-4460-B15C-45ED8C6E5A27} - System32\Tasks\{7BDD7497-A7C0-4293-AC7A-CA49768B3715} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {9A3001AE-0F9D-453E-BAFE-78FE333C8D39} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-08-20] (CyberLink) Task: {9EE58FF6-A4F8-4493-89EB-61F5B8006377} - System32\Tasks\{83F7BE8B-3672-4C01-806C-B8D7BADBA939} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {9F7A8A39-9A36-4B20-989E-CFCE33B1E8F2} - System32\Tasks\{EDA016A9-6648-481B-BB50-DF45ED33DA31} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {9F7CA800-2D8A-4033-A94A-9FC9B217E7A7} - System32\Tasks\{412675ED-C224-4FF8-8571-5445803EC050} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {AB2859EC-7065-4D93-AE2D-344A32FF0098} - System32\Tasks\{088F98D3-4398-4748-B038-7915992C069D} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {AC239D12-5FF9-4F16-8A55-EBEBEDA89C6D} - System32\Tasks\{AB9E4B60-D7D4-4489-A561-614D85309523} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {ADC8DFD5-05B7-48C8-A7CC-B236983A1808} - System32\Tasks\{F779D376-AED6-4FEE-B8E4-143428962663} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {B3279C17-9920-4EFF-98BD-52652976909F} - System32\Tasks\{8DB3F366-A097-4A5D-A000-0C16DFFE209E} => C:\Program Files (x86)\JoWooD\SpellForce Demo\SpellForced.exe Task: {B63FF6D1-52A1-44F6-8079-FC59CAC150F7} - System32\Tasks\{19AA9B0E-513F-411F-8A36-5A48E0FDB28B} => C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe Task: {BE152DD4-9412-404F-975A-AA8027D5757E} - System32\Tasks\{C14076FC-5996-456C-B87D-9D686938FE02} => C:\Program Files (x86)\Datel\WiFi MAX\WM.EXE Task: {BF2F502A-C412-4289-B7B9-25BBA3E3FE9F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-18] (Hewlett-Packard Company) Task: {BFA5AF4D-028E-475B-A3B7-2AE64B277C07} - System32\Tasks\{3D75B136-7B65-4B54-B0DB-4CD1368B54AD} => pcalua.exe -a "C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\uninstbb.exe" Task: {C248182A-7AED-4A14-AA1D-C49D29BC0100} - System32\Tasks\{A4983898-78F0-4A6A-AA6C-34ECA5EC873B} => pcalua.exe -a C:\Users\Spieler.HeikeHarder-HP\Documents\RIFT\setup.exe -d C:\Users\Spieler.HeikeHarder-HP\Documents\RIFT Task: {C3C4839D-E51F-4CC8-8008-55D1A3457968} - System32\Tasks\{2B5D54DC-6890-4BD3-A388-01346A0139FE} => pcalua.exe -a C:\Users\Spieler\Documents\Downlodes\MahjonggArtifacts2.exe -d C:\Users\Spieler\Documents\Downlodes Task: {C62C9580-EE55-4935-93AC-F8A8A80A7E06} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2355925718-3238339638-3018866954-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.) Task: {C82A8F19-42FF-4733-BFA1-701EEB2196A2} - System32\Tasks\{2EB9F633-1C7D-471B-9D41-7930F7192F42} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\Uninstall.exe" Task: {C9E22DA0-7805-4B28-B265-7F0002E168C2} - System32\Tasks\{FAE212E9-0CA9-4EF9-881B-FB56B5519A36} => C:\Program Files (x86)\TQVault\TQVault.exe [2007-03-18] () Task: {CB364AAC-8A72-4DD4-B732-AA4FB27DADC6} - System32\Tasks\{FD932190-4DCE-4EFB-8275-CCB6841E084C} => C:\Program Files (x86)\CyberLink\PowerDirector\PDR.exe Task: {CD7FF6C1-E9D1-4FA5-9131-A6B5D93F3C3C} - System32\Tasks\{B26BBC9F-AC7C-4953-9FA7-CA011047A7F0} => C:\Program Files (x86)\CyberLink\PowerDirector\PDR.exe Task: {D0E886EE-2AB7-4E36-BEDA-B15643EBDA63} - System32\Tasks\{7A4735AA-26B5-4F00-A23A-E669986102AD} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {DC4A8E46-4BBC-43C4-B86A-962F9763E636} - System32\Tasks\{7DD8442C-43A1-46AA-8D56-18DE6AC9AA25} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {DC8D724C-1FC6-4E88-BFA8-431DBC63E82E} - System32\Tasks\{F003A125-9256-4022-8C48-DEA75D2EC1F8} => C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe Task: {DF306A0E-1234-4ED8-87C5-2E79D3A61B6C} - System32\Tasks\{42254E81-80B3-4EBB-A425-E87D1499C5F1} => pcalua.exe -a C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes\sacreduw2_21ger\SacredUW_ger_2.21_retail.exe -d C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes\sacreduw2_21ger Task: {E5B5252D-CA06-4DB0-BEE5-3A0D0ED561BD} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2014-11-22] (Microsoft Corporation) Task: {EB112395-5E92-4203-9283-9439B69C0623} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-23] (Adobe Systems Incorporated) Task: {F0265FC3-20B1-4069-B9C3-B431DE2697DA} - System32\Tasks\{17F06A71-0601-42A9-B5DB-F57D4063A6DE} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {FCC9FE11-4486-43AD-A901-3B347B5C4622} - System32\Tasks\{C8CA1BFE-1690-4854-B670-51C2140AF22E} => pcalua.exe -a C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes\Avatar_The_Game_Demo.exe -d C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes Task: {FDB3A3A8-567C-4150-A17A-4444C631180E} - System32\Tasks\{13F537D5-0AB6-4A55-9307-8A4EF1088C32} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-06-09 10:04 - 2015-06-09 10:04 - 00147456 _____ () C:\Users\Spieler.HeikeHarder-HP\AppData\Local\22CAFA80-1433844267-1016-BFEA-A7801F358095\snss5210.tmp 2015-06-09 10:01 - 2015-06-09 10:01 - 00166912 _____ () C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095\hnsbDB0C.tmp 2013-04-05 20:06 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll 2015-06-10 21:01 - 2015-06-10 11:45 - 01649272 _____ () C:\Program Files (x86)\Opera\30.0.1835.59\libglesv2.dll 2015-06-10 21:01 - 2015-06-10 11:45 - 00081016 _____ () C:\Program Files (x86)\Opera\30.0.1835.59\libegl.dll 2015-05-23 12:17 - 2015-05-23 12:17 - 16867504 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\aeriagames.com -> hxxps://aeriagames.com IE trusted site: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\aeriagames.com -> hxxp://aeriagames.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\Control Panel\Desktop\\Wallpaper -> C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe MSCONFIG\startupreg: PDFHook => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{6F159590-F9EE-405C-92E2-5B09FB1D1E6A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe FirewallRules: [{15C67800-BBFC-414C-8B98-E62EFB38C80F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe FirewallRules: [{5F2976A3-5F02-4530-81BC-C10F417059C9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe FirewallRules: [{9BB9333A-7A3D-416E-A0E4-F317493C83B7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe FirewallRules: [{5EE8AE3D-2A41-4343-A174-EE9BFCEA2E71}] => (Allow) C:\Program Files (x86)\Opera\opera.exe FirewallRules: [{801DFBD7-522B-4A71-B7A9-7E9A8D88B387}] => (Allow) C:\Program Files (x86)\Opera\opera.exe FirewallRules: [{819340E0-4709-4B64-82F4-D89223B8A6C6}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe FirewallRules: [{0D722415-C356-4E7A-9941-278232AEC200}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe FirewallRules: [{2417B56B-554C-4657-8B50-852585B2E81D}] => (Allow) C:\Program Files (x86)\Dragon Age 2 Demo\bin_ship\DragonAge2Demo.exe FirewallRules: [{6D2EFA79-1591-4229-ADED-3A9BF9ED94D3}] => (Allow) C:\Program Files (x86)\Dragon Age 2 Demo\bin_ship\DragonAge2Demo.exe FirewallRules: [{DA761083-4AE2-4205-8FA1-3D4FC39174E9}] => (Allow) C:\Program Files (x86)\Dragon Age 2 Demo\DragonAge2Launcher.exe FirewallRules: [{6CAA586A-27DE-43D7-8818-75299052AFF2}] => (Allow) C:\Program Files (x86)\Dragon Age 2 Demo\DragonAge2Launcher.exe FirewallRules: [{E1E09099-0C3D-4267-8C27-9AFDC4248662}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe FirewallRules: [{4C2186E3-9B2C-4DFC-9BC5-FAAA86C17D21}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe FirewallRules: [{1B31A976-1337-49BE-8C38-F5FE83BB2441}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe FirewallRules: [{AD0C4460-7E65-48B5-8A3D-096B2DEC0741}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe FirewallRules: [{527ED179-B165-41C6-9F32-FB2A75BEEDDD}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe FirewallRules: [{86CA4E5F-CF1F-4998-B0BD-5838CD69FDA4}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe FirewallRules: [{60A927CB-5486-4AA3-9BF0-6DF4EB2AB853}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\DragonAgeToolset.exe FirewallRules: [{57340D1C-15C1-404D-A584-53AD4B9F19E1}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\DragonAgeToolset.exe FirewallRules: [{6B768E72-FEC5-456A-B142-322071645CBF}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\RPU.exe FirewallRules: [{B73B0F07-E28B-4187-8A52-D984FFF7E134}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\RPU.exe FirewallRules: [{6035805E-318D-4499-A13A-95BEFDF23CA1}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\lightmapper\eclipseRay.exe FirewallRules: [{ADABE4D9-B04B-4D9D-AB65-F804AB21F7DD}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\lightmapper\eclipseRay.exe FirewallRules: [{33BC236E-319D-4F0E-9A41-AF97BD24809C}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\GffEditor.exe FirewallRules: [{CBF1DDE2-F642-4B95-BFFD-1E71B39BAE4F}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\GffEditor.exe FirewallRules: [{63B9C041-4F50-4FAD-B40F-27E4D04D6307}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\ErfEditor.exe FirewallRules: [{E470A057-8BC1-40E5-A350-5DECCC4BFD86}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\ErfEditor.exe FirewallRules: [{2516B809-1052-430A-9339-F87AFE54D08B}] => (Allow) C:\Program Files (x86)\Electronic Arts\Dragon Age™ II\DragonAge2Launcher.exe FirewallRules: [{6E176826-C3CC-47C0-A9CF-4704BCC2BB48}] => (Allow) C:\Program Files (x86)\Electronic Arts\Dragon Age™ II\DragonAge2Launcher.exe FirewallRules: [{F6176C02-071E-4D22-AC74-BCB85B133D11}] => (Allow) C:\Program Files (x86)\Electronic Arts\Dragon Age™ II\bin_ship\DragonAge2.exe FirewallRules: [{4C3FDC35-B0E4-47CB-BFD5-DBD2BCC9CFCA}] => (Allow) C:\Program Files (x86)\Electronic Arts\Dragon Age™ II\bin_ship\DragonAge2.exe FirewallRules: [TCP Query User{4A5854F6-3ED6-4662-94C1-97E82CFC80AE}C:\program files (x86)\dragon age\bin_ship\eacoreserver.exe] => (Allow) C:\program files (x86)\dragon age\bin_ship\eacoreserver.exe FirewallRules: [UDP Query User{98430E31-A9F5-4B51-91B0-58E0A6749F37}C:\program files (x86)\dragon age\bin_ship\eacoreserver.exe] => (Allow) C:\program files (x86)\dragon age\bin_ship\eacoreserver.exe FirewallRules: [TCP Query User{A5395EBD-934F-4171-9AA1-4723F825F4AE}C:\program files (x86)\klebezettel ng\klebez.exe] => (Allow) C:\program files (x86)\klebezettel ng\klebez.exe FirewallRules: [UDP Query User{FC5C4DA2-977A-41A8-9D62-A2B5869D71D9}C:\program files (x86)\klebezettel ng\klebez.exe] => (Allow) C:\program files (x86)\klebezettel ng\klebez.exe FirewallRules: [{9A8F3F19-5FC4-47B3-8E5D-5EA7812C6017}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{00558BB0-4B05-4A54-B748-CE04997E9F86}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{ED4541F1-ABBC-4A96-95FC-289CED792913}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{5E40CCC2-0209-49F7-ABE4-A4A3808140AE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{798D9C81-1195-4969-A713-DD70955D72F4}] => (Allow) C:\Program Files (x86)\dvdvideosofttoolbar\dtUser.exe FirewallRules: [{05AD985E-D1BB-41CE-9963-5C0791F229E7}] => (Allow) C:\Program Files (x86)\dvdvideosofttoolbar\dtUser.exe FirewallRules: [{A879AB2C-C5C2-4D59-9FF7-5967648EA1E4}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Temp\incredibar_install.exe FirewallRules: [{A5DF45FA-D09F-4E16-9F2C-73D415C0D1FA}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Temp\incredibar_install.exe FirewallRules: [{72D07DA2-B07F-48C9-90EC-7A6456035F7C}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [TCP Query User{AC5A31E6-8323-4D80-A083-983AE9CDB577}C:\program files\computerbild-cloud\cgcclient.exe] => (Allow) C:\program files\computerbild-cloud\cgcclient.exe FirewallRules: [UDP Query User{A87DCF95-4398-4F00-9A18-D76C84D411DA}C:\program files\computerbild-cloud\cgcclient.exe] => (Allow) C:\program files\computerbild-cloud\cgcclient.exe FirewallRules: [{06006B24-8237-47FA-A188-F99C685AA0AF}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe FirewallRules: [{00FE4F15-CA1F-48E9-931E-79E65DB176D0}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe FirewallRules: [TCP Query User{9D3694EF-F427-4978-8858-6C5B6A3D1B83}C:\udk\pinball escape\binaries\win32\udk.exe] => (Allow) C:\udk\pinball escape\binaries\win32\udk.exe FirewallRules: [UDP Query User{68F11D0C-61B3-46EA-AD1D-82B67A2391C9}C:\udk\pinball escape\binaries\win32\udk.exe] => (Allow) C:\udk\pinball escape\binaries\win32\udk.exe FirewallRules: [{2005AB84-160A-4B7E-83DD-885B69882EE0}] => (Allow) C:\Windows\SysWOW64\msiexec.exe FirewallRules: [{73AAF6D2-6053-4400-89EF-F5F6D75EF666}] => (Allow) C:\Windows\SysWOW64\msiexec.exe FirewallRules: [{04AE6B38-E291-4322-8402-E39BB7FC5F9E}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe FirewallRules: [{7EA09265-89F4-45F1-92D8-919D84732F54}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe FirewallRules: [TCP Query User{52CD8642-1A2E-419E-821B-E4FC88BA4F77}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe FirewallRules: [UDP Query User{54430A44-DF12-4CE4-9FFA-930A8E3E626F}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe FirewallRules: [{3569EDD6-A1FB-4041-87F7-13792876F91F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe FirewallRules: [{85AF71EA-EFFB-473C-A395-9D87426EFC4B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe FirewallRules: [{A808E69C-DA8F-4374-86E7-7FBCCD60ACC0}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe FirewallRules: [{E8686FB3-78C2-42DA-9E89-3F94004B54A1}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe FirewallRules: [{17D5A69F-F132-4062-BC8B-BB7D994BB297}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFile.exe FirewallRules: [{1D7119B5-CC02-4584-8B5B-6D64E9837DC6}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFile.exe FirewallRules: [{F344C086-4EC5-4D0D-9FC6-3E5734BC8160}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{B4770A83-1936-4D43-BAFF-FF1F1A3E913C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{F95DA01A-2A07-4A75-B54B-ACB4C96FB9D7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{60571C3F-3945-44E5-9D58-BD8CCF89A086}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{25270CAA-6DA7-44CA-8F26-E05F233E0380}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{066518B3-8AB9-4A2D-A7A6-8627454CB7B5}] => (Allow) LPort=2869 FirewallRules: [{36FD6F47-1A42-48C6-B3AB-8FF6E4FE7F8C}] => (Allow) LPort=1900 FirewallRules: [{473E7DD4-8DDC-446E-ACE1-14C3E428CE05}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [TCP Query User{FCE8FB8E-EB31-40A3-B87B-5011C03156EE}C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{DFD22FBD-D151-4B60-813F-20BF14C58419}C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{4801D630-0C4B-400B-82BB-FAF0BC8D2060}C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{8ABDF673-063C-4BB4-9D46-010988E3B6F2}C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{02615D70-3568-442E-BF65-A2E920150BB8}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{B6C2DD51-1F6A-453D-B67F-6775C2BAC6B3}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [{C6F53048-A8A0-4C36-B97F-DEC635656600}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Temp\DSOClient\dlcache\app.n3app FirewallRules: [{99EFFFB2-EE08-4E70-8336-97503517EBDB}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Temp\DSOClient\dlcache\app.n3app FirewallRules: [{96F2E4DA-42AC-44E5-B29F-C85147507A75}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [TCP Query User{C8A97289-2B12-4581-AFBF-720A9483B8F2}C:\program files (x86)\klebezettel ng\klebez.exe] => (Allow) C:\program files (x86)\klebezettel ng\klebez.exe FirewallRules: [UDP Query User{0CEFB062-4B08-45CE-92F5-C869F16B5862}C:\program files (x86)\klebezettel ng\klebez.exe] => (Allow) C:\program files (x86)\klebezettel ng\klebez.exe FirewallRules: [TCP Query User{28BDC226-A1AB-49CA-954F-88DC7ABAFE31}C:\program files (x86)\opera\opera.exe] => (Allow) C:\program files (x86)\opera\opera.exe FirewallRules: [UDP Query User{628C23BB-80C6-4A9B-B350-BE25BCE4CF97}C:\program files (x86)\opera\opera.exe] => (Allow) C:\program files (x86)\opera\opera.exe FirewallRules: [TCP Query User{47EBC918-0B7E-470A-B943-60C7E80BE457}C:\users\spieler.heikeharder-hp\appdata\local\temp\gw2.exe] => (Allow) C:\users\spieler.heikeharder-hp\appdata\local\temp\gw2.exe FirewallRules: [UDP Query User{6EA8BE3E-5C58-47FD-911F-EE6140C85677}C:\users\spieler.heikeharder-hp\appdata\local\temp\gw2.exe] => (Allow) C:\users\spieler.heikeharder-hp\appdata\local\temp\gw2.exe FirewallRules: [TCP Query User{7F92D705-43AD-43F4-91FA-34FF4ADB8745}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe FirewallRules: [UDP Query User{9D2F2A39-3823-4C30-8A7F-DEAF70E1EE09}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe FirewallRules: [TCP Query User{00B0C59A-BD3C-4C80-AE13-8F392C985195}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{1817EB15-3D9B-49DC-9F7C-1997FB3B1A8A}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [{4DB13907-CDF2-41AD-A816-A0BFBE34D886}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{88C692CA-B695-490F-AE2F-D90445EFCEF3}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{3436E184-A084-4462-A05B-DAD4434654D6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{9DC12100-48C6-42A9-8D02-788648976707}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{41B942A5-51CC-4358-B0B1-136AF036DAC6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{55D9CA2D-F919-46D2-B44E-3DCC76BCFA90}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [TCP Query User{D3107EBB-9BFF-4A22-978D-B005BEC5F034}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe] => (Allow) C:\program files (x86)\thq\titan quest immortal throne\tqit.exe FirewallRules: [UDP Query User{204E4B92-FBE4-42A5-9FE6-0EDE38C450F2}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe] => (Allow) C:\program files (x86)\thq\titan quest immortal throne\tqit.exe FirewallRules: [TCP Query User{6895E600-F1D4-4AD0-9D2B-FF0CCD85943E}C:\windows\syswow64\regsvr32.exe] => (Allow) C:\windows\syswow64\regsvr32.exe FirewallRules: [UDP Query User{149CBE0E-3727-4D5F-A243-E6235A04A67F}C:\windows\syswow64\regsvr32.exe] => (Allow) C:\windows\syswow64\regsvr32.exe FirewallRules: [TCP Query User{B534578A-198E-41DA-AA20-A11D8F94470C}C:\users\spieler.heikeharder-hp\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\spieler.heikeharder-hp\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{F2FF6743-8A62-4455-84EC-C632C3D836BA}C:\users\spieler.heikeharder-hp\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\spieler.heikeharder-hp\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{A8E5E449-3344-4F4C-B038-CA92025C037C}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\Desktop\server\minecraft_server.1.8.1.exe FirewallRules: [{74F86F68-4E08-47B2-9FC6-AB70063DF20E}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\Desktop\server\minecraft_server.1.8.1.exe FirewallRules: [{A3963321-530F-4856-97EA-E7DB21C309B7}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\Desktop\server\minecraft_server.1.8.1.exe FirewallRules: [{C9EA4C5F-377E-4A6E-95B5-A4717710E886}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\Desktop\server\minecraft_server.1.8.1.exe FirewallRules: [{BE9562F2-20A3-4402-B24F-6BD193313BC9}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe FirewallRules: [{192E9E1C-6281-430B-83ED-C2DD54C99FE9}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe FirewallRules: [{8C7766C3-05EE-4070-B396-43A435C2816F}] => (Allow) C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe FirewallRules: [{B7B68659-6728-4AF9-8110-56868CDB24B5}] => (Allow) C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe FirewallRules: [{355D6EEF-77C8-4AD1-80BE-8DA96DE9F6A9}] => (Allow) C:\Program Files (x86)\SimpleFiles\downloader.exe FirewallRules: [{B9FD3AE0-8795-4519-BD55-167EE409B04E}] => (Allow) C:\Program Files (x86)\SimpleFiles\downloader.exe ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Realtek PCIe GBE Family Controller Description: Realtek PCIe GBE Family Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: RTL8168 Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39) Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. ==================== Event log errors: ========================= Application errors: ================== Error: (06/13/2015 06:06:59 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Nur zur Information. Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE} Error: (06/13/2015 06:06:59 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Nur zur Information. Error: Product {90140011-0066-0407-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping... Error: (06/13/2015 05:56:00 PM) (Source: Adobe Version Cue CS2) (EventID: 3) (User: ) Description: VersionCueCS2Tray.exe: openVCService - OpenService() failed <1060> Error: (06/13/2015 00:05:34 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8080 Error: (06/13/2015 00:05:34 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8080 Error: (06/13/2015 00:05:34 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/13/2015 00:05:33 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7082 Error: (06/13/2015 00:05:33 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7082 Error: (06/13/2015 00:05:33 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/13/2015 00:05:32 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6084 System errors: ============= Error: (06/13/2015 06:08:52 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (06/13/2015 06:04:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/13/2015 06:04:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error: (06/13/2015 06:04:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) Management & Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/13/2015 06:04:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/13/2015 06:04:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "LogMeIn Hamachi Tunneling Engine" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/13/2015 06:04:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (06/13/2015 06:04:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error: (06/13/2015 06:04:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/13/2015 06:04:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Microsoft Office: ========================= Error: (06/13/2015 06:06:59 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE} Error: (06/13/2015 06:06:59 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Error: Product {90140011-0066-0407-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping... Error: (06/13/2015 05:56:00 PM) (Source: Adobe Version Cue CS2) (EventID: 3) (User: ) Description: VersionCueCS2Tray.exeopenVCService - OpenService() failed <1060> Error: (06/13/2015 00:05:34 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8080 Error: (06/13/2015 00:05:34 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8080 Error: (06/13/2015 00:05:34 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/13/2015 00:05:33 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7082 Error: (06/13/2015 00:05:33 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7082 Error: (06/13/2015 00:05:33 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/13/2015 00:05:32 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6084 CodeIntegrity Errors: =================================== Date: 2015-06-12 18:34:06.712 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-06-12 18:34:06.619 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-05-02 13:07:32.885 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-05-02 13:07:32.634 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz Percentage of memory in use: 23% Total physical RAM: 8055.08 MB Available physical RAM: 6200.29 MB Total Pagefile: 16108.36 MB Available Pagefile: 14135.1 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:1383.24 GB) (Free:827.78 GB) NTFS Drive d: (HP_RECOVERY) (Fixed) (Total:13.92 GB) (Free:1.72 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1397.3 GB) (Disk ID: B3DBC71D) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1383.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=13.9 GB) - (Type=07 NTFS) ==================== End of log ============================ |
14.06.2015, 15:33 | #9 |
/// the machine /// TB-Ausbilder | Nervige Popups, Videos so wie ständiges selbst Installieren von Anyprotect und MystartseracESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
15.06.2015, 11:57 | #10 |
| Nervige Popups, Videos so wie ständiges selbst Installieren von Anyprotect und MystartseracCode:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=729d05bc4529ad4ea48a1456c5ef33f7 # end=init # utc_time=2015-06-15 08:00:34 # local_time=2015-06-15 10:00:34 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 24329 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=729d05bc4529ad4ea48a1456c5ef33f7 # end=updated # utc_time=2015-06-15 08:01:41 # local_time=2015-06-15 10:01:41 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=729d05bc4529ad4ea48a1456c5ef33f7 # engine=24329 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-06-15 10:45:59 # local_time=2015-06-15 12:45:59 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 153594 185995009 0 0 # scanned=513072 # found=54 # cleaned=54 # scan_time=9857 sh=A385B2D49B4BF03A257FDC9A5BDF48519D9BDA46 ft=1 fh=5fc8f961d29e1729 vn="Variante von Win32/Toolbar.Perion.R evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\csrcc.exe.vir" sh=D4E09E42429B392BCD6E319CC393E1733EB39F32 ft=1 fh=172ef6e102603b07 vn="Variante von Win32/Toolbar.Perion.M evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Dhnayvhf.dll.vir" sh=3E46CC5D3AB43294195071468A0B2ED1EA6977F3 ft=1 fh=ccc74067d5b88276 vn="Variante von Win32/Toolbar.Perion.N evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Huyde.exe.vir" sh=E0ACAC5B1897AF5F14CCD243197F14FC88283F31 ft=1 fh=920b6b958487ce7b vn="Win32/Toolbar.Perion.L evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Jmahzov.exe.vir" sh=817304AE0BF2A6E55B9E2071A5ECC2D5D1F4B000 ft=1 fh=79c62c5f8ec148fd vn="Variante von Win64/Toolbar.Perion.B evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Keeqcb64.dll.vir" sh=2114A39374677E747AEE6A71F785767D9993E2DC ft=1 fh=8a43acb8dfeabe83 vn="Variante von Win32/Toolbar.Perion.Q evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Rbcbc.dll.vir" sh=68472D71C04588B90837A714134599C90AB1582A ft=1 fh=d599a148b89d6c30 vn="Variante von Win32/Toolbar.BitCocktail.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Xeelfeze.dll.vir" sh=059B42946D76E7133F01935D0DE9C01972B46833 ft=1 fh=ccd034a343921961 vn="Variante von Win64/Toolbar.Perion.B evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Xeelfeze64.dll.vir" sh=C4A34D6E0FA31ED130FE470D0DF652972E809CCF ft=1 fh=b47a98c66f99c4f2 vn="Variante von Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Xpnsbedno.dll.vir" sh=CC1E9DA457EFFEB799CBC3958B7237C437A045D2 ft=1 fh=2d5366501691c083 vn="Variante von Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Xpnsbedno64.dll.vir" sh=7C02793B077E77389BF6FF0C835B1A15A78EF2B5 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Firefox\chrome\content\main.js.vir" sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Heike Harder\AppData\Local\nsjD2F4.tmp.vir" sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Heike Harder\AppData\Local\nsmA09A.tmp.vir" sh=4778B3769DC265421CA98D9211683B4A5F1532C8 ft=1 fh=a43338250a33fef3 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Heike Harder\Videos\SoftonicDownloader_fuer_hypercam.exe.vir" sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Spieler.HeikeHarder-HP\AppData\Local\nscD0EB.tmp.vir" sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Spieler.HeikeHarder-HP\AppData\Local\nsjE85C.tmp.vir" sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Spieler.HeikeHarder-HP\AppData\Local\nsnC6FC.tmp.vir" sh=47FBD19BD8614EFA7926BD2C215CD8C8787FAF51 ft=1 fh=601caf80efafcc06 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Heike Harder\Desktop\Anwendungen\Natascha\Natascha\Documents\Tasche\FreeYouTubeToMP3Converter.exe" sh=894D413CCB58223FF6C99C01ECF6524F886738F5 ft=1 fh=483ab3832d808c98 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Heike Harder\Documents\Downloads\Integrated_BrotherSoft_TB.exe" sh=698A03A88D3C1D0613EFCE82138248A3EA21E3E0 ft=1 fh=8b635154fd9f4e78 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Heike Harder\Documents\Downloads\Programme\ashampoo_photo_commander_7_7.60_7659.exe" sh=579CA41AC9C743F424E3B3852504622887F28DB8 ft=1 fh=c8f51c412215ae36 vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Heike Harder\Documents\Downloads\Programme\Babylon8_setup.exe" sh=2EFA02620ADA3216BD219998D4C9405D75838A61 ft=1 fh=3df0639353844df0 vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Heike Harder\Documents\Downloads\Programme\BearShareV8.exe" sh=7C96A6339BBFAFD17EF5A8F8DB286087CDB037C3 ft=1 fh=f18e0338cfc43a42 vn="Variante von Win32/Adware.Trymedia.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Heike Harder\Documents\Downloads\Spiele\MahjongEscapeChinaSetup-dm.exe" sh=9FCD47CC6B6EA68D9300EDC0A5BE92EA55E2EDB2 ft=1 fh=78a9d2c916ca52eb vn="Win32/Adware.ConvertAd.SL Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Spieler.HeikeHarder-HP\AppData\Local\22CAFA80-1433844267-1016-BFEA-A7801F358095\onsh5221.tmp" sh=30A9A8CCE9DC287793DD7EE6BB3101B96B6AC508 ft=1 fh=790637f2cee9dd73 vn="Variante von Win32/Adware.ConvertAd.RS.gen Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Spieler.HeikeHarder-HP\AppData\Local\22CAFA80-1433844267-1016-BFEA-A7801F358095\pnsh5222.exe" sh=D5FC5B3B78EF7C776B52E4A7797AF866D7EF8E1A ft=1 fh=3c58a1596064b560 vn="Variante von Win32/Adware.ConvertAd.TB Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Spieler.HeikeHarder-HP\AppData\Local\22CAFA80-1433844267-1016-BFEA-A7801F358095\rnsh5220.exe" sh=2FC0282999B55E12D56BF499F39943CE3A4439AB ft=1 fh=c71c0011186352fa vn="Win32/Adware.ConvertAd.SK Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\Users\Spieler.HeikeHarder-HP\AppData\Local\22CAFA80-1433844267-1016-BFEA-A7801F358095\snss5210.tmp" sh=4D54E6FAE6C880FCE904E21EB7E5E703AEBF2996 ft=1 fh=d21daf4bfbe08b4f vn="Variante von Win32/ELEX.CL evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1DH5W9W7\cmi_mystartsearch[1].exe" sh=38589E87AC387B691F4F99F0420A49A50AD52995 ft=1 fh=0d68d3f5dc74fddb vn="Win32/Adware.ConvertAd.ST Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1DH5W9W7\policyname[1].exe" sh=9B6B7AC716102D56471DC705B764D148FAEADF24 ft=1 fh=2262221af01c6220 vn="Variante von Win32/Adware.ConvertAd.SZ Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1DH5W9W7\VOsrv[1].exe" sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLX7CAQC\AnyProtectSetup[1].exe" sh=BD4751E4797043C0A1F4D74EBCA1E1BC325A8F0F ft=1 fh=3aa7b8e8f10141cd vn="Variante von Win32/InstallCore.VV evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R60G6JHJ\Setup[1].exe" sh=AC597FF4CDB2DDBF589DF3B167DB49829DF30F81 ft=1 fh=3993e54b2ba8c468 vn="Variante von Win32/Adware.ConvertAd.RU Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RQ1D89UY\SearchUpdater[1].exe" sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Spieler.HeikeHarder-HP\AppData\LocalLow\FreeSoundRecorder\ldrtbFree.dll" sh=7910B36E711E50FE50641CC14ABAB37DFAB53828 ft=1 fh=6c4c2228c46bf4b5 vn="Win32/Adware.ConvertAd.SJ Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095\hnsbDB0C.tmp" sh=9B6B7AC716102D56471DC705B764D148FAEADF24 ft=1 fh=2262221af01c6220 vn="Variante von Win32/Adware.ConvertAd.SZ Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095\nse1EB5.tmp" sh=96B70FE249DC9D539A2452B2FD64D61B3E6D30BD ft=1 fh=9a45bb885725b899 vn="Variante von Win32/Adware.ConvertAd.TC Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095\nsi1D43.tmp" sh=96B70FE249DC9D539A2452B2FD64D61B3E6D30BD ft=1 fh=9a45bb885725b899 vn="Variante von Win32/Adware.ConvertAd.TC Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095\nst2858.tmp" sh=9C021D99184CE5B01AA6C8F181C275570AD251D9 ft=1 fh=5bd5fe2fcbf7c06b vn="Variante von Win32/Adware.ConvertAd.SO Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095\nszC243.tmp" sh=D5FC5B3B78EF7C776B52E4A7797AF866D7EF8E1A ft=1 fh=3c58a1596064b560 vn="Variante von Win32/Adware.ConvertAd.TB Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095\rnsmC333.exe" sh=2F77E94677222E6236AB87F52E0BA7F01C1BD8C9 ft=1 fh=41bf9a26f4869404 vn="Variante von Win32/Adware.ConvertAd.TC Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095\vnsg91CD.tmp" sh=E3B1E2DE8D8401C8162D56A31043D2940F2222A7 ft=1 fh=1ccd9d770453486a vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Spieler.HeikeHarder-HP\Desktop\Ann-Cathrin\Documents\ACH\Documents\Ac\Eigene Dateien\ablage\FreeAudioConverter.exe" sh=5E588264B04A1CDC3F60E07E94EF2F510356F2B4 ft=1 fh=e8af7bd24140a2e6 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Spieler.HeikeHarder-HP\Documents\simboapp.exe" sh=6CAC5AC1BD62E9BD8C20773F6EF77D2D3C22F219 ft=1 fh=ed69c0f9230932f8 vn="Win32/Somoto.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes\CheatEngine61.exe" sh=DFD5F7A9EA55A9564B60E3FCFE9E7A0138805707 ft=1 fh=1522edb60d2c3866 vn="Variante von Win32/SmartFileAdvisor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes\isobuster_all_lang.exe" sh=BCBD47A2AFB0A7956BBF88F9F625E00D17319CAB ft=1 fh=220efb76e017b9c0 vn="Win32/RegistryBooster evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes\registrybooster.exe" sh=675FD111C7B08393436B694A297AD0C20FE5CB4F ft=1 fh=7cce267f006e47f6 vn="Win32/SoftonicDownloader.D evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes\SoftonicDownloader_fuer_diablo-iii.exe" sh=85F6B3AB1A04937B9E7195EB16CBC84DABA2AA52 ft=1 fh=df624f38fad82202 vn="Variante von Win32/WinloadSDA.J evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes\Diabolo\Diablo-3-Demo-Setup.exe" sh=EFFFD2D3E286AE81EB317EC03425DF77196F81E2 ft=1 fh=7a2a47bf6d0242e9 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes\Dragensang Online\SoftonicDownloader_fuer_vindictus.exe" sh=52688822795B418DD902AD3ECB2AEC4B9F6D9EBD ft=1 fh=d8d8761cfad82202 vn="Variante von Win32/WinloadSDA.J evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes\Guild-Wars\Guild-Wars-2-Demo-Setup.exe" sh=60479F0E1541F9C7122C2C60D739A6FDD2357488 ft=1 fh=0155faa485b69c08 vn="Variante von Generik.MSLHOFC Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes\Torchlight\_savegame\torchlight_savegame_editor\Torchlight_Save_edit1.0.exe" sh=E8CD33623287C08C7CC3662A042E45522654BB30 ft=1 fh=7cd3b160b0dbd4bd vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Spieler.HeikeHarder-HP\Documents\RIFT\FreeYouTubeToMP3Converter37.exe" sh=4C79F38046E4B7E9AB8C05FBCA5231D7819273A0 ft=1 fh=15f95e91c25bf745 vn="Win32/ReImageRepair.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Spieler.HeikeHarder-HP\Downloads\ReimageRepair.exe" sh=672E9D6FB9B1CF47ACA936E17D43776E5E89A487 ft=1 fh=3ca9fa5b35d6fe69 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll" Code:
ATTFilter Results of screen317's Security Check version 1.002 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 17.0.0.188 Adobe Reader 10.1.13 Adobe Reader out of Date! Mozilla Thunderbird (3.1.7) Thunderbird out of Date! ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015 Ran by Spieler (administrator) on HEIKEHARDER-HP on 15-06-2015 12:55:36 Running from C:\Users\Spieler.HeikeHarder-HP\Downloads Loaded Profiles: Spieler (Available Profiles: Heike Harder & Spieler & UpdatusUser & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\alg.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-24] (Realtek Semiconductor) HKLM\...\Run: [shopperz] => C:\Program Files\shopperz\Huyde.exe HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\Huyde64.exe HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Version Cue CS2] => c:\Users\Heike Harder\Documents\Downloads\Creative Suite 2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-12-08] (Apple Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Run: [Akamai NetSession Interface] => C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.) HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Run: [vm6] => C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\M6 Processing\vm6.exe [175424 2014-03-19] () HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Run: [Amazon Music] => C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] () HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Run: [DriverMax] => "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -agent Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013-02-01] ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011-02-11] () Startup: C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2013-03-18] () Startup: C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2013-03-18] () ShellIconOverlayIdentifiers: [CloudIcon_DOWNLOAD] -> {C3DBFBE2-A521-4619-9F32-502318CB4EC2} => C:\Program Files\COMPUTERBILD-Cloud\ShellExt64.dll [2012-04-25] (CyberGhost SRL) ShellIconOverlayIdentifiers: [CloudIcon_ERROR] -> {851C758E-C636-4045-B323-059931A3A331} => C:\Program Files\COMPUTERBILD-Cloud\ShellExt64.dll [2012-04-25] (CyberGhost SRL) ShellIconOverlayIdentifiers: [CloudIcon_INSYNC] -> {580030D3-492E-45EA-A1C9-A0AC525BEB26} => C:\Program Files\COMPUTERBILD-Cloud\ShellExt64.dll [2012-04-25] (CyberGhost SRL) ShellIconOverlayIdentifiers: [CloudIcon_REFRESH] -> {FEBF62C8-B6B3-43B7-BEC4-1A9CD61BDCD2} => C:\Program Files\COMPUTERBILD-Cloud\ShellExt64.dll [2012-04-25] (CyberGhost SRL) ShellIconOverlayIdentifiers: [CloudIcon_UPLOAD] -> {EBED3602-8915-43F9-81F7-CAA6FC4F70D6} => C:\Program Files\COMPUTERBILD-Cloud\ShellExt64.dll [2012-04-25] (CyberGhost SRL) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled ProxyServer: [.DEFAULT] => http=127.0.0.1:60245;https=127.0.0.1:60245 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007 -> Backup.Old.DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-30] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) BHO: shopperz -> {d0174004-bb12-464b-b666-9ba9bdbd750a} -> C:\Program Files\shopperz\Gaalmi64.dll No File BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-30] (Oracle Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-05-11] (RealPlayer) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) Toolbar: HKLM-x32 - No Name - !!{D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.) Toolbar: HKU\.DEFAULT -> No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File Toolbar: HKU\.DEFAULT -> No Name - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File Toolbar: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-23] () FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-30] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-30] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-23] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-11-14] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @real.com/nppl3260;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2012-05-11] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll [2012-05-11] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-05-11] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-05-11] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2012-05-11] (RealPlayer) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2355925718-3238339638-3018866954-1007: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Spieler.HeikeHarder-HP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-08-20] (Unity Technologies ApS) FF user.js: detected! => C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\user.js [2015-06-09] FF Extension: WEB.DE MailCheck - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\Extensions\toolbar@web.de.xpi [2014-01-25] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-01-25] FF HKLM\...\Firefox\Extensions: [{d0174004-bb12-464b-b666-9ba9bdbd750a}] - C:\Program Files\shopperz\Firefox FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-05-11] FF HKLM-x32\...\Firefox\Extensions: [{d0174004-bb12-464b-b666-9ba9bdbd750a}] - C:\Program Files\shopperz\Firefox FF Extension: No Name - C:\Program Files (x86)\Better-Surf\ff [not found] FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [not found] FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-08] FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha718\ff [not found] FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1479\ff [not found] FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3700\ff [not found] FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha9390\ff [not found] FF Extension: No Name - C:\Program Files (x86)\SuperLyrics\FF [not found] FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta541\ff [not found] FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha701\ff [not found] FF Extension: No Name - C:\Program Files\Video downloader\Firefox [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\4433da5b-eb52-495d-8865-b2a7468567f6@927544a3-fdfb-4485-a78b-21e1113eee35.com [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\crossriderapp2258@crossrider.com [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\e46480cf-7cf6-495e-af69-573053f52c72@b33ab36d-5952-49aa-adb2-a41b3dbe51a5.com [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\ffxtlbr@babylon.com [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\ffxtlbr@funmoods.com [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\lightningnewtab@gmail.com.xpi [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\{17372c46-39f1-4c28-8f8c-b25d9b57d042} [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [not found] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found] Opera: ======= OPR Extension: (DVDVideoSoft) - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Opera Software\Opera Stable\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-05-02] StartMenuInternet: (HKLM) Opera - C:\Program Files (x86)\Opera\Opera.exe hxxp://www.mystartsearch.com/?type=sc&ts=1433839150&z=896e5b047982f8f49d7236eg2z9c6cdb1c8t6g7w3o&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612 ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 ABBYY.Licensing.FineReader.Professional.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [814344 2009-12-22] (ABBYY) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-01] (Adobe Systems) [File not signed] S4 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] () R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG) S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed] S2 DokanMounter; C:\Program Files\COMPUTERBILD-Cloud\Data\Tools\mounter.exe [14848 2012-02-15] () [File not signed] S4 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-01-27] (Macrovision Europe Ltd.) [File not signed] S4 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [681528 2010-08-06] (Hewlett-Packard) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S2 MSSQL$BWDATOOLSET; C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-09] (Electronic Arts) S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc) S2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.) S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2010-08-19] () S3 Soda PDF 2012 Helper Service; C:\Program Files (x86)\Soda PDF 2012\HelperService.exe [827224 2012-01-27] (LULU Software) S2 Soda PDF 2012 Service; C:\Program Files (x86)\Soda PDF 2012\ConversionService.exe [905560 2012-01-27] (LULU Software) S2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21600 2013-03-14] (Advanced Micro Devices, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [558592 2007-05-16] (Atheros Communications, Inc.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-03-19] (AVG Technologies) R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2012-02-15] (Windows (R) Win 7 DDK provider) S3 GrabsterSeries.X64; C:\Windows\System32\DRIVERS\GrabsterSeries.X64.SYS [377152 2010-01-22] () S3 hid7906; C:\Windows\SysWOW64\drivers\hid7906.sys [34963 2007-12-12] (Compuware Corporation) [File not signed] S3 hid8101; C:\Windows\SysWOW64\drivers\hid8101.sys [37024 2007-12-03] (Compuware Corporation) [File not signed] S3 hid8103; C:\Windows\SysWOW64\drivers\hid8103.sys [34587 2007-11-28] (Compuware Corporation) [File not signed] S3 iComp; C:\Windows\System32\DRIVERS\p2usbhum.sys [1794112 2009-12-09] (Conexant Systems Inc.) R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF64.sys [157696 2011-10-20] (Matrox Graphics Inc.) S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation ) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [32936 2015-02-05] (Synaptics Incorporated) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2011-08-04] () [File not signed] S3 usbio; C:\Windows\System32\Drivers\dsiarhwprog_x64.sys [51600 2007-02-08] (Thesycon GmbH, Germany) S3 ZD1211BU(ZyDAS); C:\Windows\System32\DRIVERS\zd1211Bu.sys [493440 2005-10-28] (ZyDAS Technology Corporation) S3 ZDPSp50a64; C:\Windows\SysWOW64\Drivers\ZDPSp50a64.sys [31744 2005-03-18] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] U3 avro4yj0; C:\Windows\System32\Drivers\avro4yj0.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 connctfy; system32\DRIVERS\connctfy.sys [X] S3 connctfyMP; system32\DRIVERS\connctfy.sys [X] S3 cpuz134; \??\C:\Users\SPIELE~1.HEI\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S1 toqvakfe; \??\C:\Windows\system32\drivers\toqvakfe.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-15 12:55 - 2015-06-15 12:56 - 00025452 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\FRST.txt 2015-06-15 10:00 - 2015-06-15 10:00 - 00000000 ____D C:\Program Files (x86)\ESET 2015-06-15 09:59 - 2015-06-15 09:59 - 02870984 _____ (ESET) C:\Users\Spieler.HeikeHarder-HP\Downloads\esetsmartinstaller_deu.exe 2015-06-15 09:59 - 2015-06-15 09:59 - 00852639 _____ C:\Users\Spieler.HeikeHarder-HP\Desktop\SecurityCheck.exe 2015-06-13 18:05 - 2015-06-13 18:05 - 00002856 _____ C:\Users\Spieler.HeikeHarder-HP\Desktop\JRT.txt 2015-06-13 18:04 - 2015-06-13 18:04 - 00000207 _____ C:\Windows\tweaking.com-regbackup-HEIKEHARDER-HP-Windows-7-Home-Premium-(64-bit).dat 2015-06-13 18:04 - 2015-06-13 18:04 - 00000000 ____D C:\RegBackup 2015-06-13 17:29 - 2015-06-13 18:15 - 00000000 ____D C:\AdwCleaner 2015-06-13 17:28 - 2015-06-13 17:28 - 02943739 _____ (Thisisu) C:\Users\Spieler.HeikeHarder-HP\Downloads\JRT.exe 2015-06-13 17:28 - 2015-06-13 17:28 - 02231296 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\AdwCleaner_4.206.exe 2015-06-12 18:45 - 2015-06-12 18:45 - 00001198 _____ C:\Users\Public\Desktop\Avira.lnk 2015-06-12 18:45 - 2015-06-12 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-06-12 18:44 - 2015-06-12 18:44 - 04683232 _____ (Avira Operations GmbH & Co. KG) C:\Users\Spieler.HeikeHarder-HP\Downloads\avira_de_av_557b041b509c2__ws.exe 2015-06-12 18:36 - 2015-06-12 18:36 - 00035225 _____ C:\ComboFix.txt 2015-06-12 18:22 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2015-06-12 18:22 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2015-06-12 18:22 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-06-12 18:22 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-06-12 18:22 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-06-12 18:22 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2015-06-12 18:22 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2015-06-12 18:22 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2015-06-12 18:07 - 2015-06-12 18:36 - 00000000 ____D C:\Qoobox 2015-06-12 18:06 - 2015-06-12 18:35 - 00000000 ____D C:\Windows\erdnt 2015-06-12 18:04 - 2015-06-12 18:04 - 05628161 ____R (Swearware) C:\Users\Spieler.HeikeHarder-HP\Downloads\ComboFix.exe 2015-06-11 20:03 - 2015-06-15 12:49 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Downloads\FRST-app 2015-06-11 18:34 - 2015-06-13 17:55 - 00008496 _____ C:\Windows\PFRO.log 2015-06-11 18:34 - 2015-06-13 17:55 - 00000448 _____ C:\Windows\setupact.log 2015-06-11 18:34 - 2015-06-11 18:34 - 00000000 _____ C:\Windows\setuperr.log 2015-06-11 17:48 - 2015-06-11 17:51 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Desktop\Santiano 2015-06-11 13:04 - 2015-06-13 18:07 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Downloads\FRST-OlderVersion 2015-06-11 10:00 - 2015-06-11 10:00 - 00153880 _____ C:\Users\Heike Harder\AppData\Local\GDIPFONTCACHEV1.DAT 2015-06-10 20:57 - 2015-06-10 20:57 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\MailUpdate 2015-06-10 11:29 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-06-10 11:29 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-06-10 11:29 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-06-10 11:29 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-06-10 11:29 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-06-10 11:29 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-06-10 11:29 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-06-10 11:29 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-06-10 11:29 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-06-10 11:29 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-06-10 11:29 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-06-10 11:29 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-06-10 11:29 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-06-10 11:29 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-06-10 11:29 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-06-10 11:29 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-06-10 11:29 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-06-10 11:29 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-06-10 11:29 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-06-10 11:29 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-06-10 11:29 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-06-10 11:29 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-06-10 11:29 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-06-10 11:29 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-06-10 11:29 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-06-10 11:29 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-06-10 11:29 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-06-10 11:29 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-06-10 11:29 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-06-10 11:29 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-06-10 11:29 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-06-10 11:29 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-06-10 11:29 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-06-10 11:29 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-06-10 11:29 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-06-10 11:29 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-06-10 11:29 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-06-10 11:29 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-06-10 11:29 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-06-10 11:29 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-06-10 11:29 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-06-10 11:29 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-06-10 11:29 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-06-10 11:29 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-06-10 11:29 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-06-10 11:29 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-06-10 11:29 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-06-10 11:29 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-06-10 11:29 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-06-10 11:29 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-06-10 11:29 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-06-10 11:29 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-06-10 11:29 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-06-10 11:29 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-06-10 11:29 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-06-10 11:29 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-06-10 11:29 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-06-10 11:29 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-06-10 11:29 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-06-10 11:29 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-06-10 11:28 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-06-10 11:24 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-06-10 11:24 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-06-10 11:24 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-06-10 11:24 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-06-10 11:24 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-06-10 11:24 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-06-10 11:24 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-06-10 11:24 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-06-10 11:24 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-06-10 11:24 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-06-10 11:24 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-06-10 11:24 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-06-10 11:23 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-06-10 11:23 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-06-10 11:23 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-06-10 11:23 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-06-10 11:23 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-06-10 11:23 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-06-10 11:23 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-06-10 11:23 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-06-10 11:23 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-06-10 11:23 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-06-10 11:23 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-06-10 11:23 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-06-10 11:23 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-06-10 11:23 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-06-10 11:23 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-06-10 11:23 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-06-10 11:23 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-06-10 11:23 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-06-10 11:23 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-06-10 11:23 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-06-10 11:23 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-06-10 11:23 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-06-10 11:23 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-06-10 11:23 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-06-10 11:23 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-06-10 11:23 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-06-10 11:23 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-06-10 11:23 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-06-10 11:23 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2015-06-10 11:23 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2015-06-10 11:23 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys 2015-06-09 21:01 - 2015-06-09 21:01 - 00000000 _____ C:\Windows\prleth.sys 2015-06-09 21:01 - 2015-06-09 21:01 - 00000000 _____ C:\Windows\hgfs.sys 2015-06-09 20:07 - 2015-06-11 03:33 - 00506848 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-09 17:00 - 2015-06-09 19:45 - 00000000 ____D C:\Users\Heike Harder\Documents\The Witcher 3 2015-06-09 15:14 - 2015-06-09 15:14 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Spieler.HeikeHarder-HP\Downloads\revosetup95 (1).exe 2015-06-09 12:19 - 2015-06-09 12:19 - 00000000 ____D C:\Users\Heike Harder\AppData\Local\Steam 2015-06-09 10:41 - 2015-06-09 10:41 - 00000000 ____D C:\Windows\SysWOW64\Flash 2015-06-09 10:04 - 2015-06-15 12:44 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Local\22CAFA80-1433844267-1016-BFEA-A7801F358095 2015-06-09 10:01 - 2015-06-15 12:44 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095 2015-06-09 10:01 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak 2015-06-09 09:59 - 2015-06-09 09:59 - 03824002 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\reimage_repair_keygen.zip 2015-06-08 23:22 - 2015-06-08 23:06 - 45315620 _____ C:\Users\Spieler.HeikeHarder-HP\Desktop\Produce_0.wmv 2015-06-08 16:24 - 2015-06-08 16:35 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Desktop\stream musik 2015-06-05 14:23 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-06-05 14:23 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-06-05 14:23 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-06-05 14:23 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-06-05 14:23 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-06-05 14:23 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-06-05 14:23 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-06-05 14:23 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-06-04 22:08 - 2015-06-13 11:50 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Desktop\server new 2015-06-04 22:08 - 2015-06-04 22:09 - 10174813 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\minecraft_server.1.8.6.exe 2015-06-03 23:21 - 2015-06-03 23:21 - 28683704 _____ (DVDVideoSoft Ltd. ) C:\Users\Spieler.HeikeHarder-HP\Downloads\FreeVideoToJPGConverter (2).exe 2015-05-28 21:19 - 2015-05-28 21:19 - 03716517 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\powersaves3ds-software-128.zip 2015-05-28 21:19 - 2015-05-28 13:45 - 03747890 _____ (Datel Design & Development ) C:\Users\Spieler.HeikeHarder-HP\Downloads\powersaves_setup_v1.28.exe 2015-05-27 11:22 - 2015-05-27 11:22 - 00684008 _____ (Opera Software) C:\Users\Spieler.HeikeHarder-HP\Downloads\Opera_NI_stable.exe 2015-05-24 20:50 - 2015-06-03 12:24 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Desktop\all ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-15 12:55 - 2015-04-01 23:18 - 00000000 ____D C:\FRST 2015-06-15 12:45 - 2012-10-02 22:41 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Documents\RIFT 2015-06-15 12:45 - 2011-01-29 13:53 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes 2015-06-15 12:20 - 2012-06-04 16:38 - 01876608 _____ C:\Windows\WindowsUpdate.log 2015-06-15 12:05 - 2011-01-27 20:36 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-15 12:05 - 2011-01-27 20:36 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-15 09:37 - 2009-07-14 06:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-15 09:37 - 2009-07-14 06:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-14 22:47 - 2013-01-20 00:21 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Skype 2015-06-14 16:11 - 2014-06-25 12:44 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Powersaves3DS 2015-06-14 15:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2015-06-14 11:49 - 2013-03-18 22:19 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Apps\2.0 2015-06-14 11:45 - 2013-09-03 22:45 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\TS3Client 2015-06-14 00:41 - 2011-01-07 21:54 - 00799382 _____ C:\Windows\system32\perfh007.dat 2015-06-14 00:41 - 2011-01-07 21:54 - 00188890 _____ C:\Windows\system32\perfc007.dat 2015-06-14 00:41 - 2009-07-14 07:13 - 01903918 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-14 00:17 - 2013-01-07 23:41 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\.minecraft 2015-06-13 18:07 - 2015-04-01 23:18 - 02109952 _____ (Farbar) C:\Users\Spieler.HeikeHarder-HP\Downloads\FRST64.exe 2015-06-13 17:56 - 2014-06-24 16:10 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Local\LogMeIn Hamachi 2015-06-13 17:56 - 2011-03-16 16:37 - 00000441 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2015-06-13 17:55 - 2015-02-19 17:01 - 00000308 _____ C:\Windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job 2015-06-13 17:55 - 2011-03-09 17:38 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\PDF Software 2015-06-13 17:55 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-13 17:53 - 2015-05-12 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher Enhanced Edition 2015-06-13 17:53 - 2013-12-16 09:15 - 00001000 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 30.lnk 2015-06-13 17:53 - 2011-04-06 19:06 - 00001031 _____ C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-06-13 11:49 - 2015-02-05 11:50 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Desktop\server 2015-06-12 18:45 - 2014-08-06 12:01 - 00000000 ____D C:\ProgramData\Package Cache 2015-06-12 18:45 - 2014-06-24 19:23 - 00000000 ____D C:\ProgramData\Avira 2015-06-12 18:45 - 2014-06-24 19:23 - 00000000 ____D C:\Program Files (x86)\Avira 2015-06-12 18:36 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2015-06-12 18:34 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2015-06-12 18:11 - 2015-02-19 17:01 - 00002586 _____ C:\Windows\System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c 2015-06-11 18:35 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2015-06-11 17:51 - 2011-07-10 23:06 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\vlc 2015-06-11 14:51 - 2015-02-17 13:50 - 00002409 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\desmume.ini 2015-06-11 14:50 - 2014-08-28 20:02 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Documents\lp 2015-06-11 12:57 - 2012-08-16 23:15 - 00000000 ____D C:\Program Files (x86)\Pando Networks 2015-06-11 10:00 - 2014-09-30 21:27 - 00000000 ____D C:\Users\Heike Harder\AppData\Local\LogMeIn Hamachi 2015-06-11 04:24 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-06-11 03:38 - 2014-06-03 11:02 - 00003860 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1387178156 2015-06-11 03:38 - 2011-01-27 12:58 - 00000000 ____D C:\Program Files (x86)\Opera 2015-06-11 03:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-06-11 03:07 - 2013-08-16 09:04 - 00000000 ____D C:\Windows\system32\MRT 2015-06-11 03:02 - 2011-01-31 19:17 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-06-09 21:05 - 2012-09-11 10:43 - 00000000 ____D C:\ProgramData\NexonUS 2015-06-09 20:23 - 2012-06-12 19:26 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-06-09 20:23 - 2012-03-07 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2015-06-09 19:45 - 2011-01-07 21:18 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-06-09 16:39 - 2014-12-14 18:06 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\OBS 2015-06-09 14:59 - 2011-01-29 14:11 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\SoftGrid Client 2015-06-09 12:14 - 2011-03-04 12:43 - 00000000 ____D C:\ProgramData\Origin 2015-06-09 12:09 - 2011-07-07 09:25 - 00000000 ____D C:\Users\Heike Harder\AppData\Local\Origin 2015-06-09 12:08 - 2011-07-07 09:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2015-06-09 12:08 - 2011-07-07 09:23 - 00000000 ____D C:\Program Files (x86)\Origin 2015-06-09 11:28 - 2014-09-30 21:27 - 00002555 _____ C:\Users\Heike Harder\Desktop\Google Chrome.lnk 2015-06-09 11:28 - 2011-04-07 08:16 - 00001729 _____ C:\Users\Heike Harder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-06-09 10:57 - 2011-02-11 12:08 - 00000000 ____D C:\Users\Heike Harder\AppData\Roaming\PDF Software 2015-06-08 19:08 - 2015-02-17 13:51 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Downloads\Battery 2015-06-08 19:08 - 2014-08-21 22:58 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Desktop\uni 2015-06-08 18:49 - 2013-10-04 14:37 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\alles 2015-06-08 15:37 - 2015-05-11 21:44 - 00000512 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\Digimon - Battle Spirit (D, F, E).sav 2015-06-08 15:37 - 2015-03-23 11:31 - 00002441 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\vba.ini 2015-06-08 13:41 - 2014-12-14 18:06 - 00000000 ____D C:\Program Files (x86)\OBS 2015-06-08 11:15 - 2014-12-14 18:06 - 00000000 ____D C:\Program Files\OBS 2015-06-06 03:16 - 2014-12-11 04:23 - 00000000 ____D C:\Windows\system32\appraiser 2015-06-06 03:16 - 2014-05-01 03:02 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-06-04 14:57 - 2011-03-02 15:03 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\KlebezettelNG 2015-06-03 23:22 - 2015-04-03 11:17 - 00001514 _____ C:\Users\Public\Desktop\Free Video to JPG Converter.lnk 2015-06-03 23:22 - 2015-04-03 11:17 - 00001247 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2015-06-03 23:22 - 2014-09-21 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-06-03 23:22 - 2014-09-21 20:49 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft 2015-06-03 23:21 - 2012-12-30 13:01 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\DVDVideoSoft 2015-06-03 15:36 - 2012-04-06 20:04 - 00000000 ____D C:\ProgramData\Skype 2015-06-03 09:53 - 2012-04-12 13:23 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-29 11:18 - 2011-01-29 12:51 - 00153880 _____ C:\Users\Spieler.HeikeHarder-HP\AppData\Local\GDIPFONTCACHEV1.DAT 2015-05-28 21:20 - 2014-06-25 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Action Replay PowerSaves 3DS 2015-05-28 21:20 - 2014-06-25 13:55 - 00000000 ____D C:\Program Files (x86)\Action Replay PowerSaves 3DS 2015-05-27 11:18 - 2012-06-08 18:21 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Google 2015-05-25 16:25 - 2015-02-20 21:06 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Downloads\Cheats 2015-05-23 14:27 - 2011-01-27 20:36 - 00000000 ____D C:\Program Files (x86)\Google 2015-05-23 12:17 - 2012-04-12 13:23 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-05-23 12:17 - 2012-04-12 13:23 - 00003824 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-05-23 12:17 - 2011-05-23 10:55 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-05-23 12:16 - 2014-10-17 07:57 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Adobe 2015-05-21 03:00 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-05-21 03:00 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\system32\GWX 2015-05-21 01:01 - 2014-05-02 14:03 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Winamp 2015-05-16 12:58 - 2015-05-15 20:12 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Desktop\pbs 2015-05-16 12:00 - 2011-01-27 20:36 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-16 12:00 - 2011-01-27 20:36 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Files in the root of some directories ======= 2014-08-18 16:36 - 2014-08-18 16:56 - 0004608 _____ () C:\Users\Spieler.HeikeHarder-HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-03-15 15:52 - 2015-03-15 15:52 - 0001507 _____ () C:\Users\Spieler.HeikeHarder-HP\AppData\Local\recently-used.xbel 2014-04-21 13:47 - 2014-04-21 13:47 - 0007600 _____ () C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Resmon.ResmonCfg 2011-12-22 20:26 - 2012-01-03 22:39 - 0001682 ___SH () C:\ProgramData\KGyGaAvL.sys Some files in TEMP: ==================== C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Temp\Quarantine.exe C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-13 18:46 ==================== End of log ============================ |
15.06.2015, 11:58 | #11 |
| Nervige Popups, Videos so wie ständiges selbst Installieren von Anyprotect und Mystartserac [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015 Ran by Spieler at 2015-06-15 12:56:27 Running from C:\Users\Spieler.HeikeHarder-HP\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2355925718-3238339638-3018866954-500 - Administrator - Disabled) Gast (S-1-5-21-2355925718-3238339638-3018866954-501 - Limited - Disabled) => C:\Users\Gast Heike Harder (S-1-5-21-2355925718-3238339638-3018866954-1001 - Administrator - Enabled) => C:\Users\Heike Harder HomeGroupUser$ (S-1-5-21-2355925718-3238339638-3018866954-1013 - Limited - Enabled) Spieler (S-1-5-21-2355925718-3238339638-3018866954-1007 - Administrator - Enabled) => C:\Users\Spieler.HeikeHarder-HP UpdatusUser (S-1-5-21-2355925718-3238339638-3018866954-1012 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3RVX (HKLM-x32\...\{66BB5D8F-D9BD-4799-A9FA-5731B3B7839A}) (Version: 2.5 - matt.malensek.net) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) ABBYY FineReader 10 Professional Edition (HKLM-x32\...\{F1000000-0001-0000-0000-074957833700}) (Version: 10.501.159.70013 - ABBYY) Action Replay DSi Code Manager (HKLM-x32\...\Action Replay DSi Code Manager_is1) (Version: - ) Action Replay PowerSaves 3DS Version 1.28 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.28 - Datel Design & Development) ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.) Adobe Creative Suite 2 (HKLM-x32\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version: - ) Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - ) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated) Adobe Photoshop Elements 6.0 (HKLM-x32\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems, Inc.) Adobe Reader X (10.1.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated) Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.) Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.12.2400) (Version: 1.12.2400 - Aeria Games & Entertainment) Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.12.2400 - Aeria Games & Entertainment) Aeria Ignite (x32 Version: 1.12.2400 - Aeria Games & Entertainment) Hidden Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden Akamai NetSession Interface (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Akamai) (Version: - Akamai Technologies, Inc) Amazon Music (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC) Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ashampoo Burning Studio Elements 10.0.9 (HKLM-x32\...\Ashampoo Burning Studio Elements_is1) (Version: 3.1.1 - Ashampoo GmbH & Co. KG) Ashampoo Office 2008 (C:\Program Files (x86)\Ashampoo\Ashampoo Office 2008) (HKLM-x32\...\sm-un1.u32) (Version: - SoftMaker Software GmbH) Ashampoo Photo Commander 7.60 (HKLM-x32\...\Ashampoo Photo Commander 7_is1) (Version: 7.6.0 - ashampoo GmbH & Co. KG) Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team) Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.10 - Audible, Inc.) Autostart ok-s 2.0 (HKLM-x32\...\{83832C13-FE26-4058-9BEB-89C422F569B3}) (Version: 1.0 - Olaf Koch) Avira (HKLM-x32\...\{0696cc37-db90-4000-be99-4a173ca7c8af}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Hidden Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - ) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden BenVista PhotoZoom Classic 2.0 (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\PhotoZoom Classic 2) (Version: 2.0 - BenVista Ltd) BenVista PhotoZoom Express 3.0 (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\PhotoZoom Express 3) (Version: 3.0 - BenVista Ltd) Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden Brother MFL-Pro Suite MFC-J6510DW (HKLM-x32\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 1.0.20.0 - Brother Industries, Ltd.) Build-a-Lot - The Elizabethan Era (x32 Version: 2.2.0.95 - WildTangent) Hidden Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden CCEnhancer 3.2 (HKLM-x32\...\CCEnhancer) (Version: 3.2 - ) CCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform) Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version: - Dark Byte) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) COMPUTERBILD App-Center (HKLM-x32\...\{21295604-BBCA-4A3E-B1D1-1B8A746C4A52}) (Version: 1.0.23 - J3S) COMPUTERBILD-Cloud (HKLM\...\COMPUTERBILD-Cloud_is1) (Version: - CyberGhost S.R.L.) Curse Client (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\101a9f93b8f0bb6f) (Version: 5.1.1.792 - Curse) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Defraggler (HKLM\...\Defraggler) (Version: 2.01 - Piriform) DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 1.0.1.46 - INTENIUM GmbH) Die Jade-Münze (HKLM-x32\...\Die Jade-Münze) (Version: 1.0.0.0 - INTENIUM GmbH) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden DomainInspect (HKLM-x32\...\DomainInspect) (Version: - AntsSoft) Drakensang 2 Savegame Editor (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Drakensang 2 Savegame Editor) (Version: - Philipp Jardas) Drakensang Savegame Editor (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Drakensang Savegame Editor) (Version: - Philipp Jardas) DriverMax 7 (HKLM-x32\...\DMX5_is1) (Version: 7.53.0.1091 - Innovative Solutions) DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard) DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden DVD Video Soft Toolbar (HKLM-x32\...\dvdvideosofttoolbar) (Version: 1.0.0.12 - ) DVDVideoSoftTB Toolbar (HKLM-x32\...\DVDVideoSoftTB Toolbar) (Version: 6.9.0.16 - DVDVideoSoftTB) EA Shared Game Component: Activation (HKLM-x32\...\com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1) (Version: 2.2.0.62 - Electronic Arts) EA Shared Game Component: Activation (x32 Version: 2.2.0 - Electronic Arts) Hidden EPSON SX430 Series Printer Uninstall (HKLM\...\EPSON SX430 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Free 3GP Video Converter version 5.0.13.608 (HKLM-x32\...\Free 3GP Video Converter_is1) (Version: 5.0.13.608 - DVDVideoSoft Ltd.) Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.) Free Audio Converter version 5.0.21.1212 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.21.1212 - DVDVideoSoft Ltd.) Free Studio version 6.5.0.219 (HKLM-x32\...\Free Studio_is1) (Version: 6.5.0.219 - DVDVideoSoft Ltd.) Free Video to JPG Converter version 5.0.59.525 (HKLM-x32\...\Free Video to JPG Converter_is1) (Version: 5.0.59.525 - DVDVideoSoft Ltd.) Free YouTube Download 3 version 3.0.6.715 (HKLM-x32\...\Free YouTube Download 3_is1) (Version: - DVDVideoSoft Limited.) Free YouTube to DVD Converter version 3.0.3.923 (HKLM-x32\...\Free YouTube to DVD Converter_is1) (Version: - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.59.505 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.59.505 - DVDVideoSoft Ltd.) GameWiz32 (HKLM-x32\...\GameWiz32) (Version: 1.43 - Nico Ebert) Geheimnis von Montezuma (HKLM-x32\...\Geheimnis von Montezuma) (Version: 0.0.0.0 - INTENIUM GmbH) Geheimnis von Montezuma 2 (HKLM-x32\...\Geheimnis von Montezuma 2) (Version: 1.0.0.0 - INTENIUM GmbH) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Glitzerndes Troja (HKLM-x32\...\Glitzerndes Troja_is1) (Version: - Contendo Media GmbH) Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.) Harvard Publisher 6.0 (HKLM-x32\...\Harvard Publisher 6.0) (Version: - ) Harvard Publisher 6.0 Inhalts-CD-ROM (HKLM-x32\...\Harvard Publisher 6.0 Inhalts-CD-ROM) (Version: - ) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent) HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard) HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard) HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard) HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard) HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}) (Version: 5.1.8.12 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard) HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard) HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden Hühner-Attacke (HKLM-x32\...\Hühner-Attacke) (Version: 0.0.0.0 - INTENIUM GmbH) Hühner-Rache Deluxe Special (HKLM-x32\...\Hühner-Rache Deluxe Special) (Version: - ) HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.29.01 - Hyperionics Technology LLC) Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) Internet Turbo Engine (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\{28583d9b-8f7d-474c-b990-7328c7428bae}) (Version: 10.197.20.13927 - ReSoft Ltd.) iTunes (HKLM\...\{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}) (Version: 10.5.2.11 - Apple Inc.) Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle) JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH) Jewel Quest II (x32 Version: 2.2.0.95 - WildTangent) Hidden Jewel Quest Solitaire (HKLM-x32\...\Jewel Quest Solitaire) (Version: 1.0.0.0 - INTENIUM GmbH) Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden Jewel Quest Solitaire II (HKLM-x32\...\Jewel Quest Solitaire II) (Version: 1.0.0.0 - INTENIUM GmbH) Jewel Quest Solitaire III (HKLM-x32\...\Jewel Quest Solitaire III) (Version: 1.0.0.0 - INTENIUM GmbH) John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Klebezettel NG (Version 2.9.14) (HKLM-x32\...\{4F81901F-3655-4340-8227-F687F69A3C79}}_is1) (Version: - ) Land der Magie (HKLM-x32\...\Land der Magie) (Version: 1.0.0.0 - INTENIUM GmbH) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) Hidden LoiLo Game Recorder (HKLM\...\{89E4163C-BD19-45A9-BCEB-980741786799}_is1) (Version: 1.1.0.0 - LoiLo inc.) LoiLoScope 2 (HKLM-x32\...\{CAB75FFC-2377-4B95-A8FA-C9234B812A92}_is1) (Version: 2.5.3.2 - LoiLo inc) M6 Processing 1.0 (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\M6 Processing) (Version: 1.0 - Pysy Software S.L.) Magelo Sync (uninstall only) (HKLM\...\Magelo Sync) (Version: - ) MAGIX Filme auf DVD Download-Version (x32 Version: 9.0.1.2 - MAGIX AG) Hidden MAGIX Video deluxe 17 Download-Version (x32 Version: 10.0.1.14 - MAGIX AG) Hidden Mah Jong Quest (HKLM-x32\...\Mah Jong Quest) (Version: 0.0.0.0 - INTENIUM GmbH) Mah Jong Quest II (HKLM-x32\...\Mah Jong Quest II) (Version: 0.0.0.0 - INTENIUM GmbH) Mah Jong Quest III (HKLM-x32\...\Mah Jong Quest III) (Version: 0.0.0.0 - INTENIUM GmbH) Mahjongg – Ancient Egypt (HKLM-x32\...\Mahjongg – Ancient Egypt) (Version: 1.0.0.0 - INTENIUM GmbH) Mahjongg – Ancient Mayas (HKLM-x32\...\Mahjongg – Ancient Mayas) (Version: 0.0.0.0 - INTENIUM GmbH) Mahjongg Artifacts (HKLM-x32\...\Mahjongg Artifacts) (Version: 0.0.0.0 - INTENIUM GmbH) Mahjongg Artifacts 2 (HKLM-x32\...\Mahjongg Artifacts 2) (Version: 0.0.0.0 - INTENIUM GmbH) Mahjongg Dimensions Deluxe: Tiles in Time (HKLM-x32\...\Mahjongg Dimensions Deluxe: Tiles in Time) (Version: 1.0.0.0 - INTENIUM GmbH) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office XP Professional (HKLM-x32\...\{91110407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Moorhuhn Schatzjäger 3 (HKLM-x32\...\Moorhuhn Schatzjäger 3) (Version: 1.00 - phenomedia publishing gmbh) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard) Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden Mozilla Thunderbird (3.1.7) (HKLM-x32\...\Mozilla Thunderbird (3.1.7)) (Version: 3.1.7 (de) - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) Mystery Solitaire: Secret Island (HKLM-x32\...\Mystery Solitaire: Secret Island) (Version: 0.0.0.0 - INTENIUM GmbH) NC Launcher (GameForge) (HKLM-x32\...\NCLauncher_GameForge) (Version: - NCsoft) No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23) Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) NVIDIA 3D Vision Controller-Treiber 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.90 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation) Office-Bibliothek (HKLM-x32\...\{5C81B189-5456-40C4-9313-7FE6FA6DD64C}) (Version: 5.00.3 - Bibliographisches Institut & F.A. Brockhaus AG) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org) Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA) Opera Stable 30.0.1835.59 (HKLM-x32\...\Opera 30.0.1835.59) (Version: 30.0.1835.59 - Opera Software) Origin (HKLM-x32\...\Origin) (Version: 9.1.13.85 - Electronic Arts, Inc.) paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC) PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.) PCSUITE ADVISOR (HKLM-x32\...\PCSUITE_ADVISOR_PRO_is1) (Version: - Markement GmbH) PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company) Pinball Escape (HKLM\...\UDK-4601a1a3-d3ca-4b8b-99ca-a569081d9943) (Version: - Epic Games, Inc.) Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.) PowerDirector (Version: 10.00.0000 - CyberLink Corp.) Hidden QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6622 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden Restricted Area (HKLM-x32\...\Restricted Area_is1) (Version: Restricted Area - Master Creating) Retter in der Not (HKLM-x32\...\Retter in der Not) (Version: 1.0.0.0 - INTENIUM GmbH) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) RIFT (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\RIFT) (Version: - Trion Worlds, Inc.) RIFT Beta (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\RIFT-Beta) (Version: - Trion Worlds, Inc.) Ritter Arthur (HKLM-x32\...\Ritter Arthur) (Version: 1.0.0.0 - INTENIUM GmbH) Scansoft PDF Professional (x32 Version: - ) Hidden Serif PhotoPlus X2 (HKLM-x32\...\{FC935397-C56E-4EE3-B9BC-1F7F3EA6CE41}) (Version: 12.0.3.013 - Serif (Europe) Ltd) Shaiya-DE (HKLM-x32\...\Shaiya-DE) (Version: - ) shopperz 2.0.0.461 (HKLM\...\{d0174004-bb12-464b-b666-9ba9bdbd750a}_is1) (Version: 2.0.0.461 - shopperz) Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.) Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Soda PDF 2012 (HKLM-x32\...\{A5EB5C60-5303-46C2-ABC8-860D94A8A973}) (Version: 2.0.33.2835 - LULU Software) South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH) TeamSpeak 3 Client (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\TeamSpeak 3 Client) (Version: 3.0.12 - TeamSpeak Systems GmbH) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer) The Witcher Enhanced Edition Version 1.6 (HKLM-x32\...\The Witcher Enhanced Edition_is1) (Version: 1.6 - CD Projekt RED) The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD PROJEKT RED) TileSetMaker (HKLM-x32\...\TileSetMaker) (Version: - ) Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore) Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore) TP-LINK Wireless Client Utility (HKLM-x32\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK) TQ Defiler.NET (HKLM-x32\...\{F4CB0C1E-A88F-46D7-AC9A-03B349A8D64F}) (Version: 1.3.7 - Soul's Software) TQVault 2.11 (HKLM-x32\...\TQVault_is1) (Version: - bman654) Treiber-Studio 2013 (HKLM\...\{7660521A-062D-41F5-AA5E-CBA0E0511131}) (Version: 8.0.519 - Publish Data) Unity Web Player (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\UnityWebPlayer) (Version: - Unity Technologies ApS) USB Audio/Video Driver (HKLM-x32\...\InstallShield_{015C057F-D7B9-4D82-B266-FBCF0178F382}) (Version: 1.00.0000 - ) USB Audio/Video Driver (x32 Version: 1.00.0000 - ) Hidden USB Network Driver (HKLM-x32\...\{66ED8E01-C915-41F5-B33E-C5C31F27B885}) (Version: 2007.07.3 - ) Video Thumbnails Maker by Scorp (remove only) (HKLM-x32\...\Video Thumbnails Maker) (Version: - ) ViGlance (HKLM-x32\...\ViGlance) (Version: 1001194 - Lee-Soft.com) Vindictus (HKLM-x32\...\Vindictus) (Version: - ) Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version: - ) Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden Vista Start Menu 3.36 (HKLM-x32\...\Vista Start Menu_is1) (Version: 3.36 - OrdinarySoft) VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN) VP3 Codec Version 3.2.6.1 (HKLM-x32\...\VP3 Codec Version 3.2.6.1) (Version: - ) Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation) Winload Toolbar (HKLM-x32\...\Winload Toolbar) (Version: 6.8.9.0 - Winload) XLink Kai Evolution 7 (HKLM-x32\...\{F90592EC-5E58-4EE6-A333-EC05ED57ACF4}) (Version: 7.1.7.7 - Team XLink) Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC) Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File CustomCLSID: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007_Classes\CLSID\{b24abb2f-a278-4d8e-953c-24d702c5cd73}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 11-06-2015 03:00:39 Windows Update 11-06-2015 12:55:08 Revo Uninstaller's restore point - Pando Media Booster 11-06-2015 19:06:40 Revo Uninstaller's restore point - mystartsearch uninstall 11-06-2015 19:10:41 Revo Uninstaller's restore point - AnyProtect 12-06-2015 15:23:52 Revo Uninstaller's restore point - Zombie News 12-06-2015 18:03:16 Revo Uninstaller's restore point - Word Processor Text Wrap 12-06-2015 18:08:49 Revo Uninstaller's restore point - Avira Antivirus 12-06-2015 18:20:04 Revo Uninstaller's restore point - Avira ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01A8FBEE-F847-42AC-BA4F-00A1898D52EA} - System32\Tasks\{A1B14BEA-175E-4E8C-BEE2-5DDA0F36CE9D} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {07B88545-8678-48F3-A6C7-1FBFFD50D661} - System32\Tasks\{1003CA87-689D-4BA1-9991-D848D14F3F1C} => pcalua.exe -a E:\AUTOSTARTER.EXE -d E:\ Task: {07C3EB77-BAD1-4CE8-A8AC-7F7B2FC0B156} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-09-27] () Task: {099D38D9-347D-4927-A8D6-717739F0B2D9} - System32\Tasks\{7F6DEF33-A300-41FA-A541-DBEC7DD61924} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {0BB09DF1-229E-407A-B1B9-3AC39272E7CB} - System32\Tasks\{2FE07B1C-ECD4-4699-B785-2C1187027CF6} => C:\Program Files (x86)\TQVault\TQVault.exe [2007-03-18] () Task: {10767F79-86BB-4CBE-A00F-FFEEAF2BB163} - System32\Tasks\{66C961E8-5007-4324-903F-35DBDB476678} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {14001BFE-1F98-4D9A-A750-6AE835038689} - System32\Tasks\{E285D0AD-6380-4D20-A7E3-50700C93908A} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {170BCD56-2CA0-49B4-9F7C-5EBAE2C2D462} - System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe Task: {1759C3E3-2931-441F-8EF6-565E7B4B967C} - System32\Tasks\{AD853451-27EC-49FA-BE81-3E72E4EC04B2} => pcalua.exe -a E:\setup.exe -d E:\ Task: {1BF75E84-A4B3-4CD0-B537-E9B1CEB547A9} - System32\Tasks\{D618E586-8508-4056-B127-BCB49FAA1349} => pcalua.exe -a "C:\Program Files (x86)\Dragon Age\bin_ship\EAProxyInstaller.exe" -d "C:\Program Files (x86)\Dragon Age\bin_ship" Task: {1CE42E40-BEA3-40D6-B42D-C54E78338C19} - System32\Tasks\{AC8529D0-457C-4858-B446-99E3F2D44A5F} => C:\Program Files\HyperCam 2\HyCam2.exe Task: {1D253A63-D540-4C66-B6C6-563742BC0F6E} - System32\Tasks\{9CA9B3AA-1AD3-4D26-BB36-A9DA9005BE34} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {1EDA99EA-7455-4F84-A4AD-D1CC2C972E15} - System32\Tasks\{A67E58E4-AE88-49A7-85A6-7453A92EB2A9} => C:\Program Files (x86)\Drakensang Online\thinclient.exe Task: {228BDEE1-C8C3-4C7F-BEE3-91A0B6F66C2F} - System32\Tasks\{67DA8AEA-6354-42CE-B407-E33C42A282D5} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {23B7FBBE-A7D5-4A34-AD46-060CC765D92E} - System32\Tasks\{7FD504B3-841B-408D-8619-E88E190DA8D6} => C:\Program Files (x86)\Divinity II - Ego Draconis\Divinity_II_Patch_1.03_GERMAN.exe Task: {245A5C11-D036-4CE3-A206-3D0087FF869D} - System32\Tasks\{85FDF290-C320-404D-84B8-6779231A31E0} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {2521C72D-ACF7-4E0D-9F18-A11B57FE74CC} - System32\Tasks\{68E7106A-FDBD-4F0D-8550-DF8A459AFE69} => C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe Task: {2553768B-2AE4-48DF-A613-C7A4A494EE9C} - System32\Tasks\{9CA5AF8D-3F0F-42C7-BD91-D915420ACFE3} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {29C47B50-5DFF-438F-99CB-706D6E748C95} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.) Task: {2BEC5C53-25E2-4659-9513-0C6DC990BD02} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation) Task: {2D359077-ABF9-455A-A2BD-11A8CA7A3FAE} - System32\Tasks\{C9EE2AD4-524E-414F-A50C-DA6B832B5BF8} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {2F1A4251-378C-4421-97E8-3C7D0897D184} - System32\Tasks\{5C73300B-5FF6-46B9-B37C-1D01610BE815} => pcalua.exe -a E:\3DS_Capture_Card_driver\3ds_driver_setup_(WinXP_Vista_7_8_8.1).exe -d E:\3DS_Capture_Card_driver Task: {31A6B50D-488E-4A4A-BE59-F4D33832D8A7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation) Task: {32D184EF-A82C-44B6-9E6E-23488E1E6F81} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation) Task: {336613B4-A4E0-4242-B841-6A7B83C0D918} - System32\Tasks\{472CECA2-D1CA-452A-A9CD-2E5F66E02CBF} => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2015-03-30] (LogMeIn Inc.) Task: {38BD3EA0-C784-4ADE-AABD-97FF17CFBBE9} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {3DF64CDE-D27B-4C6D-BDBE-B77C15AE6721} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2355925718-3238339638-3018866954-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.) Task: {42D0900A-C5EC-4543-8898-EF24BA29F137} - \Papuir No Task File <==== ATTENTION Task: {42D95011-430F-42F0-A494-B45A84D8E644} - System32\Tasks\{897D3095-7A62-409F-BEF5-A770BF0CF4DE} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {49C78CDC-889A-45FC-B75C-6600F9966CAB} - System32\Tasks\{79015419-0F92-45C0-8EE4-4E179F736190} => C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe Task: {50806D0A-2107-49B6-A98D-57965254570C} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {55C47305-75B5-48A0-908E-0D9AF695E449} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-18] (Hewlett-Packard Company) Task: {56506F83-9B43-4450-B403-9696BE10DBD9} - System32\Tasks\{0D8E4BFB-4760-4899-941A-A04A53FD3A39} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {58C2BEB1-2B7A-4C4C-B1A1-AC302CE23429} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.) Task: {5A2C67D9-88D2-4AEC-B074-A4829C40D7C8} - System32\Tasks\{36C8FF93-8BD8-4E30-A5D6-ED25FFEC2812} => C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe [2014-08-10] (TeamSpeak Systems GmbH) Task: {5D92F5D7-5F78-4E3B-AF91-2B41FEE2270B} - System32\Tasks\{4973F1FB-630E-40E2-9C70-88009C1BB43E} => C:\Program Files (x86)\Monte Cristo\Silverfall - Wächter der Elemente - Demo\SilverfallDemo.exe Task: {5DF0F1DF-816A-4B0D-8969-D28DE8BE9CD6} - System32\Tasks\{1E96FC8D-8C2B-460C-9F54-28CBC2884878} => C:\Program Files (x86)\CyberLink\PowerDirector\PDR.exe Task: {71B4D24B-817F-41DE-BE2E-C87686063F41} - System32\Tasks\{500EE935-E46A-4AA0-AD58-8D8A54253987} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {71C80375-1CDC-4DA3-AEB3-2CCF2A77A05B} - System32\Tasks\{2D02A1A1-B88D-4F22-BE09-2AAC6542545D} => pcalua.exe -a "C:\Program Files\TeamSpeak 3 Client\plugins\ts3overlay\InstallHook.exe" -d "C:\Program Files\TeamSpeak 3 Client\plugins\ts3overlay\" -c ts3overlay_hook_win32.dll 10000 Task: {74FB1AD8-296D-4FA7-B1F0-D01E746BCD72} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {7537B895-1433-4A0A-B8F3-77C5129BD106} - System32\Tasks\{CC601210-52A7-4E2E-8BE7-E2E5643F0396} => C:\Program Files\HyperCam 2\HyCam2.exe Task: {839A0A3D-2712-483E-83AE-1B228A4E11D7} - System32\Tasks\Opera scheduled Autoupdate 1387178156 => C:\Program Files (x86)\Opera\launcher.exe [2015-06-10] (Opera Software) Task: {8A6FC5E8-EF62-41F8-A8A5-3E3757027530} - System32\Tasks\{C58DA0D1-31F7-475E-BE33-B1F7592A93B5} => C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe [2014-08-10] (TeamSpeak Systems GmbH) Task: {953B319A-52DE-4460-B15C-45ED8C6E5A27} - System32\Tasks\{7BDD7497-A7C0-4293-AC7A-CA49768B3715} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {9A3001AE-0F9D-453E-BAFE-78FE333C8D39} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-08-20] (CyberLink) Task: {9EE58FF6-A4F8-4493-89EB-61F5B8006377} - System32\Tasks\{83F7BE8B-3672-4C01-806C-B8D7BADBA939} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {9F7A8A39-9A36-4B20-989E-CFCE33B1E8F2} - System32\Tasks\{EDA016A9-6648-481B-BB50-DF45ED33DA31} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {9F7CA800-2D8A-4033-A94A-9FC9B217E7A7} - System32\Tasks\{412675ED-C224-4FF8-8571-5445803EC050} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {AB2859EC-7065-4D93-AE2D-344A32FF0098} - System32\Tasks\{088F98D3-4398-4748-B038-7915992C069D} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {AC239D12-5FF9-4F16-8A55-EBEBEDA89C6D} - System32\Tasks\{AB9E4B60-D7D4-4489-A561-614D85309523} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {ADC8DFD5-05B7-48C8-A7CC-B236983A1808} - System32\Tasks\{F779D376-AED6-4FEE-B8E4-143428962663} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {B3279C17-9920-4EFF-98BD-52652976909F} - System32\Tasks\{8DB3F366-A097-4A5D-A000-0C16DFFE209E} => C:\Program Files (x86)\JoWooD\SpellForce Demo\SpellForced.exe Task: {B63FF6D1-52A1-44F6-8079-FC59CAC150F7} - System32\Tasks\{19AA9B0E-513F-411F-8A36-5A48E0FDB28B} => C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe Task: {BE152DD4-9412-404F-975A-AA8027D5757E} - System32\Tasks\{C14076FC-5996-456C-B87D-9D686938FE02} => C:\Program Files (x86)\Datel\WiFi MAX\WM.EXE Task: {BF2F502A-C412-4289-B7B9-25BBA3E3FE9F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-18] (Hewlett-Packard Company) Task: {BFA5AF4D-028E-475B-A3B7-2AE64B277C07} - System32\Tasks\{3D75B136-7B65-4B54-B0DB-4CD1368B54AD} => pcalua.exe -a "C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\uninstbb.exe" Task: {C248182A-7AED-4A14-AA1D-C49D29BC0100} - System32\Tasks\{A4983898-78F0-4A6A-AA6C-34ECA5EC873B} => pcalua.exe -a C:\Users\Spieler.HeikeHarder-HP\Documents\RIFT\setup.exe -d C:\Users\Spieler.HeikeHarder-HP\Documents\RIFT Task: {C3C4839D-E51F-4CC8-8008-55D1A3457968} - System32\Tasks\{2B5D54DC-6890-4BD3-A388-01346A0139FE} => pcalua.exe -a C:\Users\Spieler\Documents\Downlodes\MahjonggArtifacts2.exe -d C:\Users\Spieler\Documents\Downlodes Task: {C62C9580-EE55-4935-93AC-F8A8A80A7E06} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2355925718-3238339638-3018866954-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.) Task: {C82A8F19-42FF-4733-BFA1-701EEB2196A2} - System32\Tasks\{2EB9F633-1C7D-471B-9D41-7930F7192F42} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\Uninstall.exe" Task: {C9E22DA0-7805-4B28-B265-7F0002E168C2} - System32\Tasks\{FAE212E9-0CA9-4EF9-881B-FB56B5519A36} => C:\Program Files (x86)\TQVault\TQVault.exe [2007-03-18] () Task: {CB364AAC-8A72-4DD4-B732-AA4FB27DADC6} - System32\Tasks\{FD932190-4DCE-4EFB-8275-CCB6841E084C} => C:\Program Files (x86)\CyberLink\PowerDirector\PDR.exe Task: {CD7FF6C1-E9D1-4FA5-9131-A6B5D93F3C3C} - System32\Tasks\{B26BBC9F-AC7C-4953-9FA7-CA011047A7F0} => C:\Program Files (x86)\CyberLink\PowerDirector\PDR.exe Task: {D0E886EE-2AB7-4E36-BEDA-B15643EBDA63} - System32\Tasks\{7A4735AA-26B5-4F00-A23A-E669986102AD} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {DC4A8E46-4BBC-43C4-B86A-962F9763E636} - System32\Tasks\{7DD8442C-43A1-46AA-8D56-18DE6AC9AA25} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {DC8D724C-1FC6-4E88-BFA8-431DBC63E82E} - System32\Tasks\{F003A125-9256-4022-8C48-DEA75D2EC1F8} => C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe Task: {DF306A0E-1234-4ED8-87C5-2E79D3A61B6C} - System32\Tasks\{42254E81-80B3-4EBB-A425-E87D1499C5F1} => pcalua.exe -a C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes\sacreduw2_21ger\SacredUW_ger_2.21_retail.exe -d C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes\sacreduw2_21ger Task: {E5B5252D-CA06-4DB0-BEE5-3A0D0ED561BD} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2014-11-22] (Microsoft Corporation) Task: {EB112395-5E92-4203-9283-9439B69C0623} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-23] (Adobe Systems Incorporated) Task: {F0265FC3-20B1-4069-B9C3-B431DE2697DA} - System32\Tasks\{17F06A71-0601-42A9-B5DB-F57D4063A6DE} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {FCC9FE11-4486-43AD-A901-3B347B5C4622} - System32\Tasks\{C8CA1BFE-1690-4854-B670-51C2140AF22E} => pcalua.exe -a C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes\Avatar_The_Game_Demo.exe -d C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes Task: {FDB3A3A8-567C-4150-A17A-4444C631180E} - System32\Tasks\{13F537D5-0AB6-4A55-9307-8A4EF1088C32} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2013-04-05 20:06 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll 2015-06-10 21:01 - 2015-06-10 11:45 - 01649272 _____ () C:\Program Files (x86)\Opera\30.0.1835.59\libglesv2.dll 2015-06-10 21:01 - 2015-06-10 11:45 - 00081016 _____ () C:\Program Files (x86)\Opera\30.0.1835.59\libegl.dll 2015-05-23 12:17 - 2015-05-23 12:17 - 16867504 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\aeriagames.com -> hxxps://aeriagames.com IE trusted site: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\aeriagames.com -> hxxp://aeriagames.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\Control Panel\Desktop\\Wallpaper -> C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe MSCONFIG\startupreg: PDFHook => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{6F159590-F9EE-405C-92E2-5B09FB1D1E6A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe FirewallRules: [{15C67800-BBFC-414C-8B98-E62EFB38C80F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe FirewallRules: [{5F2976A3-5F02-4530-81BC-C10F417059C9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe FirewallRules: [{9BB9333A-7A3D-416E-A0E4-F317493C83B7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe FirewallRules: [{5EE8AE3D-2A41-4343-A174-EE9BFCEA2E71}] => (Allow) C:\Program Files (x86)\Opera\opera.exe FirewallRules: [{801DFBD7-522B-4A71-B7A9-7E9A8D88B387}] => (Allow) C:\Program Files (x86)\Opera\opera.exe FirewallRules: [{819340E0-4709-4B64-82F4-D89223B8A6C6}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe FirewallRules: [{0D722415-C356-4E7A-9941-278232AEC200}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe FirewallRules: [{2417B56B-554C-4657-8B50-852585B2E81D}] => (Allow) C:\Program Files (x86)\Dragon Age 2 Demo\bin_ship\DragonAge2Demo.exe FirewallRules: [{6D2EFA79-1591-4229-ADED-3A9BF9ED94D3}] => (Allow) C:\Program Files (x86)\Dragon Age 2 Demo\bin_ship\DragonAge2Demo.exe FirewallRules: [{DA761083-4AE2-4205-8FA1-3D4FC39174E9}] => (Allow) C:\Program Files (x86)\Dragon Age 2 Demo\DragonAge2Launcher.exe FirewallRules: [{6CAA586A-27DE-43D7-8818-75299052AFF2}] => (Allow) C:\Program Files (x86)\Dragon Age 2 Demo\DragonAge2Launcher.exe FirewallRules: [{E1E09099-0C3D-4267-8C27-9AFDC4248662}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe FirewallRules: [{4C2186E3-9B2C-4DFC-9BC5-FAAA86C17D21}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe FirewallRules: [{1B31A976-1337-49BE-8C38-F5FE83BB2441}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe FirewallRules: [{AD0C4460-7E65-48B5-8A3D-096B2DEC0741}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe FirewallRules: [{527ED179-B165-41C6-9F32-FB2A75BEEDDD}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe FirewallRules: [{86CA4E5F-CF1F-4998-B0BD-5838CD69FDA4}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe FirewallRules: [{60A927CB-5486-4AA3-9BF0-6DF4EB2AB853}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\DragonAgeToolset.exe FirewallRules: [{57340D1C-15C1-404D-A584-53AD4B9F19E1}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\DragonAgeToolset.exe FirewallRules: [{6B768E72-FEC5-456A-B142-322071645CBF}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\RPU.exe FirewallRules: [{B73B0F07-E28B-4187-8A52-D984FFF7E134}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\RPU.exe FirewallRules: [{6035805E-318D-4499-A13A-95BEFDF23CA1}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\lightmapper\eclipseRay.exe FirewallRules: [{ADABE4D9-B04B-4D9D-AB65-F804AB21F7DD}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\lightmapper\eclipseRay.exe FirewallRules: [{33BC236E-319D-4F0E-9A41-AF97BD24809C}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\GffEditor.exe FirewallRules: [{CBF1DDE2-F642-4B95-BFFD-1E71B39BAE4F}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\GffEditor.exe FirewallRules: [{63B9C041-4F50-4FAD-B40F-27E4D04D6307}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\ErfEditor.exe FirewallRules: [{E470A057-8BC1-40E5-A350-5DECCC4BFD86}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\ErfEditor.exe FirewallRules: [{2516B809-1052-430A-9339-F87AFE54D08B}] => (Allow) C:\Program Files (x86)\Electronic Arts\Dragon Age™ II\DragonAge2Launcher.exe FirewallRules: [{6E176826-C3CC-47C0-A9CF-4704BCC2BB48}] => (Allow) C:\Program Files (x86)\Electronic Arts\Dragon Age™ II\DragonAge2Launcher.exe FirewallRules: [{F6176C02-071E-4D22-AC74-BCB85B133D11}] => (Allow) C:\Program Files (x86)\Electronic Arts\Dragon Age™ II\bin_ship\DragonAge2.exe FirewallRules: [{4C3FDC35-B0E4-47CB-BFD5-DBD2BCC9CFCA}] => (Allow) C:\Program Files (x86)\Electronic Arts\Dragon Age™ II\bin_ship\DragonAge2.exe FirewallRules: [TCP Query User{4A5854F6-3ED6-4662-94C1-97E82CFC80AE}C:\program files (x86)\dragon age\bin_ship\eacoreserver.exe] => (Allow) C:\program files (x86)\dragon age\bin_ship\eacoreserver.exe FirewallRules: [UDP Query User{98430E31-A9F5-4B51-91B0-58E0A6749F37}C:\program files (x86)\dragon age\bin_ship\eacoreserver.exe] => (Allow) C:\program files (x86)\dragon age\bin_ship\eacoreserver.exe FirewallRules: [TCP Query User{A5395EBD-934F-4171-9AA1-4723F825F4AE}C:\program files (x86)\klebezettel ng\klebez.exe] => (Allow) C:\program files (x86)\klebezettel ng\klebez.exe FirewallRules: [UDP Query User{FC5C4DA2-977A-41A8-9D62-A2B5869D71D9}C:\program files (x86)\klebezettel ng\klebez.exe] => (Allow) C:\program files (x86)\klebezettel ng\klebez.exe FirewallRules: [{9A8F3F19-5FC4-47B3-8E5D-5EA7812C6017}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{00558BB0-4B05-4A54-B748-CE04997E9F86}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{ED4541F1-ABBC-4A96-95FC-289CED792913}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{5E40CCC2-0209-49F7-ABE4-A4A3808140AE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{798D9C81-1195-4969-A713-DD70955D72F4}] => (Allow) C:\Program Files (x86)\dvdvideosofttoolbar\dtUser.exe FirewallRules: [{05AD985E-D1BB-41CE-9963-5C0791F229E7}] => (Allow) C:\Program Files (x86)\dvdvideosofttoolbar\dtUser.exe FirewallRules: [{A879AB2C-C5C2-4D59-9FF7-5967648EA1E4}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Temp\incredibar_install.exe FirewallRules: [{A5DF45FA-D09F-4E16-9F2C-73D415C0D1FA}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Temp\incredibar_install.exe FirewallRules: [{72D07DA2-B07F-48C9-90EC-7A6456035F7C}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [TCP Query User{AC5A31E6-8323-4D80-A083-983AE9CDB577}C:\program files\computerbild-cloud\cgcclient.exe] => (Allow) C:\program files\computerbild-cloud\cgcclient.exe FirewallRules: [UDP Query User{A87DCF95-4398-4F00-9A18-D76C84D411DA}C:\program files\computerbild-cloud\cgcclient.exe] => (Allow) C:\program files\computerbild-cloud\cgcclient.exe FirewallRules: [{06006B24-8237-47FA-A188-F99C685AA0AF}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe FirewallRules: [{00FE4F15-CA1F-48E9-931E-79E65DB176D0}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe FirewallRules: [TCP Query User{9D3694EF-F427-4978-8858-6C5B6A3D1B83}C:\udk\pinball escape\binaries\win32\udk.exe] => (Allow) C:\udk\pinball escape\binaries\win32\udk.exe FirewallRules: [UDP Query User{68F11D0C-61B3-46EA-AD1D-82B67A2391C9}C:\udk\pinball escape\binaries\win32\udk.exe] => (Allow) C:\udk\pinball escape\binaries\win32\udk.exe FirewallRules: [{2005AB84-160A-4B7E-83DD-885B69882EE0}] => (Allow) C:\Windows\SysWOW64\msiexec.exe FirewallRules: [{73AAF6D2-6053-4400-89EF-F5F6D75EF666}] => (Allow) C:\Windows\SysWOW64\msiexec.exe FirewallRules: [{04AE6B38-E291-4322-8402-E39BB7FC5F9E}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe FirewallRules: [{7EA09265-89F4-45F1-92D8-919D84732F54}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe FirewallRules: [TCP Query User{52CD8642-1A2E-419E-821B-E4FC88BA4F77}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe FirewallRules: [UDP Query User{54430A44-DF12-4CE4-9FFA-930A8E3E626F}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe FirewallRules: [{3569EDD6-A1FB-4041-87F7-13792876F91F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe FirewallRules: [{85AF71EA-EFFB-473C-A395-9D87426EFC4B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe FirewallRules: [{A808E69C-DA8F-4374-86E7-7FBCCD60ACC0}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe FirewallRules: [{E8686FB3-78C2-42DA-9E89-3F94004B54A1}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe FirewallRules: [{17D5A69F-F132-4062-BC8B-BB7D994BB297}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFile.exe FirewallRules: [{1D7119B5-CC02-4584-8B5B-6D64E9837DC6}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFile.exe FirewallRules: [{F344C086-4EC5-4D0D-9FC6-3E5734BC8160}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{B4770A83-1936-4D43-BAFF-FF1F1A3E913C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{F95DA01A-2A07-4A75-B54B-ACB4C96FB9D7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{60571C3F-3945-44E5-9D58-BD8CCF89A086}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{25270CAA-6DA7-44CA-8F26-E05F233E0380}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{066518B3-8AB9-4A2D-A7A6-8627454CB7B5}] => (Allow) LPort=2869 FirewallRules: [{36FD6F47-1A42-48C6-B3AB-8FF6E4FE7F8C}] => (Allow) LPort=1900 FirewallRules: [{473E7DD4-8DDC-446E-ACE1-14C3E428CE05}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [TCP Query User{FCE8FB8E-EB31-40A3-B87B-5011C03156EE}C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{DFD22FBD-D151-4B60-813F-20BF14C58419}C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{4801D630-0C4B-400B-82BB-FAF0BC8D2060}C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{8ABDF673-063C-4BB4-9D46-010988E3B6F2}C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{02615D70-3568-442E-BF65-A2E920150BB8}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{B6C2DD51-1F6A-453D-B67F-6775C2BAC6B3}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [{C6F53048-A8A0-4C36-B97F-DEC635656600}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Temp\DSOClient\dlcache\app.n3app FirewallRules: [{99EFFFB2-EE08-4E70-8336-97503517EBDB}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Temp\DSOClient\dlcache\app.n3app FirewallRules: [{96F2E4DA-42AC-44E5-B29F-C85147507A75}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [TCP Query User{C8A97289-2B12-4581-AFBF-720A9483B8F2}C:\program files (x86)\klebezettel ng\klebez.exe] => (Allow) C:\program files (x86)\klebezettel ng\klebez.exe FirewallRules: [UDP Query User{0CEFB062-4B08-45CE-92F5-C869F16B5862}C:\program files (x86)\klebezettel ng\klebez.exe] => (Allow) C:\program files (x86)\klebezettel ng\klebez.exe FirewallRules: [TCP Query User{28BDC226-A1AB-49CA-954F-88DC7ABAFE31}C:\program files (x86)\opera\opera.exe] => (Allow) C:\program files (x86)\opera\opera.exe FirewallRules: [UDP Query User{628C23BB-80C6-4A9B-B350-BE25BCE4CF97}C:\program files (x86)\opera\opera.exe] => (Allow) C:\program files (x86)\opera\opera.exe FirewallRules: [TCP Query User{47EBC918-0B7E-470A-B943-60C7E80BE457}C:\users\spieler.heikeharder-hp\appdata\local\temp\gw2.exe] => (Allow) C:\users\spieler.heikeharder-hp\appdata\local\temp\gw2.exe FirewallRules: [UDP Query User{6EA8BE3E-5C58-47FD-911F-EE6140C85677}C:\users\spieler.heikeharder-hp\appdata\local\temp\gw2.exe] => (Allow) C:\users\spieler.heikeharder-hp\appdata\local\temp\gw2.exe FirewallRules: [TCP Query User{7F92D705-43AD-43F4-91FA-34FF4ADB8745}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe FirewallRules: [UDP Query User{9D2F2A39-3823-4C30-8A7F-DEAF70E1EE09}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe FirewallRules: [TCP Query User{00B0C59A-BD3C-4C80-AE13-8F392C985195}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{1817EB15-3D9B-49DC-9F7C-1997FB3B1A8A}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [{4DB13907-CDF2-41AD-A816-A0BFBE34D886}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{88C692CA-B695-490F-AE2F-D90445EFCEF3}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{3436E184-A084-4462-A05B-DAD4434654D6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{9DC12100-48C6-42A9-8D02-788648976707}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{41B942A5-51CC-4358-B0B1-136AF036DAC6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{55D9CA2D-F919-46D2-B44E-3DCC76BCFA90}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [TCP Query User{D3107EBB-9BFF-4A22-978D-B005BEC5F034}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe] => (Allow) C:\program files (x86)\thq\titan quest immortal throne\tqit.exe FirewallRules: [UDP Query User{204E4B92-FBE4-42A5-9FE6-0EDE38C450F2}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe] => (Allow) C:\program files (x86)\thq\titan quest immortal throne\tqit.exe FirewallRules: [TCP Query User{6895E600-F1D4-4AD0-9D2B-FF0CCD85943E}C:\windows\syswow64\regsvr32.exe] => (Allow) C:\windows\syswow64\regsvr32.exe FirewallRules: [UDP Query User{149CBE0E-3727-4D5F-A243-E6235A04A67F}C:\windows\syswow64\regsvr32.exe] => (Allow) C:\windows\syswow64\regsvr32.exe FirewallRules: [TCP Query User{B534578A-198E-41DA-AA20-A11D8F94470C}C:\users\spieler.heikeharder-hp\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\spieler.heikeharder-hp\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{F2FF6743-8A62-4455-84EC-C632C3D836BA}C:\users\spieler.heikeharder-hp\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\spieler.heikeharder-hp\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{A8E5E449-3344-4F4C-B038-CA92025C037C}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\Desktop\server\minecraft_server.1.8.1.exe FirewallRules: [{74F86F68-4E08-47B2-9FC6-AB70063DF20E}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\Desktop\server\minecraft_server.1.8.1.exe FirewallRules: [{A3963321-530F-4856-97EA-E7DB21C309B7}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\Desktop\server\minecraft_server.1.8.1.exe FirewallRules: [{C9EA4C5F-377E-4A6E-95B5-A4717710E886}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\Desktop\server\minecraft_server.1.8.1.exe FirewallRules: [{BE9562F2-20A3-4402-B24F-6BD193313BC9}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe FirewallRules: [{192E9E1C-6281-430B-83ED-C2DD54C99FE9}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe FirewallRules: [{8C7766C3-05EE-4070-B396-43A435C2816F}] => (Allow) C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe FirewallRules: [{B7B68659-6728-4AF9-8110-56868CDB24B5}] => (Allow) C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe FirewallRules: [{355D6EEF-77C8-4AD1-80BE-8DA96DE9F6A9}] => (Allow) C:\Program Files (x86)\SimpleFiles\downloader.exe FirewallRules: [{B9FD3AE0-8795-4519-BD55-167EE409B04E}] => (Allow) C:\Program Files (x86)\SimpleFiles\downloader.exe ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Realtek PCIe GBE Family Controller Description: Realtek PCIe GBE Family Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: RTL8168 Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39) Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. ==================== Event log errors: ========================= Application errors: ================== Error: (06/15/2015 00:48:36 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (06/15/2015 10:00:30 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (06/15/2015 10:00:27 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (06/15/2015 10:00:27 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (06/15/2015 10:00:07 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (06/15/2015 09:26:46 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Nur zur Information. Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE} Error: (06/15/2015 09:26:46 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Nur zur Information. Error: Product {90140011-0066-0407-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping... Error: (06/13/2015 06:06:59 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Nur zur Information. Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE} Error: (06/13/2015 06:06:59 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Nur zur Information. Error: Product {90140011-0066-0407-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping... Error: (06/13/2015 05:56:00 PM) (Source: Adobe Version Cue CS2) (EventID: 3) (User: ) Description: VersionCueCS2Tray.exe: openVCService - OpenService() failed <1060> System errors: ============= Error: (06/15/2015 00:46:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (06/15/2015 00:46:01 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\SPIELE~1.HEI\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (06/15/2015 00:46:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (06/15/2015 00:46:01 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\SPIELE~1.HEI\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (06/15/2015 00:46:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (06/15/2015 00:46:01 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\SPIELE~1.HEI\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (06/15/2015 00:46:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (06/15/2015 00:46:01 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\SPIELE~1.HEI\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (06/15/2015 00:46:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (06/15/2015 00:46:00 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\SPIELE~1.HEI\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Microsoft Office: ========================= Error: (06/15/2015 00:48:36 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (06/15/2015 10:00:30 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Spieler.HeikeHarder-HP\Downloads\esetsmartinstaller_deu.exe Error: (06/15/2015 10:00:27 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Spieler.HeikeHarder-HP\Downloads\esetsmartinstaller_deu.exe Error: (06/15/2015 10:00:27 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Spieler.HeikeHarder-HP\Downloads\esetsmartinstaller_deu.exe Error: (06/15/2015 10:00:07 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Spieler.HeikeHarder-HP\Downloads\esetsmartinstaller_deu.exe Error: (06/15/2015 09:26:46 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE} Error: (06/15/2015 09:26:46 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Error: Product {90140011-0066-0407-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping... Error: (06/13/2015 06:06:59 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE} Error: (06/13/2015 06:06:59 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Error: Product {90140011-0066-0407-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping... Error: (06/13/2015 05:56:00 PM) (Source: Adobe Version Cue CS2) (EventID: 3) (User: ) Description: VersionCueCS2Tray.exeopenVCService - OpenService() failed <1060> CodeIntegrity Errors: =================================== Date: 2015-06-12 18:34:06.712 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-06-12 18:34:06.619 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-05-02 13:07:32.885 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-05-02 13:07:32.634 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz Percentage of memory in use: 28% Total physical RAM: 8055.08 MB Available physical RAM: 5724.68 MB Total Pagefile: 16108.36 MB Available Pagefile: 13701.57 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:1383.24 GB) (Free:825.42 GB) NTFS Drive d: (HP_RECOVERY) (Fixed) (Total:13.92 GB) (Free:1.72 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1397.3 GB) (Disk ID: B3DBC71D) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1383.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=13.9 GB) - (Type=07 NTFS) ==================== End of log ============================ |
16.06.2015, 05:59 | #12 |
/// the machine /// TB-Ausbilder | Nervige Popups, Videos so wie ständiges selbst Installieren von Anyprotect und Mystartserac Adobe und Thunderbird updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Heike Harder\Desktop\Anwendungen\Natascha\Natascha\Documents\Tasche\FreeYouTubeToMP3Converter.exe C:\Users\Heike Harder\Documents\Downloads\Integrated_BrotherSoft_TB.exe C:\Users\Heike Harder\Documents\Downloads\Programme\ashampoo_photo_commander_7_7.60_7659.exe C:\Users\Heike Harder\Documents\Downloads\Programme\Babylon8_setup.exe C:\Users\Heike Harder\Documents\Downloads\Programme\BearShareV8.exe C:\Users\Heike Harder\Documents\Downloads\Spiele\MahjongEscapeChinaSetup-dm.exe C:\Users\Spieler.HeikeHarder-HP\AppData\Local\22CAFA80-1433844267-1016-BFEA-A7801F358095\onsh5221.tmp C:\Users\Spieler.HeikeHarder-HP\AppData\Local\22CAFA80-1433844267-1016-BFEA-A7801F358095\pnsh5222.exe C:\Users\Spieler.HeikeHarder-HP\AppData\Local\22CAFA80-1433844267-1016-BFEA-A7801F358095\rnsh5220.exe C:\Users\Spieler.HeikeHarder-HP\AppData\Local\22CAFA80-1433844267-1016-BFEA-A7801F358095\snss5210.tmp C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1DH5W9W7\cmi_mystartsearch[1].exe C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1DH5W9W7\policyname[1].exe C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1DH5W9W7\VOsrv[1].exe C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLX7CAQC\AnyProtectSetup[1].exe C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R60G6JHJ\Setup[1].exe C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RQ1D89UY\SearchUpdater[1].exe C:\Users\Spieler.HeikeHarder-HP\AppData\LocalLow\FreeSoundRecorder\ldrtbFree.dll C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095\hnsbDB0C.tmp C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095\nse1EB5.tmp C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095\nsi1D43.tmp C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095\nst2858.tmp C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095\nszC243.tmp C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095\rnsmC333.exe C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095\vnsg91CD.tmp C:\Users\Spieler.HeikeHarder-HP\Desktop\Ann-Cathrin\Documents\ACH\Documents\Ac\Eigene Dateien\ablage\FreeAudioConverter.exe C:\Users\Spieler.HeikeHarder-HP\Documents\simboapp.exe C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes\CheatEngine61.exe C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes\isobuster_all_lang.exe C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes\registrybooster.exe C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes\SoftonicDownloader_fuer_diablo-iii.exe C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes\Diabolo\Diablo-3-Demo-Setup.exe C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes\Dragensang Online\SoftonicDownloader_fuer_vindictus.exe C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes\Guild-Wars\Guild-Wars-2-Demo-Setup.exe C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes\Torchlight\_savegame\torchlight_savegame_editor\Torchlight_Save_edit1.0.exe C:\Users\Spieler.HeikeHarder-HP\Documents\RIFT\FreeYouTubeToMP3Converter37.exe C:\Users\Spieler.HeikeHarder-HP\Downloads\ReimageRepair.exe C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll Task: {42D0900A-C5EC-4543-8898-EF24BA29F137} - \Papuir No Task File <==== ATTENTION HKLM\...\Run: [shopperz] => C:\Program Files\shopperz\Huyde.exe HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\Huyde64.exe C:\Program Files\shopperz HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION FF Extension: No Name - C:\Program Files (x86)\Better-Surf\ff [not found] FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [not found] FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-08] FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha718\ff [not found] FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1479\ff [not found] FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3700\ff [not found] FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha9390\ff [not found] FF Extension: No Name - C:\Program Files (x86)\SuperLyrics\FF [not found] FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta541\ff [not found] FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha701\ff [not found] FF Extension: No Name - C:\Program Files\Video downloader\Firefox [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\4433da5b-eb52-495d-8865-b2a7468567f6@927544a3-fdfb-4485-a78b-21e1113eee35.com [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\crossriderapp2258@crossrider.com [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\e46480cf-7cf6-495e-af69-573053f52c72@b33ab36d-5952-49aa-adb2-a41b3dbe51a5.com [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\ffxtlbr@babylon.com [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\ffxtlbr@funmoods.com [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\lightningnewtab@gmail.com.xpi [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\{17372c46-39f1-4c28-8f8c-b25d9b57d042} [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [not found] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found] S1 toqvakfe; \??\C:\Windows\system32\drivers\toqvakfe.sys [X] RemoveProxy: Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST Log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
16.06.2015, 13:11 | #13 |
| Nervige Popups, Videos so wie ständiges selbst Installieren von Anyprotect und MystartseracCode:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015 Ran by Spieler (administrator) on HEIKEHARDER-HP on 16-06-2015 14:11:43 Running from C:\Users\Spieler.HeikeHarder-HP\Downloads Loaded Profiles: Spieler (Available Profiles: Heike Harder & Spieler & UpdatusUser & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files\COMPUTERBILD-Cloud\Data\Tools\mounter.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation) C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (LULU Software) C:\Program Files (x86)\Soda PDF 2012\ConversionService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\alg.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Akamai Technologies, Inc.) C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Akamai\netsession_win.exe () C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\M6 Processing\vm6.exe () C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Amazon Music\Amazon Music Helper.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Akamai Technologies, Inc.) C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Akamai\netsession_win.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe (Microsoft Corporation) C:\Windows\winsxs\amd64_microsoft-windows-notepadwin_31bf3856ad364e35_6.1.7600.16385_none_9ebebe8614be1470\notepad.exe (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe (Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-24] (Realtek Semiconductor) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Version Cue CS2] => c:\Users\Heike Harder\Documents\Downloads\Creative Suite 2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-12-08] (Apple Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [730416 2015-05-27] (Avira Operations GmbH & Co. KG) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Run: [Akamai NetSession Interface] => C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.) HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Run: [vm6] => C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\M6 Processing\vm6.exe [175424 2014-03-19] () HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Run: [Amazon Music] => C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] () HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Run: [DriverMax] => "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -agent Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013-02-01] ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011-02-11] () Startup: C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2013-03-18] () Startup: C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2013-03-18] () ShellIconOverlayIdentifiers: [CloudIcon_DOWNLOAD] -> {C3DBFBE2-A521-4619-9F32-502318CB4EC2} => C:\Program Files\COMPUTERBILD-Cloud\ShellExt64.dll [2012-04-25] (CyberGhost SRL) ShellIconOverlayIdentifiers: [CloudIcon_ERROR] -> {851C758E-C636-4045-B323-059931A3A331} => C:\Program Files\COMPUTERBILD-Cloud\ShellExt64.dll [2012-04-25] (CyberGhost SRL) ShellIconOverlayIdentifiers: [CloudIcon_INSYNC] -> {580030D3-492E-45EA-A1C9-A0AC525BEB26} => C:\Program Files\COMPUTERBILD-Cloud\ShellExt64.dll [2012-04-25] (CyberGhost SRL) ShellIconOverlayIdentifiers: [CloudIcon_REFRESH] -> {FEBF62C8-B6B3-43B7-BEC4-1A9CD61BDCD2} => C:\Program Files\COMPUTERBILD-Cloud\ShellExt64.dll [2012-04-25] (CyberGhost SRL) ShellIconOverlayIdentifiers: [CloudIcon_UPLOAD] -> {EBED3602-8915-43F9-81F7-CAA6FC4F70D6} => C:\Program Files\COMPUTERBILD-Cloud\ShellExt64.dll [2012-04-25] (CyberGhost SRL) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007 -> Backup.Old.DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} SearchScopes: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-30] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) BHO: shopperz -> {d0174004-bb12-464b-b666-9ba9bdbd750a} -> C:\Program Files\shopperz\Gaalmi64.dll No File BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-30] (Oracle Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-05-11] (RealPlayer) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.) BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) Toolbar: HKLM-x32 - No Name - !!{D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.) Toolbar: HKU\.DEFAULT -> No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File Toolbar: HKU\.DEFAULT -> No Name - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File Toolbar: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-23] () FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-30] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-30] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-23] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-11-14] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @real.com/nppl3260;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2012-05-11] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll [2012-05-11] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-05-11] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-05-11] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2012-05-11] (RealPlayer) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2355925718-3238339638-3018866954-1007: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Spieler.HeikeHarder-HP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-08-20] (Unity Technologies ApS) FF user.js: detected! => C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\user.js [2015-06-09] FF Extension: Avira Browser Safety - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\Extensions\abs@avira.com [2015-06-16] FF Extension: WEB.DE MailCheck - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\Extensions\toolbar@web.de.xpi [2014-01-25] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-01-25] FF HKLM\...\Firefox\Extensions: [{d0174004-bb12-464b-b666-9ba9bdbd750a}] - C:\Program Files\shopperz\Firefox FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-05-11] FF HKLM-x32\...\Firefox\Extensions: [{d0174004-bb12-464b-b666-9ba9bdbd750a}] - C:\Program Files\shopperz\Firefox FF Extension: No Name - C:\Program Files (x86)\Better-Surf\ff [not found] FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [not found] FF Extension: No Name - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [not found] FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha718\ff [not found] FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1479\ff [not found] FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3700\ff [not found] FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha9390\ff [not found] FF Extension: No Name - C:\Program Files (x86)\SuperLyrics\FF [not found] FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta541\ff [not found] FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha701\ff [not found] FF Extension: No Name - C:\Program Files\Video downloader\Firefox [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\4433da5b-eb52-495d-8865-b2a7468567f6@927544a3-fdfb-4485-a78b-21e1113eee35.com [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\crossriderapp2258@crossrider.com [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\e46480cf-7cf6-495e-af69-573053f52c72@b33ab36d-5952-49aa-adb2-a41b3dbe51a5.com [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\ffxtlbr@babylon.com [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\ffxtlbr@funmoods.com [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\lightningnewtab@gmail.com.xpi [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\{17372c46-39f1-4c28-8f8c-b25d9b57d042} [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} [not found] FF Extension: No Name - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Mozilla\Firefox\Profiles\6q039lkv.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [not found] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx Opera: ======= OPR Extension: (DVDVideoSoft) - C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Opera Software\Opera Stable\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-05-02] StartMenuInternet: (HKLM) Opera - C:\Program Files (x86)\Opera\Opera.exe hxxp://www.mystartsearch.com/?type=sc&ts=1433839150&z=896e5b047982f8f49d7236eg2z9c6cdb1c8t6g7w3o&from=cmi&uid=WDCXWD15EADS-65R2B0_WD-WMAVU347761277612 ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Professional.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [814344 2009-12-22] (ABBYY) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-01] (Adobe Systems) [File not signed] S4 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] () S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [827184 2015-05-27] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [450808 2015-05-27] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [450808 2015-05-27] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1188360 2015-05-27] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG) S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed] R2 DokanMounter; C:\Program Files\COMPUTERBILD-Cloud\Data\Tools\mounter.exe [14848 2012-02-15] () [File not signed] S4 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-01-27] (Macrovision Europe Ltd.) [File not signed] S4 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [681528 2010-08-06] (Hewlett-Packard) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 MSSQL$BWDATOOLSET; C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-09] (Electronic Arts) S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc) R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2010-08-19] () S3 Soda PDF 2012 Helper Service; C:\Program Files (x86)\Soda PDF 2012\HelperService.exe [827224 2012-01-27] (LULU Software) R2 Soda PDF 2012 Service; C:\Program Files (x86)\Soda PDF 2012\ConversionService.exe [905560 2012-01-27] (LULU Software) R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21600 2013-03-14] (Advanced Micro Devices, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [558592 2007-05-16] (Atheros Communications, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-05-27] (Avira Operations GmbH & Co. KG) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-03-19] (AVG Technologies) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-05-27] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-05-27] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-05-27] (Avira Operations GmbH & Co. KG) R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2012-02-15] (Windows (R) Win 7 DDK provider) S3 GrabsterSeries.X64; C:\Windows\System32\DRIVERS\GrabsterSeries.X64.SYS [377152 2010-01-22] () S3 hid7906; C:\Windows\SysWOW64\drivers\hid7906.sys [34963 2007-12-12] (Compuware Corporation) [File not signed] S3 hid8101; C:\Windows\SysWOW64\drivers\hid8101.sys [37024 2007-12-03] (Compuware Corporation) [File not signed] S3 hid8103; C:\Windows\SysWOW64\drivers\hid8103.sys [34587 2007-11-28] (Compuware Corporation) [File not signed] S3 iComp; C:\Windows\System32\DRIVERS\p2usbhum.sys [1794112 2009-12-09] (Conexant Systems Inc.) R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF64.sys [157696 2011-10-20] (Matrox Graphics Inc.) S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation ) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [32936 2015-02-05] (Synaptics Incorporated) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2011-08-04] () [File not signed] S3 usbio; C:\Windows\System32\Drivers\dsiarhwprog_x64.sys [51600 2007-02-08] (Thesycon GmbH, Germany) S3 ZD1211BU(ZyDAS); C:\Windows\System32\DRIVERS\zd1211Bu.sys [493440 2005-10-28] (ZyDAS Technology Corporation) S3 ZDPSp50a64; C:\Windows\SysWOW64\Drivers\ZDPSp50a64.sys [31744 2005-03-18] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] U3 axte3olt; C:\Windows\System32\Drivers\axte3olt.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 connctfy; system32\DRIVERS\connctfy.sys [X] S3 connctfyMP; system32\DRIVERS\connctfy.sys [X] S3 cpuz134; \??\C:\Users\SPIELE~1.HEI\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-16 14:11 - 2015-06-16 14:12 - 00029967 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\FRST.txt 2015-06-16 14:04 - 2015-06-16 14:04 - 00003432 _____ C:\Windows\System32\Tasks\Avira Browser Safety Updater Task 2015-06-16 14:00 - 2015-06-16 14:00 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Avira 2015-06-16 13:59 - 2015-05-27 13:11 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-06-16 13:59 - 2015-05-27 13:11 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-06-16 13:59 - 2015-05-27 13:11 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-06-16 13:59 - 2015-05-27 13:11 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2015-06-16 13:55 - 2015-06-16 13:55 - 00004932 _____ C:\Windows\PFRO.log 2015-06-16 13:55 - 2015-06-16 13:55 - 00000056 _____ C:\Windows\setupact.log 2015-06-16 13:55 - 2015-06-16 13:55 - 00000000 _____ C:\Windows\setuperr.log 2015-06-15 10:00 - 2015-06-15 10:00 - 00000000 ____D C:\Program Files (x86)\ESET 2015-06-15 09:59 - 2015-06-15 09:59 - 02870984 _____ (ESET) C:\Users\Spieler.HeikeHarder-HP\Downloads\esetsmartinstaller_deu.exe 2015-06-15 09:59 - 2015-06-15 09:59 - 00852639 _____ C:\Users\Spieler.HeikeHarder-HP\Desktop\SecurityCheck.exe 2015-06-13 18:05 - 2015-06-13 18:05 - 00002856 _____ C:\Users\Spieler.HeikeHarder-HP\Desktop\JRT.txt 2015-06-13 18:04 - 2015-06-13 18:04 - 00000207 _____ C:\Windows\tweaking.com-regbackup-HEIKEHARDER-HP-Windows-7-Home-Premium-(64-bit).dat 2015-06-13 18:04 - 2015-06-13 18:04 - 00000000 ____D C:\RegBackup 2015-06-13 17:29 - 2015-06-13 18:15 - 00000000 ____D C:\AdwCleaner 2015-06-13 17:28 - 2015-06-13 17:28 - 02943739 _____ (Thisisu) C:\Users\Spieler.HeikeHarder-HP\Downloads\JRT.exe 2015-06-13 17:28 - 2015-06-13 17:28 - 02231296 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\AdwCleaner_4.206.exe 2015-06-12 18:45 - 2015-06-16 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-06-12 18:45 - 2015-06-12 18:45 - 00001198 _____ C:\Users\Public\Desktop\Avira.lnk 2015-06-12 18:44 - 2015-06-12 18:44 - 04683232 _____ (Avira Operations GmbH & Co. KG) C:\Users\Spieler.HeikeHarder-HP\Downloads\avira_de_av_557b041b509c2__ws.exe 2015-06-12 18:36 - 2015-06-12 18:36 - 00035225 _____ C:\ComboFix.txt 2015-06-12 18:22 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2015-06-12 18:22 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2015-06-12 18:22 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-06-12 18:22 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-06-12 18:22 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-06-12 18:22 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2015-06-12 18:22 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2015-06-12 18:22 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2015-06-12 18:07 - 2015-06-12 18:36 - 00000000 ____D C:\Qoobox 2015-06-12 18:06 - 2015-06-12 18:35 - 00000000 ____D C:\Windows\erdnt 2015-06-12 18:04 - 2015-06-12 18:04 - 05628161 ____R (Swearware) C:\Users\Spieler.HeikeHarder-HP\Downloads\ComboFix.exe 2015-06-11 20:03 - 2015-06-15 12:49 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Downloads\FRST-app 2015-06-11 17:48 - 2015-06-11 17:51 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Desktop\Santiano 2015-06-11 13:04 - 2015-06-13 18:07 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Downloads\FRST-OlderVersion 2015-06-11 10:00 - 2015-06-11 10:00 - 00153880 _____ C:\Users\Heike Harder\AppData\Local\GDIPFONTCACHEV1.DAT 2015-06-10 20:57 - 2015-06-10 20:57 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\MailUpdate 2015-06-10 11:29 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-06-10 11:29 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-06-10 11:29 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-06-10 11:29 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-06-10 11:29 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-06-10 11:29 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-06-10 11:29 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-06-10 11:29 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-06-10 11:29 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-06-10 11:29 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-06-10 11:29 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-06-10 11:29 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-06-10 11:29 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-06-10 11:29 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-06-10 11:29 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-06-10 11:29 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-06-10 11:29 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-06-10 11:29 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-06-10 11:29 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-06-10 11:29 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-06-10 11:29 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-06-10 11:29 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-06-10 11:29 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-06-10 11:29 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-06-10 11:29 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-06-10 11:29 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-06-10 11:29 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-06-10 11:29 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-06-10 11:29 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-06-10 11:29 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-06-10 11:29 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-06-10 11:29 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-06-10 11:29 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-06-10 11:29 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-06-10 11:29 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-06-10 11:29 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-06-10 11:29 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-06-10 11:29 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-06-10 11:29 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-06-10 11:29 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-06-10 11:29 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-06-10 11:29 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-06-10 11:29 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-06-10 11:29 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-06-10 11:29 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-06-10 11:29 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-06-10 11:29 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-06-10 11:29 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-06-10 11:29 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-06-10 11:29 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-06-10 11:29 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-06-10 11:29 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-06-10 11:29 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-06-10 11:29 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-06-10 11:29 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-06-10 11:29 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-06-10 11:29 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-06-10 11:29 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-06-10 11:29 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-06-10 11:29 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-06-10 11:28 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-06-10 11:24 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-06-10 11:24 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-06-10 11:24 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-06-10 11:24 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-06-10 11:24 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-06-10 11:24 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-06-10 11:24 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-06-10 11:24 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-06-10 11:24 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-06-10 11:24 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-06-10 11:24 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-06-10 11:24 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-06-10 11:23 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-06-10 11:23 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-06-10 11:23 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-06-10 11:23 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-06-10 11:23 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-06-10 11:23 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-06-10 11:23 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-06-10 11:23 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-06-10 11:23 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-06-10 11:23 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-06-10 11:23 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-06-10 11:23 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-06-10 11:23 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-06-10 11:23 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-06-10 11:23 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-06-10 11:23 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-06-10 11:23 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-06-10 11:23 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-06-10 11:23 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-06-10 11:23 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-06-10 11:23 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-06-10 11:23 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-06-10 11:23 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-06-10 11:23 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-06-10 11:23 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-06-10 11:23 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-06-10 11:23 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-06-10 11:23 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-06-10 11:23 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-06-10 11:23 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-06-10 11:23 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-06-10 11:23 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-06-10 11:23 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2015-06-10 11:23 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2015-06-10 11:23 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys 2015-06-09 21:01 - 2015-06-09 21:01 - 00000000 _____ C:\Windows\prleth.sys 2015-06-09 21:01 - 2015-06-09 21:01 - 00000000 _____ C:\Windows\hgfs.sys 2015-06-09 20:07 - 2015-06-11 03:33 - 00506848 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-09 17:00 - 2015-06-09 19:45 - 00000000 ____D C:\Users\Heike Harder\Documents\The Witcher 3 2015-06-09 15:14 - 2015-06-09 15:14 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Spieler.HeikeHarder-HP\Downloads\revosetup95 (1).exe 2015-06-09 12:19 - 2015-06-09 12:19 - 00000000 ____D C:\Users\Heike Harder\AppData\Local\Steam 2015-06-09 10:41 - 2015-06-09 10:41 - 00000000 ____D C:\Windows\SysWOW64\Flash 2015-06-09 10:04 - 2015-06-16 13:55 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Local\22CAFA80-1433844267-1016-BFEA-A7801F358095 2015-06-09 10:01 - 2015-06-16 13:55 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\22CAFA80-1433836887-1016-BFEA-A7801F358095 2015-06-09 10:01 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak 2015-06-09 09:59 - 2015-06-09 09:59 - 03824002 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\reimage_repair_keygen.zip 2015-06-08 23:22 - 2015-06-08 23:06 - 45315620 _____ C:\Users\Spieler.HeikeHarder-HP\Desktop\Produce_0.wmv 2015-06-08 16:24 - 2015-06-08 16:35 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Desktop\stream musik 2015-06-05 14:23 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-06-05 14:23 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-06-05 14:23 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-06-05 14:23 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-06-05 14:23 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-06-05 14:23 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-06-05 14:23 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-06-05 14:23 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-06-04 22:08 - 2015-06-13 11:50 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Desktop\server new 2015-06-04 22:08 - 2015-06-04 22:09 - 10174813 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\minecraft_server.1.8.6.exe 2015-06-03 23:21 - 2015-06-03 23:21 - 28683704 _____ (DVDVideoSoft Ltd. ) C:\Users\Spieler.HeikeHarder-HP\Downloads\FreeVideoToJPGConverter (2).exe 2015-05-28 21:19 - 2015-05-28 21:19 - 03716517 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\powersaves3ds-software-128.zip 2015-05-28 21:19 - 2015-05-28 13:45 - 03747890 _____ (Datel Design & Development ) C:\Users\Spieler.HeikeHarder-HP\Downloads\powersaves_setup_v1.28.exe 2015-05-27 11:22 - 2015-05-27 11:22 - 00684008 _____ (Opera Software) C:\Users\Spieler.HeikeHarder-HP\Downloads\Opera_NI_stable.exe 2015-05-24 20:50 - 2015-06-03 12:24 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Desktop\all ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-16 14:11 - 2015-04-01 23:18 - 00000000 ____D C:\FRST 2015-06-16 14:07 - 2009-07-14 06:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-16 14:07 - 2009-07-14 06:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-16 14:05 - 2011-01-27 20:36 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-16 14:04 - 2014-06-24 19:23 - 00000000 ____D C:\Program Files (x86)\Avira 2015-06-16 14:04 - 2014-06-24 16:10 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Local\LogMeIn Hamachi 2015-06-16 14:03 - 2012-06-04 16:38 - 01947517 _____ C:\Windows\WindowsUpdate.log 2015-06-16 14:01 - 2011-06-23 22:53 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2015-06-16 13:59 - 2014-06-24 19:23 - 00000000 ____D C:\ProgramData\Avira 2015-06-16 13:56 - 2011-03-16 16:37 - 00000441 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2015-06-16 13:55 - 2015-02-19 17:01 - 00000308 _____ C:\Windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job 2015-06-16 13:55 - 2011-03-09 17:38 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\PDF Software 2015-06-16 13:55 - 2011-01-27 20:36 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-16 13:55 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-16 13:54 - 2013-09-03 22:45 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\TS3Client 2015-06-15 23:30 - 2013-01-07 23:41 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\.minecraft 2015-06-15 23:19 - 2013-01-20 00:21 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Skype 2015-06-15 20:40 - 2014-07-03 12:03 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Glyph 2015-06-15 20:37 - 2012-12-09 12:38 - 00000000 ____D C:\Program Files (x86)\RIFT 2015-06-15 20:28 - 2014-07-03 12:03 - 00000000 ____D C:\Program Files (x86)\Glyph 2015-06-15 14:34 - 2011-01-07 21:54 - 00799382 _____ C:\Windows\system32\perfh007.dat 2015-06-15 14:34 - 2011-01-07 21:54 - 00188890 _____ C:\Windows\system32\perfc007.dat 2015-06-15 14:34 - 2009-07-14 07:13 - 01903918 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-15 12:45 - 2012-10-02 22:41 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Documents\RIFT 2015-06-15 12:45 - 2011-01-29 13:53 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes 2015-06-14 16:11 - 2014-06-25 12:44 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Powersaves3DS 2015-06-14 15:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2015-06-14 11:49 - 2013-03-18 22:19 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Apps\2.0 2015-06-13 18:07 - 2015-04-01 23:18 - 02109952 _____ (Farbar) C:\Users\Spieler.HeikeHarder-HP\Downloads\FRST64.exe 2015-06-13 17:53 - 2015-05-12 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher Enhanced Edition 2015-06-13 17:53 - 2013-12-16 09:15 - 00001000 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 30.lnk 2015-06-13 17:53 - 2011-04-06 19:06 - 00001031 _____ C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-06-13 11:49 - 2015-02-05 11:50 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Desktop\server 2015-06-12 18:45 - 2014-08-06 12:01 - 00000000 ____D C:\ProgramData\Package Cache 2015-06-12 18:36 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2015-06-12 18:34 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2015-06-12 18:11 - 2015-02-19 17:01 - 00002586 _____ C:\Windows\System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c 2015-06-11 18:35 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2015-06-11 17:51 - 2011-07-10 23:06 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\vlc 2015-06-11 14:51 - 2015-02-17 13:50 - 00002409 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\desmume.ini 2015-06-11 14:50 - 2014-08-28 20:02 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Documents\lp 2015-06-11 12:57 - 2012-08-16 23:15 - 00000000 ____D C:\Program Files (x86)\Pando Networks 2015-06-11 10:00 - 2014-09-30 21:27 - 00000000 ____D C:\Users\Heike Harder\AppData\Local\LogMeIn Hamachi 2015-06-11 04:24 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-06-11 03:38 - 2014-06-03 11:02 - 00003860 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1387178156 2015-06-11 03:38 - 2011-01-27 12:58 - 00000000 ____D C:\Program Files (x86)\Opera 2015-06-11 03:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-06-11 03:07 - 2013-08-16 09:04 - 00000000 ____D C:\Windows\system32\MRT 2015-06-11 03:02 - 2011-01-31 19:17 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-06-09 21:05 - 2012-09-11 10:43 - 00000000 ____D C:\ProgramData\NexonUS 2015-06-09 20:23 - 2012-06-12 19:26 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-06-09 20:23 - 2012-03-07 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2015-06-09 19:45 - 2011-01-07 21:18 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-06-09 16:39 - 2014-12-14 18:06 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\OBS 2015-06-09 14:59 - 2011-01-29 14:11 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\SoftGrid Client 2015-06-09 12:14 - 2011-03-04 12:43 - 00000000 ____D C:\ProgramData\Origin 2015-06-09 12:09 - 2011-07-07 09:25 - 00000000 ____D C:\Users\Heike Harder\AppData\Local\Origin 2015-06-09 12:08 - 2011-07-07 09:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2015-06-09 12:08 - 2011-07-07 09:23 - 00000000 ____D C:\Program Files (x86)\Origin 2015-06-09 11:28 - 2014-09-30 21:27 - 00002555 _____ C:\Users\Heike Harder\Desktop\Google Chrome.lnk 2015-06-09 11:28 - 2011-04-07 08:16 - 00001729 _____ C:\Users\Heike Harder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-06-09 10:57 - 2011-02-11 12:08 - 00000000 ____D C:\Users\Heike Harder\AppData\Roaming\PDF Software 2015-06-08 19:08 - 2015-02-17 13:51 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Downloads\Battery 2015-06-08 19:08 - 2014-08-21 22:58 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Desktop\uni 2015-06-08 18:49 - 2013-10-04 14:37 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\alles 2015-06-08 15:37 - 2015-05-11 21:44 - 00000512 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\Digimon - Battle Spirit (D, F, E).sav 2015-06-08 15:37 - 2015-03-23 11:31 - 00002441 _____ C:\Users\Spieler.HeikeHarder-HP\Downloads\vba.ini 2015-06-08 13:41 - 2014-12-14 18:06 - 00000000 ____D C:\Program Files (x86)\OBS 2015-06-08 11:15 - 2014-12-14 18:06 - 00000000 ____D C:\Program Files\OBS 2015-06-06 03:16 - 2014-12-11 04:23 - 00000000 ____D C:\Windows\system32\appraiser 2015-06-06 03:16 - 2014-05-01 03:02 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-06-04 14:57 - 2011-03-02 15:03 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\KlebezettelNG 2015-06-03 23:22 - 2015-04-03 11:17 - 00001514 _____ C:\Users\Public\Desktop\Free Video to JPG Converter.lnk 2015-06-03 23:22 - 2015-04-03 11:17 - 00001247 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2015-06-03 23:22 - 2014-09-21 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-06-03 23:22 - 2014-09-21 20:49 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft 2015-06-03 23:21 - 2012-12-30 13:01 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\DVDVideoSoft 2015-06-03 15:36 - 2012-04-06 20:04 - 00000000 ____D C:\ProgramData\Skype 2015-06-03 09:53 - 2012-04-12 13:23 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-29 11:18 - 2011-01-29 12:51 - 00153880 _____ C:\Users\Spieler.HeikeHarder-HP\AppData\Local\GDIPFONTCACHEV1.DAT 2015-05-28 21:20 - 2014-06-25 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Action Replay PowerSaves 3DS 2015-05-28 21:20 - 2014-06-25 13:55 - 00000000 ____D C:\Program Files (x86)\Action Replay PowerSaves 3DS 2015-05-27 11:18 - 2012-06-08 18:21 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Google 2015-05-25 16:25 - 2015-02-20 21:06 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\Downloads\Cheats 2015-05-23 14:27 - 2011-01-27 20:36 - 00000000 ____D C:\Program Files (x86)\Google 2015-05-23 12:17 - 2012-04-12 13:23 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-05-23 12:17 - 2012-04-12 13:23 - 00003824 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-05-23 12:17 - 2011-05-23 10:55 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-05-23 12:16 - 2014-10-17 07:57 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Adobe 2015-05-21 03:00 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-05-21 03:00 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\system32\GWX 2015-05-21 01:01 - 2014-05-02 14:03 - 00000000 ____D C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Winamp ==================== Files in the root of some directories ======= 2014-08-18 16:36 - 2014-08-18 16:56 - 0004608 _____ () C:\Users\Spieler.HeikeHarder-HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-03-15 15:52 - 2015-03-15 15:52 - 0001507 _____ () C:\Users\Spieler.HeikeHarder-HP\AppData\Local\recently-used.xbel 2014-04-21 13:47 - 2014-04-21 13:47 - 0007600 _____ () C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Resmon.ResmonCfg 2011-12-22 20:26 - 2012-01-03 22:39 - 0001682 ___SH () C:\ProgramData\KGyGaAvL.sys Some files in TEMP: ==================== C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-13 18:46 ==================== End of log ============================ |
16.06.2015, 13:16 | #14 |
| Nervige Popups, Videos so wie ständiges selbst Installieren von Anyprotect und Mystartserac [Code]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015 Ran by Spieler at 2015-06-16 14:12:37 Running from C:\Users\Spieler.HeikeHarder-HP\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2355925718-3238339638-3018866954-500 - Administrator - Disabled) Gast (S-1-5-21-2355925718-3238339638-3018866954-501 - Limited - Disabled) => C:\Users\Gast Heike Harder (S-1-5-21-2355925718-3238339638-3018866954-1001 - Administrator - Enabled) => C:\Users\Heike Harder HomeGroupUser$ (S-1-5-21-2355925718-3238339638-3018866954-1013 - Limited - Enabled) Spieler (S-1-5-21-2355925718-3238339638-3018866954-1007 - Administrator - Enabled) => C:\Users\Spieler.HeikeHarder-HP UpdatusUser (S-1-5-21-2355925718-3238339638-3018866954-1012 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3RVX (HKLM-x32\...\{66BB5D8F-D9BD-4799-A9FA-5731B3B7839A}) (Version: 2.5 - matt.malensek.net) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) ABBYY FineReader 10 Professional Edition (HKLM-x32\...\{F1000000-0001-0000-0000-074957833700}) (Version: 10.501.159.70013 - ABBYY) Action Replay DSi Code Manager (HKLM-x32\...\Action Replay DSi Code Manager_is1) (Version: - ) Action Replay PowerSaves 3DS Version 1.28 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.28 - Datel Design & Development) ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.) Adobe Creative Suite 2 (HKLM-x32\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version: - ) Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - ) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated) Adobe Photoshop Elements 6.0 (HKLM-x32\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems, Inc.) Adobe Reader X (10.1.14) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated) Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.) Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.12.2400) (Version: 1.12.2400 - Aeria Games & Entertainment) Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.12.2400 - Aeria Games & Entertainment) Aeria Ignite (x32 Version: 1.12.2400 - Aeria Games & Entertainment) Hidden Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden Akamai NetSession Interface (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Akamai) (Version: - Akamai Technologies, Inc) Amazon Music (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC) Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ashampoo Burning Studio Elements 10.0.9 (HKLM-x32\...\Ashampoo Burning Studio Elements_is1) (Version: 3.1.1 - Ashampoo GmbH & Co. KG) Ashampoo Office 2008 (C:\Program Files (x86)\Ashampoo\Ashampoo Office 2008) (HKLM-x32\...\sm-un1.u32) (Version: - SoftMaker Software GmbH) Ashampoo Photo Commander 7.60 (HKLM-x32\...\Ashampoo Photo Commander 7_is1) (Version: 7.6.0 - ashampoo GmbH & Co. KG) Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team) Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.10 - Audible, Inc.) Autostart ok-s 2.0 (HKLM-x32\...\{83832C13-FE26-4058-9BEB-89C422F569B3}) (Version: 1.0 - Olaf Koch) Avira (HKLM-x32\...\{0696cc37-db90-4000-be99-4a173ca7c8af}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG) Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - ) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden BenVista PhotoZoom Classic 2.0 (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\PhotoZoom Classic 2) (Version: 2.0 - BenVista Ltd) BenVista PhotoZoom Express 3.0 (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\PhotoZoom Express 3) (Version: 3.0 - BenVista Ltd) Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden Brother MFL-Pro Suite MFC-J6510DW (HKLM-x32\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 1.0.20.0 - Brother Industries, Ltd.) Build-a-Lot - The Elizabethan Era (x32 Version: 2.2.0.95 - WildTangent) Hidden Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden CCEnhancer 3.2 (HKLM-x32\...\CCEnhancer) (Version: 3.2 - ) CCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform) Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version: - Dark Byte) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) COMPUTERBILD App-Center (HKLM-x32\...\{21295604-BBCA-4A3E-B1D1-1B8A746C4A52}) (Version: 1.0.23 - J3S) COMPUTERBILD-Cloud (HKLM\...\COMPUTERBILD-Cloud_is1) (Version: - CyberGhost S.R.L.) Curse Client (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\101a9f93b8f0bb6f) (Version: 5.1.1.792 - Curse) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Defraggler (HKLM\...\Defraggler) (Version: 2.01 - Piriform) DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 1.0.1.46 - INTENIUM GmbH) Die Jade-Münze (HKLM-x32\...\Die Jade-Münze) (Version: 1.0.0.0 - INTENIUM GmbH) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden DomainInspect (HKLM-x32\...\DomainInspect) (Version: - AntsSoft) Drakensang 2 Savegame Editor (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Drakensang 2 Savegame Editor) (Version: - Philipp Jardas) Drakensang Savegame Editor (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\Drakensang Savegame Editor) (Version: - Philipp Jardas) DriverMax 7 (HKLM-x32\...\DMX5_is1) (Version: 7.53.0.1091 - Innovative Solutions) DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard) DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden DVD Video Soft Toolbar (HKLM-x32\...\dvdvideosofttoolbar) (Version: 1.0.0.12 - ) DVDVideoSoftTB Toolbar (HKLM-x32\...\DVDVideoSoftTB Toolbar) (Version: 6.9.0.16 - DVDVideoSoftTB) EA Shared Game Component: Activation (HKLM-x32\...\com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1) (Version: 2.2.0.62 - Electronic Arts) EA Shared Game Component: Activation (x32 Version: 2.2.0 - Electronic Arts) Hidden EPSON SX430 Series Printer Uninstall (HKLM\...\EPSON SX430 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Free 3GP Video Converter version 5.0.13.608 (HKLM-x32\...\Free 3GP Video Converter_is1) (Version: 5.0.13.608 - DVDVideoSoft Ltd.) Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.) Free Audio Converter version 5.0.21.1212 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.21.1212 - DVDVideoSoft Ltd.) Free Studio version 6.5.0.219 (HKLM-x32\...\Free Studio_is1) (Version: 6.5.0.219 - DVDVideoSoft Ltd.) Free Video to JPG Converter version 5.0.59.525 (HKLM-x32\...\Free Video to JPG Converter_is1) (Version: 5.0.59.525 - DVDVideoSoft Ltd.) Free YouTube Download 3 version 3.0.6.715 (HKLM-x32\...\Free YouTube Download 3_is1) (Version: - DVDVideoSoft Limited.) Free YouTube to DVD Converter version 3.0.3.923 (HKLM-x32\...\Free YouTube to DVD Converter_is1) (Version: - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.59.505 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.59.505 - DVDVideoSoft Ltd.) GameWiz32 (HKLM-x32\...\GameWiz32) (Version: 1.43 - Nico Ebert) Geheimnis von Montezuma (HKLM-x32\...\Geheimnis von Montezuma) (Version: 0.0.0.0 - INTENIUM GmbH) Geheimnis von Montezuma 2 (HKLM-x32\...\Geheimnis von Montezuma 2) (Version: 1.0.0.0 - INTENIUM GmbH) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Glitzerndes Troja (HKLM-x32\...\Glitzerndes Troja_is1) (Version: - Contendo Media GmbH) Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.) Harvard Publisher 6.0 (HKLM-x32\...\Harvard Publisher 6.0) (Version: - ) Harvard Publisher 6.0 Inhalts-CD-ROM (HKLM-x32\...\Harvard Publisher 6.0 Inhalts-CD-ROM) (Version: - ) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent) HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard) HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard) HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard) HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard) HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}) (Version: 5.1.8.12 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard) HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard) HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden Hühner-Attacke (HKLM-x32\...\Hühner-Attacke) (Version: 0.0.0.0 - INTENIUM GmbH) Hühner-Rache Deluxe Special (HKLM-x32\...\Hühner-Rache Deluxe Special) (Version: - ) HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.29.01 - Hyperionics Technology LLC) Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) Internet Turbo Engine (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\{28583d9b-8f7d-474c-b990-7328c7428bae}) (Version: 10.197.20.13927 - ReSoft Ltd.) iTunes (HKLM\...\{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}) (Version: 10.5.2.11 - Apple Inc.) Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle) JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH) Jewel Quest II (x32 Version: 2.2.0.95 - WildTangent) Hidden Jewel Quest Solitaire (HKLM-x32\...\Jewel Quest Solitaire) (Version: 1.0.0.0 - INTENIUM GmbH) Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden Jewel Quest Solitaire II (HKLM-x32\...\Jewel Quest Solitaire II) (Version: 1.0.0.0 - INTENIUM GmbH) Jewel Quest Solitaire III (HKLM-x32\...\Jewel Quest Solitaire III) (Version: 1.0.0.0 - INTENIUM GmbH) John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Klebezettel NG (Version 2.9.14) (HKLM-x32\...\{4F81901F-3655-4340-8227-F687F69A3C79}}_is1) (Version: - ) Land der Magie (HKLM-x32\...\Land der Magie) (Version: 1.0.0.0 - INTENIUM GmbH) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) Hidden LoiLo Game Recorder (HKLM\...\{89E4163C-BD19-45A9-BCEB-980741786799}_is1) (Version: 1.1.0.0 - LoiLo inc.) LoiLoScope 2 (HKLM-x32\...\{CAB75FFC-2377-4B95-A8FA-C9234B812A92}_is1) (Version: 2.5.3.2 - LoiLo inc) M6 Processing 1.0 (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\M6 Processing) (Version: 1.0 - Pysy Software S.L.) Magelo Sync (uninstall only) (HKLM\...\Magelo Sync) (Version: - ) MAGIX Filme auf DVD Download-Version (x32 Version: 9.0.1.2 - MAGIX AG) Hidden MAGIX Video deluxe 17 Download-Version (x32 Version: 10.0.1.14 - MAGIX AG) Hidden Mah Jong Quest (HKLM-x32\...\Mah Jong Quest) (Version: 0.0.0.0 - INTENIUM GmbH) Mah Jong Quest II (HKLM-x32\...\Mah Jong Quest II) (Version: 0.0.0.0 - INTENIUM GmbH) Mah Jong Quest III (HKLM-x32\...\Mah Jong Quest III) (Version: 0.0.0.0 - INTENIUM GmbH) Mahjongg – Ancient Egypt (HKLM-x32\...\Mahjongg – Ancient Egypt) (Version: 1.0.0.0 - INTENIUM GmbH) Mahjongg – Ancient Mayas (HKLM-x32\...\Mahjongg – Ancient Mayas) (Version: 0.0.0.0 - INTENIUM GmbH) Mahjongg Artifacts (HKLM-x32\...\Mahjongg Artifacts) (Version: 0.0.0.0 - INTENIUM GmbH) Mahjongg Artifacts 2 (HKLM-x32\...\Mahjongg Artifacts 2) (Version: 0.0.0.0 - INTENIUM GmbH) Mahjongg Dimensions Deluxe: Tiles in Time (HKLM-x32\...\Mahjongg Dimensions Deluxe: Tiles in Time) (Version: 1.0.0.0 - INTENIUM GmbH) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office XP Professional (HKLM-x32\...\{91110407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Moorhuhn Schatzjäger 3 (HKLM-x32\...\Moorhuhn Schatzjäger 3) (Version: 1.00 - phenomedia publishing gmbh) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard) Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden Mozilla Thunderbird (3.1.7) (HKLM-x32\...\Mozilla Thunderbird (3.1.7)) (Version: 3.1.7 (de) - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) Mystery Solitaire: Secret Island (HKLM-x32\...\Mystery Solitaire: Secret Island) (Version: 0.0.0.0 - INTENIUM GmbH) NC Launcher (GameForge) (HKLM-x32\...\NCLauncher_GameForge) (Version: - NCsoft) No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23) Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) NVIDIA 3D Vision Controller-Treiber 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.90 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation) Office-Bibliothek (HKLM-x32\...\{5C81B189-5456-40C4-9313-7FE6FA6DD64C}) (Version: 5.00.3 - Bibliographisches Institut & F.A. Brockhaus AG) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org) Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA) Opera Stable 30.0.1835.59 (HKLM-x32\...\Opera 30.0.1835.59) (Version: 30.0.1835.59 - Opera Software) Origin (HKLM-x32\...\Origin) (Version: 9.1.13.85 - Electronic Arts, Inc.) paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC) PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.) PCSUITE ADVISOR (HKLM-x32\...\PCSUITE_ADVISOR_PRO_is1) (Version: - Markement GmbH) PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company) Pinball Escape (HKLM\...\UDK-4601a1a3-d3ca-4b8b-99ca-a569081d9943) (Version: - Epic Games, Inc.) Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.) PowerDirector (Version: 10.00.0000 - CyberLink Corp.) Hidden QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6622 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden Restricted Area (HKLM-x32\...\Restricted Area_is1) (Version: Restricted Area - Master Creating) Retter in der Not (HKLM-x32\...\Retter in der Not) (Version: 1.0.0.0 - INTENIUM GmbH) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) RIFT (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\RIFT) (Version: - Trion Worlds, Inc.) RIFT Beta (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\RIFT-Beta) (Version: - Trion Worlds, Inc.) Ritter Arthur (HKLM-x32\...\Ritter Arthur) (Version: 1.0.0.0 - INTENIUM GmbH) Scansoft PDF Professional (x32 Version: - ) Hidden Serif PhotoPlus X2 (HKLM-x32\...\{FC935397-C56E-4EE3-B9BC-1F7F3EA6CE41}) (Version: 12.0.3.013 - Serif (Europe) Ltd) Shaiya-DE (HKLM-x32\...\Shaiya-DE) (Version: - ) shopperz 2.0.0.461 (HKLM\...\{d0174004-bb12-464b-b666-9ba9bdbd750a}_is1) (Version: 2.0.0.461 - shopperz) Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.) Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Soda PDF 2012 (HKLM-x32\...\{A5EB5C60-5303-46C2-ABC8-860D94A8A973}) (Version: 2.0.33.2835 - LULU Software) South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH) TeamSpeak 3 Client (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\TeamSpeak 3 Client) (Version: 3.0.12 - TeamSpeak Systems GmbH) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer) The Witcher Enhanced Edition Version 1.6 (HKLM-x32\...\The Witcher Enhanced Edition_is1) (Version: 1.6 - CD Projekt RED) The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD PROJEKT RED) TileSetMaker (HKLM-x32\...\TileSetMaker) (Version: - ) Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore) Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore) TP-LINK Wireless Client Utility (HKLM-x32\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK) TQ Defiler.NET (HKLM-x32\...\{F4CB0C1E-A88F-46D7-AC9A-03B349A8D64F}) (Version: 1.3.7 - Soul's Software) TQVault 2.11 (HKLM-x32\...\TQVault_is1) (Version: - bman654) Treiber-Studio 2013 (HKLM\...\{7660521A-062D-41F5-AA5E-CBA0E0511131}) (Version: 8.0.519 - Publish Data) Unity Web Player (HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\UnityWebPlayer) (Version: - Unity Technologies ApS) USB Audio/Video Driver (HKLM-x32\...\InstallShield_{015C057F-D7B9-4D82-B266-FBCF0178F382}) (Version: 1.00.0000 - ) USB Audio/Video Driver (x32 Version: 1.00.0000 - ) Hidden USB Network Driver (HKLM-x32\...\{66ED8E01-C915-41F5-B33E-C5C31F27B885}) (Version: 2007.07.3 - ) Video Thumbnails Maker by Scorp (remove only) (HKLM-x32\...\Video Thumbnails Maker) (Version: - ) ViGlance (HKLM-x32\...\ViGlance) (Version: 1001194 - Lee-Soft.com) Vindictus (HKLM-x32\...\Vindictus) (Version: - ) Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version: - ) Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden Vista Start Menu 3.36 (HKLM-x32\...\Vista Start Menu_is1) (Version: 3.36 - OrdinarySoft) VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN) VP3 Codec Version 3.2.6.1 (HKLM-x32\...\VP3 Codec Version 3.2.6.1) (Version: - ) Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation) Winload Toolbar (HKLM-x32\...\Winload Toolbar) (Version: 6.8.9.0 - Winload) XLink Kai Evolution 7 (HKLM-x32\...\{F90592EC-5E58-4EE6-A333-EC05ED57ACF4}) (Version: 7.1.7.7 - Team XLink) Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC) Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File CustomCLSID: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007_Classes\CLSID\{b24abb2f-a278-4d8e-953c-24d702c5cd73}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 11-06-2015 12:55:08 Revo Uninstaller's restore point - Pando Media Booster 11-06-2015 19:06:40 Revo Uninstaller's restore point - mystartsearch uninstall 11-06-2015 19:10:41 Revo Uninstaller's restore point - AnyProtect 12-06-2015 15:23:52 Revo Uninstaller's restore point - Zombie News 12-06-2015 18:03:16 Revo Uninstaller's restore point - Word Processor Text Wrap 12-06-2015 18:08:49 Revo Uninstaller's restore point - Avira Antivirus 12-06-2015 18:20:04 Revo Uninstaller's restore point - Avira 16-06-2015 12:28:35 Windows Update ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01A8FBEE-F847-42AC-BA4F-00A1898D52EA} - System32\Tasks\{A1B14BEA-175E-4E8C-BEE2-5DDA0F36CE9D} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {07B88545-8678-48F3-A6C7-1FBFFD50D661} - System32\Tasks\{1003CA87-689D-4BA1-9991-D848D14F3F1C} => pcalua.exe -a E:\AUTOSTARTER.EXE -d E:\ Task: {07C3EB77-BAD1-4CE8-A8AC-7F7B2FC0B156} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-09-27] () Task: {099D38D9-347D-4927-A8D6-717739F0B2D9} - System32\Tasks\{7F6DEF33-A300-41FA-A541-DBEC7DD61924} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {0BB09DF1-229E-407A-B1B9-3AC39272E7CB} - System32\Tasks\{2FE07B1C-ECD4-4699-B785-2C1187027CF6} => C:\Program Files (x86)\TQVault\TQVault.exe [2007-03-18] () Task: {10767F79-86BB-4CBE-A00F-FFEEAF2BB163} - System32\Tasks\{66C961E8-5007-4324-903F-35DBDB476678} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {14001BFE-1F98-4D9A-A750-6AE835038689} - System32\Tasks\{E285D0AD-6380-4D20-A7E3-50700C93908A} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {170BCD56-2CA0-49B4-9F7C-5EBAE2C2D462} - System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe Task: {1759C3E3-2931-441F-8EF6-565E7B4B967C} - System32\Tasks\{AD853451-27EC-49FA-BE81-3E72E4EC04B2} => pcalua.exe -a E:\setup.exe -d E:\ Task: {1BF75E84-A4B3-4CD0-B537-E9B1CEB547A9} - System32\Tasks\{D618E586-8508-4056-B127-BCB49FAA1349} => pcalua.exe -a "C:\Program Files (x86)\Dragon Age\bin_ship\EAProxyInstaller.exe" -d "C:\Program Files (x86)\Dragon Age\bin_ship" Task: {1CE42E40-BEA3-40D6-B42D-C54E78338C19} - System32\Tasks\{AC8529D0-457C-4858-B446-99E3F2D44A5F} => C:\Program Files\HyperCam 2\HyCam2.exe Task: {1D253A63-D540-4C66-B6C6-563742BC0F6E} - System32\Tasks\{9CA9B3AA-1AD3-4D26-BB36-A9DA9005BE34} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {1EDA99EA-7455-4F84-A4AD-D1CC2C972E15} - System32\Tasks\{A67E58E4-AE88-49A7-85A6-7453A92EB2A9} => C:\Program Files (x86)\Drakensang Online\thinclient.exe Task: {228BDEE1-C8C3-4C7F-BEE3-91A0B6F66C2F} - System32\Tasks\{67DA8AEA-6354-42CE-B407-E33C42A282D5} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {23B7FBBE-A7D5-4A34-AD46-060CC765D92E} - System32\Tasks\{7FD504B3-841B-408D-8619-E88E190DA8D6} => C:\Program Files (x86)\Divinity II - Ego Draconis\Divinity_II_Patch_1.03_GERMAN.exe Task: {245A5C11-D036-4CE3-A206-3D0087FF869D} - System32\Tasks\{85FDF290-C320-404D-84B8-6779231A31E0} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {2521C72D-ACF7-4E0D-9F18-A11B57FE74CC} - System32\Tasks\{68E7106A-FDBD-4F0D-8550-DF8A459AFE69} => C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe Task: {2553768B-2AE4-48DF-A613-C7A4A494EE9C} - System32\Tasks\{9CA5AF8D-3F0F-42C7-BD91-D915420ACFE3} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {29C47B50-5DFF-438F-99CB-706D6E748C95} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.) Task: {2BEC5C53-25E2-4659-9513-0C6DC990BD02} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation) Task: {2D359077-ABF9-455A-A2BD-11A8CA7A3FAE} - System32\Tasks\{C9EE2AD4-524E-414F-A50C-DA6B832B5BF8} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {2F1A4251-378C-4421-97E8-3C7D0897D184} - System32\Tasks\{5C73300B-5FF6-46B9-B37C-1D01610BE815} => pcalua.exe -a E:\3DS_Capture_Card_driver\3ds_driver_setup_(WinXP_Vista_7_8_8.1).exe -d E:\3DS_Capture_Card_driver Task: {31A6B50D-488E-4A4A-BE59-F4D33832D8A7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation) Task: {32D184EF-A82C-44B6-9E6E-23488E1E6F81} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation) Task: {336613B4-A4E0-4242-B841-6A7B83C0D918} - System32\Tasks\{472CECA2-D1CA-452A-A9CD-2E5F66E02CBF} => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2015-03-30] (LogMeIn Inc.) Task: {38BD3EA0-C784-4ADE-AABD-97FF17CFBBE9} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {3DF64CDE-D27B-4C6D-BDBE-B77C15AE6721} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2355925718-3238339638-3018866954-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.) Task: {42D95011-430F-42F0-A494-B45A84D8E644} - System32\Tasks\{897D3095-7A62-409F-BEF5-A770BF0CF4DE} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {49C78CDC-889A-45FC-B75C-6600F9966CAB} - System32\Tasks\{79015419-0F92-45C0-8EE4-4E179F736190} => C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe Task: {50806D0A-2107-49B6-A98D-57965254570C} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {55C47305-75B5-48A0-908E-0D9AF695E449} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-18] (Hewlett-Packard Company) Task: {56506F83-9B43-4450-B403-9696BE10DBD9} - System32\Tasks\{0D8E4BFB-4760-4899-941A-A04A53FD3A39} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {58C2BEB1-2B7A-4C4C-B1A1-AC302CE23429} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.) Task: {5A2C67D9-88D2-4AEC-B074-A4829C40D7C8} - System32\Tasks\{36C8FF93-8BD8-4E30-A5D6-ED25FFEC2812} => C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe [2014-08-10] (TeamSpeak Systems GmbH) Task: {5D92F5D7-5F78-4E3B-AF91-2B41FEE2270B} - System32\Tasks\{4973F1FB-630E-40E2-9C70-88009C1BB43E} => C:\Program Files (x86)\Monte Cristo\Silverfall - Wächter der Elemente - Demo\SilverfallDemo.exe Task: {5DF0F1DF-816A-4B0D-8969-D28DE8BE9CD6} - System32\Tasks\{1E96FC8D-8C2B-460C-9F54-28CBC2884878} => C:\Program Files (x86)\CyberLink\PowerDirector\PDR.exe Task: {71B4D24B-817F-41DE-BE2E-C87686063F41} - System32\Tasks\{500EE935-E46A-4AA0-AD58-8D8A54253987} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {71C80375-1CDC-4DA3-AEB3-2CCF2A77A05B} - System32\Tasks\{2D02A1A1-B88D-4F22-BE09-2AAC6542545D} => pcalua.exe -a "C:\Program Files\TeamSpeak 3 Client\plugins\ts3overlay\InstallHook.exe" -d "C:\Program Files\TeamSpeak 3 Client\plugins\ts3overlay\" -c ts3overlay_hook_win32.dll 10000 Task: {74FB1AD8-296D-4FA7-B1F0-D01E746BCD72} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {7537B895-1433-4A0A-B8F3-77C5129BD106} - System32\Tasks\{CC601210-52A7-4E2E-8BE7-E2E5643F0396} => C:\Program Files\HyperCam 2\HyCam2.exe Task: {839A0A3D-2712-483E-83AE-1B228A4E11D7} - System32\Tasks\Opera scheduled Autoupdate 1387178156 => C:\Program Files (x86)\Opera\launcher.exe [2015-06-10] (Opera Software) Task: {8A6FC5E8-EF62-41F8-A8A5-3E3757027530} - System32\Tasks\{C58DA0D1-31F7-475E-BE33-B1F7592A93B5} => C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe [2014-08-10] (TeamSpeak Systems GmbH) Task: {953B319A-52DE-4460-B15C-45ED8C6E5A27} - System32\Tasks\{7BDD7497-A7C0-4293-AC7A-CA49768B3715} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {9A3001AE-0F9D-453E-BAFE-78FE333C8D39} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-08-20] (CyberLink) Task: {9BADB5E6-0EB0-4887-9574-8E32F13A2FFD} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {9EE58FF6-A4F8-4493-89EB-61F5B8006377} - System32\Tasks\{83F7BE8B-3672-4C01-806C-B8D7BADBA939} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {9F7A8A39-9A36-4B20-989E-CFCE33B1E8F2} - System32\Tasks\{EDA016A9-6648-481B-BB50-DF45ED33DA31} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {9F7CA800-2D8A-4033-A94A-9FC9B217E7A7} - System32\Tasks\{412675ED-C224-4FF8-8571-5445803EC050} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {AB2859EC-7065-4D93-AE2D-344A32FF0098} - System32\Tasks\{088F98D3-4398-4748-B038-7915992C069D} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {AC239D12-5FF9-4F16-8A55-EBEBEDA89C6D} - System32\Tasks\{AB9E4B60-D7D4-4489-A561-614D85309523} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {ADC8DFD5-05B7-48C8-A7CC-B236983A1808} - System32\Tasks\{F779D376-AED6-4FEE-B8E4-143428962663} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {B3279C17-9920-4EFF-98BD-52652976909F} - System32\Tasks\{8DB3F366-A097-4A5D-A000-0C16DFFE209E} => C:\Program Files (x86)\JoWooD\SpellForce Demo\SpellForced.exe Task: {B63FF6D1-52A1-44F6-8079-FC59CAC150F7} - System32\Tasks\{19AA9B0E-513F-411F-8A36-5A48E0FDB28B} => C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe Task: {BE152DD4-9412-404F-975A-AA8027D5757E} - System32\Tasks\{C14076FC-5996-456C-B87D-9D686938FE02} => C:\Program Files (x86)\Datel\WiFi MAX\WM.EXE Task: {BF2F502A-C412-4289-B7B9-25BBA3E3FE9F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-18] (Hewlett-Packard Company) Task: {BFA5AF4D-028E-475B-A3B7-2AE64B277C07} - System32\Tasks\{3D75B136-7B65-4B54-B0DB-4CD1368B54AD} => pcalua.exe -a "C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\uninstbb.exe" Task: {C248182A-7AED-4A14-AA1D-C49D29BC0100} - System32\Tasks\{A4983898-78F0-4A6A-AA6C-34ECA5EC873B} => pcalua.exe -a C:\Users\Spieler.HeikeHarder-HP\Documents\RIFT\setup.exe -d C:\Users\Spieler.HeikeHarder-HP\Documents\RIFT Task: {C3C4839D-E51F-4CC8-8008-55D1A3457968} - System32\Tasks\{2B5D54DC-6890-4BD3-A388-01346A0139FE} => pcalua.exe -a C:\Users\Spieler\Documents\Downlodes\MahjonggArtifacts2.exe -d C:\Users\Spieler\Documents\Downlodes Task: {C62C9580-EE55-4935-93AC-F8A8A80A7E06} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2355925718-3238339638-3018866954-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.) Task: {C82A8F19-42FF-4733-BFA1-701EEB2196A2} - System32\Tasks\{2EB9F633-1C7D-471B-9D41-7930F7192F42} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\Uninstall.exe" Task: {C9E22DA0-7805-4B28-B265-7F0002E168C2} - System32\Tasks\{FAE212E9-0CA9-4EF9-881B-FB56B5519A36} => C:\Program Files (x86)\TQVault\TQVault.exe [2007-03-18] () Task: {CB364AAC-8A72-4DD4-B732-AA4FB27DADC6} - System32\Tasks\{FD932190-4DCE-4EFB-8275-CCB6841E084C} => C:\Program Files (x86)\CyberLink\PowerDirector\PDR.exe Task: {CD7FF6C1-E9D1-4FA5-9131-A6B5D93F3C3C} - System32\Tasks\{B26BBC9F-AC7C-4953-9FA7-CA011047A7F0} => C:\Program Files (x86)\CyberLink\PowerDirector\PDR.exe Task: {D0E886EE-2AB7-4E36-BEDA-B15643EBDA63} - System32\Tasks\{7A4735AA-26B5-4F00-A23A-E669986102AD} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {D94779DF-581F-4F9F-A627-8DDB743E040F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks Task: {DBB41067-C231-4E0E-8399-D2397A2768F1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {DC4A8E46-4BBC-43C4-B86A-962F9763E636} - System32\Tasks\{7DD8442C-43A1-46AA-8D56-18DE6AC9AA25} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {DC8D724C-1FC6-4E88-BFA8-431DBC63E82E} - System32\Tasks\{F003A125-9256-4022-8C48-DEA75D2EC1F8} => C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe Task: {DF306A0E-1234-4ED8-87C5-2E79D3A61B6C} - System32\Tasks\{42254E81-80B3-4EBB-A425-E87D1499C5F1} => pcalua.exe -a C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes\sacreduw2_21ger\SacredUW_ger_2.21_retail.exe -d C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes\sacreduw2_21ger Task: {E5B5252D-CA06-4DB0-BEE5-3A0D0ED561BD} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2014-11-22] (Microsoft Corporation) Task: {EB112395-5E92-4203-9283-9439B69C0623} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-23] (Adobe Systems Incorporated) Task: {EBF70D8E-ADE6-4C57-831E-65A3828F6F84} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG) Task: {F0265FC3-20B1-4069-B9C3-B431DE2697DA} - System32\Tasks\{17F06A71-0601-42A9-B5DB-F57D4063A6DE} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: {FCC9FE11-4486-43AD-A901-3B347B5C4622} - System32\Tasks\{C8CA1BFE-1690-4854-B670-51C2140AF22E} => pcalua.exe -a C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes\Avatar_The_Game_Demo.exe -d C:\Users\Spieler.HeikeHarder-HP\Documents\Downlodes Task: {FDB3A3A8-567C-4150-A17A-4444C631180E} - System32\Tasks\{13F537D5-0AB6-4A55-9307-8A4EF1088C32} => C:\Program Files (x86)\Restricted Area\Starter.exe [2007-11-22] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2011-04-07 23:19 - 2015-02-05 21:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-04-05 20:06 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll 2012-06-04 12:03 - 2012-02-15 17:05 - 00014848 _____ () C:\Program Files\COMPUTERBILD-Cloud\Data\Tools\mounter.exe 2012-04-20 16:30 - 2010-08-19 11:43 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2014-03-19 19:34 - 2014-03-19 19:34 - 00175424 _____ () C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\M6 Processing\vm6.exe 2014-12-22 17:43 - 2014-12-08 08:27 - 06277952 _____ () C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Amazon Music\Amazon Music Helper.exe 2014-10-17 03:37 - 2014-10-17 03:37 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll 2011-01-07 21:20 - 2010-03-04 06:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2015-06-10 21:01 - 2015-06-10 11:45 - 01649272 _____ () C:\Program Files (x86)\Opera\30.0.1835.59\libglesv2.dll 2015-06-10 21:01 - 2015-06-10 11:45 - 00081016 _____ () C:\Program Files (x86)\Opera\30.0.1835.59\libegl.dll 2015-05-23 12:17 - 2015-05-23 12:17 - 16867504 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\aeriagames.com -> hxxps://aeriagames.com IE trusted site: HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\...\aeriagames.com -> hxxp://aeriagames.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2355925718-3238339638-3018866954-1007\Control Panel\Desktop\\Wallpaper -> C:\Users\Spieler.HeikeHarder-HP\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe MSCONFIG\startupreg: PDFHook => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{6F159590-F9EE-405C-92E2-5B09FB1D1E6A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe FirewallRules: [{15C67800-BBFC-414C-8B98-E62EFB38C80F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe FirewallRules: [{5F2976A3-5F02-4530-81BC-C10F417059C9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe FirewallRules: [{9BB9333A-7A3D-416E-A0E4-F317493C83B7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe FirewallRules: [{5EE8AE3D-2A41-4343-A174-EE9BFCEA2E71}] => (Allow) C:\Program Files (x86)\Opera\opera.exe FirewallRules: [{801DFBD7-522B-4A71-B7A9-7E9A8D88B387}] => (Allow) C:\Program Files (x86)\Opera\opera.exe FirewallRules: [{819340E0-4709-4B64-82F4-D89223B8A6C6}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe FirewallRules: [{0D722415-C356-4E7A-9941-278232AEC200}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe FirewallRules: [{2417B56B-554C-4657-8B50-852585B2E81D}] => (Allow) C:\Program Files (x86)\Dragon Age 2 Demo\bin_ship\DragonAge2Demo.exe FirewallRules: [{6D2EFA79-1591-4229-ADED-3A9BF9ED94D3}] => (Allow) C:\Program Files (x86)\Dragon Age 2 Demo\bin_ship\DragonAge2Demo.exe FirewallRules: [{DA761083-4AE2-4205-8FA1-3D4FC39174E9}] => (Allow) C:\Program Files (x86)\Dragon Age 2 Demo\DragonAge2Launcher.exe FirewallRules: [{6CAA586A-27DE-43D7-8818-75299052AFF2}] => (Allow) C:\Program Files (x86)\Dragon Age 2 Demo\DragonAge2Launcher.exe FirewallRules: [{E1E09099-0C3D-4267-8C27-9AFDC4248662}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe FirewallRules: [{4C2186E3-9B2C-4DFC-9BC5-FAAA86C17D21}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe FirewallRules: [{1B31A976-1337-49BE-8C38-F5FE83BB2441}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe FirewallRules: [{AD0C4460-7E65-48B5-8A3D-096B2DEC0741}] => (Allow) C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe FirewallRules: [{527ED179-B165-41C6-9F32-FB2A75BEEDDD}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe FirewallRules: [{86CA4E5F-CF1F-4998-B0BD-5838CD69FDA4}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe FirewallRules: [{60A927CB-5486-4AA3-9BF0-6DF4EB2AB853}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\DragonAgeToolset.exe FirewallRules: [{57340D1C-15C1-404D-A584-53AD4B9F19E1}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\DragonAgeToolset.exe FirewallRules: [{6B768E72-FEC5-456A-B142-322071645CBF}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\RPU.exe FirewallRules: [{B73B0F07-E28B-4187-8A52-D984FFF7E134}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\RPU.exe FirewallRules: [{6035805E-318D-4499-A13A-95BEFDF23CA1}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\lightmapper\eclipseRay.exe FirewallRules: [{ADABE4D9-B04B-4D9D-AB65-F804AB21F7DD}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\lightmapper\eclipseRay.exe FirewallRules: [{33BC236E-319D-4F0E-9A41-AF97BD24809C}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\GffEditor.exe FirewallRules: [{CBF1DDE2-F642-4B95-BFFD-1E71B39BAE4F}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\GffEditor.exe FirewallRules: [{63B9C041-4F50-4FAD-B40F-27E4D04D6307}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\ErfEditor.exe FirewallRules: [{E470A057-8BC1-40E5-A350-5DECCC4BFD86}] => (Allow) C:\Program Files (x86)\Dragon Age\tools\ErfEditor.exe FirewallRules: [{2516B809-1052-430A-9339-F87AFE54D08B}] => (Allow) C:\Program Files (x86)\Electronic Arts\Dragon Age™ II\DragonAge2Launcher.exe FirewallRules: [{6E176826-C3CC-47C0-A9CF-4704BCC2BB48}] => (Allow) C:\Program Files (x86)\Electronic Arts\Dragon Age™ II\DragonAge2Launcher.exe FirewallRules: [{F6176C02-071E-4D22-AC74-BCB85B133D11}] => (Allow) C:\Program Files (x86)\Electronic Arts\Dragon Age™ II\bin_ship\DragonAge2.exe FirewallRules: [{4C3FDC35-B0E4-47CB-BFD5-DBD2BCC9CFCA}] => (Allow) C:\Program Files (x86)\Electronic Arts\Dragon Age™ II\bin_ship\DragonAge2.exe FirewallRules: [TCP Query User{4A5854F6-3ED6-4662-94C1-97E82CFC80AE}C:\program files (x86)\dragon age\bin_ship\eacoreserver.exe] => (Allow) C:\program files (x86)\dragon age\bin_ship\eacoreserver.exe FirewallRules: [UDP Query User{98430E31-A9F5-4B51-91B0-58E0A6749F37}C:\program files (x86)\dragon age\bin_ship\eacoreserver.exe] => (Allow) C:\program files (x86)\dragon age\bin_ship\eacoreserver.exe FirewallRules: [TCP Query User{A5395EBD-934F-4171-9AA1-4723F825F4AE}C:\program files (x86)\klebezettel ng\klebez.exe] => (Allow) C:\program files (x86)\klebezettel ng\klebez.exe FirewallRules: [UDP Query User{FC5C4DA2-977A-41A8-9D62-A2B5869D71D9}C:\program files (x86)\klebezettel ng\klebez.exe] => (Allow) C:\program files (x86)\klebezettel ng\klebez.exe FirewallRules: [{9A8F3F19-5FC4-47B3-8E5D-5EA7812C6017}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{00558BB0-4B05-4A54-B748-CE04997E9F86}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{ED4541F1-ABBC-4A96-95FC-289CED792913}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{5E40CCC2-0209-49F7-ABE4-A4A3808140AE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{798D9C81-1195-4969-A713-DD70955D72F4}] => (Allow) C:\Program Files (x86)\dvdvideosofttoolbar\dtUser.exe FirewallRules: [{05AD985E-D1BB-41CE-9963-5C0791F229E7}] => (Allow) C:\Program Files (x86)\dvdvideosofttoolbar\dtUser.exe FirewallRules: [{A879AB2C-C5C2-4D59-9FF7-5967648EA1E4}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Temp\incredibar_install.exe FirewallRules: [{A5DF45FA-D09F-4E16-9F2C-73D415C0D1FA}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Temp\incredibar_install.exe FirewallRules: [{72D07DA2-B07F-48C9-90EC-7A6456035F7C}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [TCP Query User{AC5A31E6-8323-4D80-A083-983AE9CDB577}C:\program files\computerbild-cloud\cgcclient.exe] => (Allow) C:\program files\computerbild-cloud\cgcclient.exe FirewallRules: [UDP Query User{A87DCF95-4398-4F00-9A18-D76C84D411DA}C:\program files\computerbild-cloud\cgcclient.exe] => (Allow) C:\program files\computerbild-cloud\cgcclient.exe FirewallRules: [{06006B24-8237-47FA-A188-F99C685AA0AF}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe FirewallRules: [{00FE4F15-CA1F-48E9-931E-79E65DB176D0}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe FirewallRules: [TCP Query User{9D3694EF-F427-4978-8858-6C5B6A3D1B83}C:\udk\pinball escape\binaries\win32\udk.exe] => (Allow) C:\udk\pinball escape\binaries\win32\udk.exe FirewallRules: [UDP Query User{68F11D0C-61B3-46EA-AD1D-82B67A2391C9}C:\udk\pinball escape\binaries\win32\udk.exe] => (Allow) C:\udk\pinball escape\binaries\win32\udk.exe FirewallRules: [{2005AB84-160A-4B7E-83DD-885B69882EE0}] => (Allow) C:\Windows\SysWOW64\msiexec.exe FirewallRules: [{73AAF6D2-6053-4400-89EF-F5F6D75EF666}] => (Allow) C:\Windows\SysWOW64\msiexec.exe FirewallRules: [{04AE6B38-E291-4322-8402-E39BB7FC5F9E}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe FirewallRules: [{7EA09265-89F4-45F1-92D8-919D84732F54}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe FirewallRules: [TCP Query User{52CD8642-1A2E-419E-821B-E4FC88BA4F77}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe FirewallRules: [UDP Query User{54430A44-DF12-4CE4-9FFA-930A8E3E626F}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe FirewallRules: [{3569EDD6-A1FB-4041-87F7-13792876F91F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe FirewallRules: [{85AF71EA-EFFB-473C-A395-9D87426EFC4B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe FirewallRules: [{A808E69C-DA8F-4374-86E7-7FBCCD60ACC0}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe FirewallRules: [{E8686FB3-78C2-42DA-9E89-3F94004B54A1}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe FirewallRules: [{17D5A69F-F132-4062-BC8B-BB7D994BB297}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFile.exe FirewallRules: [{1D7119B5-CC02-4584-8B5B-6D64E9837DC6}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFile.exe FirewallRules: [{F344C086-4EC5-4D0D-9FC6-3E5734BC8160}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{B4770A83-1936-4D43-BAFF-FF1F1A3E913C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{F95DA01A-2A07-4A75-B54B-ACB4C96FB9D7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{60571C3F-3945-44E5-9D58-BD8CCF89A086}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{25270CAA-6DA7-44CA-8F26-E05F233E0380}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{066518B3-8AB9-4A2D-A7A6-8627454CB7B5}] => (Allow) LPort=2869 FirewallRules: [{36FD6F47-1A42-48C6-B3AB-8FF6E4FE7F8C}] => (Allow) LPort=1900 FirewallRules: [{473E7DD4-8DDC-446E-ACE1-14C3E428CE05}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [TCP Query User{FCE8FB8E-EB31-40A3-B87B-5011C03156EE}C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{DFD22FBD-D151-4B60-813F-20BF14C58419}C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{4801D630-0C4B-400B-82BB-FAF0BC8D2060}C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{8ABDF673-063C-4BB4-9D46-010988E3B6F2}C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\spieler.heikeharder-hp\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{02615D70-3568-442E-BF65-A2E920150BB8}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{B6C2DD51-1F6A-453D-B67F-6775C2BAC6B3}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [{C6F53048-A8A0-4C36-B97F-DEC635656600}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Temp\DSOClient\dlcache\app.n3app FirewallRules: [{99EFFFB2-EE08-4E70-8336-97503517EBDB}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\AppData\Local\Temp\DSOClient\dlcache\app.n3app FirewallRules: [{96F2E4DA-42AC-44E5-B29F-C85147507A75}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [TCP Query User{C8A97289-2B12-4581-AFBF-720A9483B8F2}C:\program files (x86)\klebezettel ng\klebez.exe] => (Allow) C:\program files (x86)\klebezettel ng\klebez.exe FirewallRules: [UDP Query User{0CEFB062-4B08-45CE-92F5-C869F16B5862}C:\program files (x86)\klebezettel ng\klebez.exe] => (Allow) C:\program files (x86)\klebezettel ng\klebez.exe FirewallRules: [TCP Query User{28BDC226-A1AB-49CA-954F-88DC7ABAFE31}C:\program files (x86)\opera\opera.exe] => (Allow) C:\program files (x86)\opera\opera.exe FirewallRules: [UDP Query User{628C23BB-80C6-4A9B-B350-BE25BCE4CF97}C:\program files (x86)\opera\opera.exe] => (Allow) C:\program files (x86)\opera\opera.exe FirewallRules: [TCP Query User{47EBC918-0B7E-470A-B943-60C7E80BE457}C:\users\spieler.heikeharder-hp\appdata\local\temp\gw2.exe] => (Allow) C:\users\spieler.heikeharder-hp\appdata\local\temp\gw2.exe FirewallRules: [UDP Query User{6EA8BE3E-5C58-47FD-911F-EE6140C85677}C:\users\spieler.heikeharder-hp\appdata\local\temp\gw2.exe] => (Allow) C:\users\spieler.heikeharder-hp\appdata\local\temp\gw2.exe FirewallRules: [TCP Query User{7F92D705-43AD-43F4-91FA-34FF4ADB8745}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe FirewallRules: [UDP Query User{9D2F2A39-3823-4C30-8A7F-DEAF70E1EE09}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe FirewallRules: [TCP Query User{00B0C59A-BD3C-4C80-AE13-8F392C985195}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{1817EB15-3D9B-49DC-9F7C-1997FB3B1A8A}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [{4DB13907-CDF2-41AD-A816-A0BFBE34D886}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{88C692CA-B695-490F-AE2F-D90445EFCEF3}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{3436E184-A084-4462-A05B-DAD4434654D6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{9DC12100-48C6-42A9-8D02-788648976707}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{41B942A5-51CC-4358-B0B1-136AF036DAC6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{55D9CA2D-F919-46D2-B44E-3DCC76BCFA90}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [TCP Query User{D3107EBB-9BFF-4A22-978D-B005BEC5F034}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe] => (Allow) C:\program files (x86)\thq\titan quest immortal throne\tqit.exe FirewallRules: [UDP Query User{204E4B92-FBE4-42A5-9FE6-0EDE38C450F2}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe] => (Allow) C:\program files (x86)\thq\titan quest immortal throne\tqit.exe FirewallRules: [TCP Query User{6895E600-F1D4-4AD0-9D2B-FF0CCD85943E}C:\windows\syswow64\regsvr32.exe] => (Allow) C:\windows\syswow64\regsvr32.exe FirewallRules: [UDP Query User{149CBE0E-3727-4D5F-A243-E6235A04A67F}C:\windows\syswow64\regsvr32.exe] => (Allow) C:\windows\syswow64\regsvr32.exe FirewallRules: [TCP Query User{B534578A-198E-41DA-AA20-A11D8F94470C}C:\users\spieler.heikeharder-hp\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\spieler.heikeharder-hp\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{F2FF6743-8A62-4455-84EC-C632C3D836BA}C:\users\spieler.heikeharder-hp\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\spieler.heikeharder-hp\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{A8E5E449-3344-4F4C-B038-CA92025C037C}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\Desktop\server\minecraft_server.1.8.1.exe FirewallRules: [{74F86F68-4E08-47B2-9FC6-AB70063DF20E}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\Desktop\server\minecraft_server.1.8.1.exe FirewallRules: [{A3963321-530F-4856-97EA-E7DB21C309B7}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\Desktop\server\minecraft_server.1.8.1.exe FirewallRules: [{C9EA4C5F-377E-4A6E-95B5-A4717710E886}] => (Allow) C:\Users\Spieler.HeikeHarder-HP\Desktop\server\minecraft_server.1.8.1.exe FirewallRules: [{BE9562F2-20A3-4402-B24F-6BD193313BC9}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe FirewallRules: [{192E9E1C-6281-430B-83ED-C2DD54C99FE9}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe FirewallRules: [{8C7766C3-05EE-4070-B396-43A435C2816F}] => (Allow) C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe FirewallRules: [{B7B68659-6728-4AF9-8110-56868CDB24B5}] => (Allow) C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe FirewallRules: [{355D6EEF-77C8-4AD1-80BE-8DA96DE9F6A9}] => (Allow) C:\Program Files (x86)\SimpleFiles\downloader.exe FirewallRules: [{B9FD3AE0-8795-4519-BD55-167EE409B04E}] => (Allow) C:\Program Files (x86)\SimpleFiles\downloader.exe ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Realtek PCIe GBE Family Controller Description: Realtek PCIe GBE Family Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: RTL8168 Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39) Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. ==================== Event log errors: ========================= Application errors: ================== Error: (06/16/2015 01:56:20 PM) (Source: Adobe Version Cue CS2) (EventID: 3) (User: ) Description: VersionCueCS2Tray.exe: openVCService - OpenService() failed <1060> Error: (06/16/2015 01:54:35 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_DiagTrack, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x556366f2 Ausnahmecode: 0xc000000d Fehleroffset: 0x000000000006ec12 ID des fehlerhaften Prozesses: 0x690 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_DiagTrack0 Pfad der fehlerhaften Anwendung: svchost.exe_DiagTrack1 Pfad des fehlerhaften Moduls: svchost.exe_DiagTrack2 Berichtskennung: svchost.exe_DiagTrack3 Error: (06/16/2015 00:27:32 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (06/15/2015 01:47:41 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (06/15/2015 00:48:36 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (06/15/2015 10:00:30 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (06/15/2015 10:00:27 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (06/15/2015 10:00:27 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (06/15/2015 10:00:07 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (06/15/2015 09:26:46 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Nur zur Information. Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE} System errors: ============= Error: (06/16/2015 02:07:39 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (06/16/2015 02:05:01 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (06/16/2015 01:58:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (06/16/2015 01:58:21 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (06/16/2015 01:56:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: amdkmafd Error: (06/16/2015 01:54:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Diagnostics Tracking Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (06/16/2015 01:54:24 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (06/16/2015 00:16:01 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (06/15/2015 00:46:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (06/15/2015 00:46:01 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\SPIELE~1.HEI\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Microsoft Office: ========================= Error: (06/16/2015 01:56:20 PM) (Source: Adobe Version Cue CS2) (EventID: 3) (User: ) Description: VersionCueCS2Tray.exeopenVCService - OpenService() failed <1060> Error: (06/16/2015 01:54:35 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe_DiagTrack6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18869556366f2c000000d000000000006ec1269001d0a5f1613e064bC:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll74b58cf8-141e-11e5-870a-dff5805c430e Error: (06/16/2015 00:27:32 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\users\spieler.heikeharder-hp\downloads\esetsmartinstaller_deu.exe Error: (06/15/2015 01:47:41 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\users\spieler.heikeharder-hp\downloads\esetsmartinstaller_deu.exe Error: (06/15/2015 00:48:36 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (06/15/2015 10:00:30 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Spieler.HeikeHarder-HP\Downloads\esetsmartinstaller_deu.exe Error: (06/15/2015 10:00:27 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Spieler.HeikeHarder-HP\Downloads\esetsmartinstaller_deu.exe Error: (06/15/2015 10:00:27 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Spieler.HeikeHarder-HP\Downloads\esetsmartinstaller_deu.exe Error: (06/15/2015 10:00:07 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Spieler.HeikeHarder-HP\Downloads\esetsmartinstaller_deu.exe Error: (06/15/2015 09:26:46 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE} CodeIntegrity Errors: =================================== Date: 2015-06-12 18:34:06.712 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-06-12 18:34:06.619 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-05-02 13:07:32.885 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-05-02 13:07:32.634 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz Percentage of memory in use: 30% Total physical RAM: 8055.08 MB Available physical RAM: 5592.37 MB Total Pagefile: 16108.36 MB Available Pagefile: 13192.42 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:1383.24 GB) (Free:829.05 GB) NTFS Drive d: (HP_RECOVERY) (Fixed) (Total:13.92 GB) (Free:1.72 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1397.3 GB) (Disk ID: B3DBC71D) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1383.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=13.9 GB) - (Type=07 NTFS) ==================== End of log ============================ Bis Jetzt läuft alles Super^^ |
17.06.2015, 05:31 | #15 |
/// the machine /// TB-Ausbilder | Nervige Popups, Videos so wie ständiges selbst Installieren von Anyprotect und MystartseracCleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde: Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen. Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung: Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional: NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen. Lade Software von einem sauberen Portal wie . Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Nervige Popups, Videos so wie ständiges selbst Installieren von Anyprotect und Mystartserac |
akamai, antivir, avira, bonjour, browser, cherimoya.sys, cid, cyberghost, defender, desktop, downloader, error, flash player, google, home, iexplore.exe, installation, lightning, mozilla, mp3, realtek, registry, revo uninstaller, scan, security, software, system, werbung, windows |