Avira meldet TR/Dldr.Agent.2343.1 [trojan] und java/Lamar.sgf.27 [virus]

Ryker · 28.06.2015, 13:59

Hallo und Danke im Voraus für jegliche Hilfe.
Nachdem wir bei Amazon mit einem unserer Accounts 2 Bestellungen hatten, die nicht von uns vorgenommen wurden, habe ich Avira Internet Security zunächst den Laptop und dann die mobile Festplatte checken lassen. Ich muss zugeben, dass ich mich zuvor wohl in trügerischer Sicherheit wähnte und Avira nur laufen, nie aber einen vollen Scan aller Festplatten/Partitionen machen ließ. Nun weiß ich nicht sicher ob das Ergebnis mit der Amazon-Problematik zusammen hängt, da das Passwort des Account auch nicht das sicherste war. Ist mein Rechner (wieder) sicher? OS ist Windows 7 (im Titel vergessen, sorry).

Avira:

Code:

ATTFilter

Exportierte Ereignisse:

28.06.2015 13:32 [System-Scanner] Malware gefunden
      Die Datei 'F:\zu sortieren 
      Daniela\Daniela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\29352a0f-5704c
      486'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Dldr.Agent.2343.1' 
      [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '503d790b.qua' 
      verschoben!

28.06.2015 07:36 [System-Scanner] Malware gefunden
      Die Datei 
      'C:\Users\Ryker\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\4eaee062-479f0
      7ad'
      enthielt einen Virus oder unerwünschtes Programm 'Java/Lamar.sgf.27' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '53d72bb3.qua' 
      verschoben!

FRST64 Dateien und GMER Log im Anhang und als weitere Beiträge, da zu lang!

Ryker · 28.06.2015, 14:00

FRST.txt

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015
Ran by Ryker (administrator) on RYKERS-PC on 28-06-2015 13:50:56
Running from C:\Users\Ryker\Desktop
Loaded Profiles: Ryker (Available Profiles: Ryker & Dani)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\System Control Manager\MSIService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Entriq, Inc.) C:\Program Files (x86)\maxdome\DCBin\DCService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Box, Inc.) C:\Program Files\Box Sync\BoxSyncHelper.exe
(South Bay Software) C:\Program Files (x86)\NoAds\NoAds.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Box, Inc.) C:\Program Files\Box Sync\BoxSync.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\usrreq.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [877600 2010-02-25] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1825064 2010-02-25] (Synaptics Incorporated)
HKLM\...\Run: [BoxSyncHelper] => C:\Program Files\Box Sync\BoxSyncHelper.exe [393216 2013-02-21] (Box, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [MGSysCtrl] => C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe [2244608 2009-12-04] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [171104 2010-02-10] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [705840 2015-06-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-960941955-715801640-531254083-1000\...\Run: [NoAds] => C:\Program Files (x86)\NoAds\NoAds.exe [151552 2010-10-10] (South Bay Software)
HKU\S-1-5-21-960941955-715801640-531254083-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-960941955-715801640-531254083-1000\...\Run: [Dropbox Update] => C:\Users\Ryker\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-13] (Dropbox, Inc.)
HKU\S-1-5-21-960941955-715801640-531254083-1000\...\MountPoints2: {4569298d-8fcc-11e2-a967-4061861ec5a8} - F:\Startme.exe
HKU\S-1-5-21-960941955-715801640-531254083-1000\...\MountPoints2: {af05eaf2-f1a3-11df-8851-4061861ec5a8} - F:\SafeStick.exe
HKU\S-1-5-21-960941955-715801640-531254083-1000\...\MountPoints2: {da7c684d-f804-11df-a35a-001e101f3315} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-960941955-715801640-531254083-1000\...\MountPoints2: {dbaa237b-f0dc-11df-a223-4061861ec5a8} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-960941955-715801640-531254083-1000\...\MountPoints2: {dbaa240b-f0dc-11df-a223-4061861ec5a8} - I:\setup_vmc_lite.exe /checkApplicationPresence
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-01-08]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Box Sync.lnk [2013-03-11]
ShortcutTarget: Box Sync.lnk -> C:\Program Files\Box Sync\BoxSync.exe (Box, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2010-07-21]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Ryker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-12-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [000BoxDesktopFileLocked] -> {C253B817-3A00-475f-A5A3-6F2DD704B48D} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxDesktopNotSynced] -> {19ACC806-F7AA-46AA-A80A-726A07CA6637} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxDesktopNotSyncedCollabs] -> {337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxDesktopSynced] -> {B7AC9C6D-F15B-4B1A-A88D-F518D13861D9} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxDesktopSyncedCollab] -> {9E48C232-F601-4E41-BB3E-16CBAF317AA4} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-960941955-715801640-531254083-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-960941955-715801640-531254083-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=ssl
HKU\S-1-5-21-960941955-715801640-531254083-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-960941955-715801640-531254083-1000 -> DefaultScope {31EFCD58-B44F-4848-80A1-82BA001F42A4} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-960941955-715801640-531254083-1000 -> {0D20A1A4-6C62-45A3-AFD3-3BD2EEBEE242} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
SearchScopes: HKU\S-1-5-21-960941955-715801640-531254083-1000 -> {19B01535-33FC-445D-8AB3-FE5118293BAB} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-960941955-715801640-531254083-1000 -> {31EFCD58-B44F-4848-80A1-82BA001F42A4} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-960941955-715801640-531254083-1000 -> {5EB87694-D33F-41C2-BC77-2DC287C315D4} URL = hxxp://startpage.com/do/search?query={searchTerms}&nossl=1&cat=web&pl=ie&language=deutsch
SearchScopes: HKU\S-1-5-21-960941955-715801640-531254083-1000 -> {748FBE47-3386-490C-8F27-2B75C20FC04F} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-960941955-715801640-531254083-1000 -> {ADA2086D-F337-4AC2-87E8-4C9629BBBF02} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-960941955-715801640-531254083-1000 -> {BA2AA739-C53B-46A7-BA70-B292E27E37F6} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-960941955-715801640-531254083-1000 -> {C2D65A89-B608-4AC4-88EA-8DF96A93A0D3} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKU\S-1-5-21-960941955-715801640-531254083-1000 -> {F5132BAE-AD1C-4E14-87C6-CA6F783877BE} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: IE to GetRight Helper -> {31FF080D-12A3-439A-A2EF-4BA95A3148E8} -> C:\Program Files (x86)\GetRight\xx2gr.dll [2007-07-18] (Headlight Software, Inc.)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-01-09] (pdfforge GbR)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2013-01-09] (pdfforge GbR)
Toolbar: HKU\S-1-5-21-960941955-715801640-531254083-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
Toolbar: HKU\S-1-5-21-960941955-715801640-531254083-1000 -> No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2013-05-09] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2013-05-09] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2013-05-09] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2013-05-09] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2013-05-09] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2013-05-09] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2013-05-09] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2013-05-09] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2013-05-09] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2013-05-09] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2013-05-09] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2013-05-09] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2013-05-09] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2013-05-09] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2013-05-09] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2013-05-09] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2013-05-09] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 20 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2013-05-09] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{07FD061E-49C2-492B-868B-EA16BAA5F115}: [DhcpNameServer] 139.7.30.126 139.7.30.125
Tcpip\..\Interfaces\{25D1ADBB-950C-45A3-9243-86AE9CE82348}: [DhcpNameServer] 139.7.30.126 139.7.30.125
Tcpip\..\Interfaces\{5687D8EB-30A2-430B-9B2B-79A1810684B1}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Ryker\AppData\Roaming\Mozilla\Firefox\Profiles\3dgv4qz5.default
FF Homepage: https://www.startpage.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-25] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-25] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-04-14] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-960941955-715801640-531254083-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Ryker\AppData\LocalLow\Sony Online Entertainment\npsoe.dll No File
FF Plugin HKU\S-1-5-21-960941955-715801640-531254083-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ryker\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-09] (Unity Technologies ApS)
FF Extension: WEB.DE Coupon Alert - C:\Users\Ryker\AppData\Roaming\Mozilla\Firefox\Profiles\3dgv4qz5.default\Extensions\gutschein@web.de.xpi [2015-03-12]
FF Extension: Qipu Cashbackmelder open beta - C:\Users\Ryker\AppData\Roaming\Mozilla\Firefox\Profiles\3dgv4qz5.default\Extensions\toolbar@qipu.de.xpi [2014-01-07]
FF Extension: Clean Links - C:\Users\Ryker\AppData\Roaming\Mozilla\Firefox\Profiles\3dgv4qz5.default\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2014-01-07]
FF Extension: QuickImage - C:\Users\Ryker\AppData\Roaming\Mozilla\Firefox\Profiles\3dgv4qz5.default\Extensions\{B9FBA24F-5573-4889-80AC-80809FB9C425}.xpi [2014-05-02]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-09-11]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Optimization Client\addon
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-04-07]
FF HKU\S-1-5-21-960941955-715801640-531254083-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR Profile: C:\Users\Ryker\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ryker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-08]
CHR Extension: (Google Docs) - C:\Users\Ryker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-08]
CHR Extension: (Google Drive) - C:\Users\Ryker\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-08]
CHR Extension: (YouTube) - C:\Users\Ryker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-08]
CHR Extension: (Google Search) - C:\Users\Ryker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-08]
CHR Extension: (Google Sheets) - C:\Users\Ryker\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-08]
CHR Extension: (Bookmark Manager) - C:\Users\Ryker\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ryker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-08]
CHR Extension: (Google Wallet) - C:\Users\Ryker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-08]
CHR Extension: (Gmail) - C:\Users\Ryker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1044728 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [803632 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [448304 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [448304 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [994608 2015-06-09] (Avira Operations GmbH & Co. KG)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Micro Star SCM; C:\Program Files (x86)\System Control Manager\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-24] (Electronic Arts)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2011-12-11] ()
R2 Prosieben; C:\Program Files (x86)\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-11] (Vodafone) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [31744 2011-05-09] (Google Inc)
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-05-09] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-05-09] (Avira GmbH)
R1 avfwot; C:\Windows\SysWOW64\DRIVERS\avfwot.sys [131336 2011-06-29] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [133632 2009-11-04] (Huawei Technologies Co., Ltd.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
S3 GEARAspiWDM; C:\Windows\SysWOW64\Drivers\GEARAspiWDM.sys [15664 2010-05-10] (GEAR Software Inc.)
R3 HabuFltr; C:\Windows\System32\drivers\habu.sys [13824 2009-08-07] (Razer (Asia-Pacific) Pte Ltd)
R0 johci; C:\Windows\System32\DRIVERS\johci.sys [20392 2010-02-25] (JMicron )
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2012-08-07] (CACE Technologies)
S3 rsvcdwdr; C:\Windows\System32\DRIVERS\rsvcdwdr.sys [45160 2011-02-28] (RapidSolution Software AG)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2011-11-27] (Duplex Secure Ltd.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2009-08-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27648 2009-08-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2009-08-11] (LG Electronics Inc.)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-28 13:50 - 2015-06-28 13:52 - 00032910 _____ C:\Users\Ryker\Desktop\FRST.txt
2015-06-28 13:50 - 2015-06-28 13:51 - 00000000 ____D C:\FRST
2015-06-28 13:50 - 2015-06-28 13:50 - 02112512 _____ (Farbar) C:\Users\Ryker\Desktop\FRST64.exe
2015-06-28 13:42 - 2015-06-28 13:42 - 00000020 _____ C:\Users\Ryker\defogger_reenable
2015-06-28 13:38 - 2015-06-28 13:38 - 00001674 _____ C:\Users\Ryker\Documents\AntiVir Ereignisse.txt
2015-06-13 09:57 - 2015-06-13 09:57 - 00000000 ____D C:\Users\Ryker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-13 09:56 - 2015-06-28 13:02 - 00001224 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-960941955-715801640-531254083-1000UA.job
2015-06-13 09:56 - 2015-06-28 10:01 - 00001172 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-960941955-715801640-531254083-1000Core.job
2015-06-13 09:56 - 2015-06-13 09:56 - 00004198 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-960941955-715801640-531254083-1000UA
2015-06-13 09:56 - 2015-06-13 09:56 - 00003802 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-960941955-715801640-531254083-1000Core
2015-06-13 09:56 - 2015-06-13 09:56 - 00000000 ____D C:\Users\Ryker\AppData\Local\Dropbox
2015-06-13 09:56 - 2015-06-13 09:56 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-10 09:53 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 09:53 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 09:53 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 09:53 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 09:53 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 09:53 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 09:53 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 09:53 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 09:53 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 09:53 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 09:53 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 09:53 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 09:53 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 09:53 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 09:53 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 09:53 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 09:53 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 09:53 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 09:53 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 09:53 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 09:53 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 09:53 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 09:53 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 09:53 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 09:53 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 09:53 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 09:53 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 09:53 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 09:53 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 09:53 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 09:53 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 09:53 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 09:53 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 09:53 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 09:53 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 09:53 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 09:53 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 09:53 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 09:53 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 09:53 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 09:53 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 09:53 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 09:53 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 09:53 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 09:53 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 09:53 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 09:53 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 09:53 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 09:53 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 09:53 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 09:53 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 09:53 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 09:53 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 09:53 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 09:53 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 09:53 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 09:53 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 09:53 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 09:53 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 09:53 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 09:50 - 2015-05-09 05:27 - 03147776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-10 09:50 - 2015-05-09 05:27 - 02589184 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-10 09:50 - 2015-05-09 05:27 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-10 09:50 - 2015-05-09 05:27 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-10 09:50 - 2015-05-09 05:27 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-10 09:50 - 2015-05-09 05:27 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-10 09:50 - 2015-05-09 05:27 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-10 09:50 - 2015-05-09 05:26 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-10 09:50 - 2015-05-09 05:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-10 09:50 - 2015-05-09 05:26 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-10 09:50 - 2015-05-09 05:26 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-10 09:50 - 2015-05-09 05:14 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-10 09:50 - 2015-05-09 05:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-10 09:50 - 2015-05-09 05:14 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-10 09:50 - 2015-05-09 05:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-10 09:50 - 2015-05-09 05:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-10 09:50 - 2015-03-14 05:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-06-10 09:50 - 2015-03-14 05:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-06-10 09:50 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-06-10 09:50 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-06-10 09:43 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 09:38 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 09:38 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 09:38 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 09:38 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 09:38 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 09:38 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 09:38 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 09:38 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 09:38 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 09:38 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 09:38 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 09:38 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 09:38 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 09:38 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 09:38 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 09:38 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 09:38 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 09:38 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 09:38 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 09:38 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 09:38 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 09:38 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 09:38 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 09:38 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 09:38 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 09:38 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 09:38 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 09:38 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 09:38 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 09:38 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 09:38 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 09:38 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 09:38 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 09:38 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 09:38 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 09:38 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 09:38 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 09:38 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 09:38 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 09:38 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 09:38 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 09:38 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 09:38 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 09:38 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 09:38 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 09:38 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 09:38 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 09:38 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 09:38 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 09:38 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 09:38 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 09:38 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 09:38 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 09:38 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 09:38 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 09:38 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 09:38 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 09:38 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 09:38 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 09:38 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 09:38 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 09:38 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 09:38 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 09:38 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 09:38 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 09:38 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 09:38 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 09:38 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 09:37 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 09:37 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 09:36 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-10 09:18 - 2015-06-10 09:18 - 00000000 ____D C:\Users\Ryker\AppData\Roaming\Shooter
2015-06-09 09:42 - 2015-06-09 09:42 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-07 09:12 - 2015-06-07 10:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-04 10:18 - 2015-06-04 10:18 - 00000000 ____D C:\Users\Ryker\AppData\Local\GWX

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-28 13:48 - 2010-07-20 18:27 - 01784297 _____ C:\Windows\WindowsUpdate.log
2015-06-28 13:46 - 2013-12-07 11:20 - 00000000 ___RD C:\Users\Ryker\Dropbox
2015-06-28 13:46 - 2013-12-07 11:16 - 00000000 ____D C:\Users\Ryker\AppData\Roaming\Dropbox
2015-06-28 13:45 - 2014-01-07 19:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-28 13:44 - 2011-03-19 13:49 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-28 13:43 - 2015-01-11 15:43 - 00024611 _____ C:\Windows\setupact.log
2015-06-28 13:43 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-28 13:42 - 2013-04-14 11:22 - 00000000 ____D C:\Users\Ryker\Desktop\Zwischenspeicher
2015-06-28 13:42 - 2010-07-20 18:39 - 00000000 ____D C:\Users\Ryker
2015-06-28 13:39 - 2011-03-19 13:49 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-28 13:29 - 2010-11-16 22:32 - 00000000 ____D C:\Users\Ryker\Documents\Outlook-Dateien
2015-06-28 13:10 - 2011-01-21 09:28 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{BB3A12EE-EFDC-4723-8FC6-AC964CF19383}
2015-06-28 11:17 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-28 11:17 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-27 06:30 - 2010-07-26 18:11 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-26 10:19 - 2015-01-03 07:05 - 00021323 _____ C:\Users\Ryker\Desktop\Budget.xlsx
2015-06-25 11:44 - 2014-01-07 19:04 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-25 11:44 - 2012-04-10 08:30 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-25 11:44 - 2011-05-18 18:52 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-24 11:05 - 2012-12-04 20:03 - 00000000 ____D C:\Users\Ryker\AppData\Roaming\Origin
2015-06-24 11:05 - 2012-12-04 20:03 - 00000000 ____D C:\Users\Ryker\AppData\Local\Origin
2015-06-24 11:05 - 2010-12-28 11:51 - 00000000 ____D C:\ProgramData\Origin
2015-06-24 11:01 - 2012-12-04 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-06-24 11:01 - 2012-12-04 20:03 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-23 10:17 - 2014-12-24 10:54 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-23 07:44 - 2015-03-08 10:30 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-19 07:10 - 2009-07-14 19:58 - 00703192 _____ C:\Windows\system32\perfh007.dat
2015-06-19 07:10 - 2009-07-14 19:58 - 00150800 _____ C:\Windows\system32\perfc007.dat
2015-06-19 07:10 - 2009-07-14 07:13 - 01629348 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-18 19:36 - 2015-02-22 07:05 - 00000000 ____D C:\Users\Ryker\Desktop\Couponing
2015-06-16 12:14 - 2014-08-20 16:33 - 00000000 ____D C:\Users\Ryker\AppData\Local\Adobe
2015-06-15 06:59 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-14 11:16 - 2015-02-18 06:53 - 00018796 _____ C:\Windows\PFRO.log
2015-06-10 11:59 - 2014-11-16 16:28 - 00000000 __SHD C:\Users\Ryker\AppData\Local\EmieBrowserModeList
2015-06-10 11:59 - 2014-04-11 10:52 - 00000000 __SHD C:\Users\Ryker\AppData\Local\EmieUserList
2015-06-10 11:59 - 2014-04-11 10:52 - 00000000 __SHD C:\Users\Ryker\AppData\Local\EmieSiteList
2015-06-10 11:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-10 10:28 - 2009-07-14 06:45 - 00412872 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-10 10:24 - 2015-04-15 11:16 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-10 10:24 - 2014-05-09 21:09 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-10 10:24 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 10:14 - 2010-11-16 21:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 10:11 - 2010-11-16 22:21 - 01603628 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-10 10:07 - 2013-08-14 18:21 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 09:58 - 2010-07-20 19:37 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 09:57 - 2009-07-14 04:34 - 00000513 _____ C:\Windows\win.ini
2015-06-10 09:12 - 2011-04-12 20:08 - 00000000 ____D C:\Users\Ryker\Documents\My Games
2015-06-09 09:28 - 2013-05-09 12:48 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-09 09:28 - 2013-05-09 12:48 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-08 19:30 - 2012-01-14 11:37 - 00000000 ____D C:\Users\Ryker\AppData\Roaming\HpUpdate
2015-06-08 09:00 - 2014-01-07 18:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-03 20:00 - 2013-03-18 15:14 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AB33931C-FAAF-4FFB-8F35-79C2C828A480}

==================== Files in the root of some directories =======

2013-12-12 06:43 - 2013-12-12 06:43 - 49940480 _____ () C:\Program Files (x86)\GUT251D.tmp
2013-02-12 19:36 - 2013-02-12 19:33 - 2529792 _____ () C:\Program Files (x86)\Joe.msi
2013-10-18 12:39 - 2013-10-18 12:39 - 0000037 ___SH () C:\Users\Ryker\AppData\Local\70149b02515b3bb20dd492.47983420
2012-09-12 21:57 - 2012-09-12 21:57 - 0007597 _____ () C:\Users\Ryker\AppData\Local\Resmon.ResmonCfg
2009-06-16 14:25 - 2009-06-16 14:25 - 0121512 ____R () C:\ProgramData\DeviceManager.xml.rc4
2011-08-08 18:26 - 2011-06-09 18:26 - 0000032 ____R () C:\ProgramData\hash.dat
2010-07-21 19:37 - 2013-05-12 12:00 - 0005034 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some files in TEMP:
====================
C:\Users\Dani\AppData\Local\Temp\avgnt.exe
C:\Users\Dani\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Dani\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Dani\AppData\Local\Temp\rshvtiv_.dll
C:\Users\Ryker\AppData\Local\Temp\27fff54a706caf16275619fa9b79269c.dll
C:\Users\Ryker\AppData\Local\Temp\amd-catalyst-omega-14.12-without-dotnet45-win7-64bit.exe
C:\Users\Ryker\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\Ryker\AppData\Local\Temp\avgnt.exe
C:\Users\Ryker\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfadayx.dll
C:\Users\Ryker\AppData\Local\Temp\Quarantine.exe
C:\Users\Ryker\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ryker\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-23 08:02

==================== End of log ============================

Ryker · 28.06.2015, 14:02

Addition.txt

Code:

ATTFilter

Additional
FRST Logfile:

	Code: 

 ATTFilter

  
	scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015
Ran by Ryker at 2015-06-28 13:53:00
Running from C:\Users\Ryker\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-960941955-715801640-531254083-500 - Administrator - Disabled)
Dani (S-1-5-21-960941955-715801640-531254083-1001 - Administrator - Enabled) => C:\Users\Dani
Gast (S-1-5-21-960941955-715801640-531254083-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-960941955-715801640-531254083-1007 - Limited - Enabled)
Ryker (S-1-5-21-960941955-715801640-531254083-1000 - Administrator - Enabled) => C:\Users\Ryker

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Alien Swarm (HKLM-x32\...\Steam App 630) (Version:  - Valve)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Applian FLV and Media Player 3.1.1.12 (HKLM-x32\...\Applian FLV and Media Player) (Version: 3.1.1.12 - Applian Technologies)
Audials TV (HKLM-x32\...\{24EE4523-711A-4BD1-95EA-F73A8A6950D3}) (Version: 1.3.10803.300 - RapidSolution Software AG)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1998798030.48.56.6032618 - Audible, Inc.)
Avira Internet Security (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.11.378 - Avira Operations GmbH & Co. KG)
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version:  - )
Battlefield 2: Special Forces (HKLM-x32\...\{50D4CB89-AF34-4978-96DC-C3034062E901}) (Version:  - )
Box Sync (64 bit) (HKLM\...\{B6E694C7-23C3-4A84-B2F6-BDBFAF5C85A4}) (Version: 3.4.20.0 - Box, Inc)
BrainBread v1.2 (HKLM-x32\...\BrainBread_is1) (Version: 1.2 - )
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Command & Conquer Die ersten 10 Jahre (HKLM-x32\...\{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}) (Version: 1.00.0000 - Electronic Arts)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - )
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2602 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2609 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
Day of Defeat (HKLM-x32\...\Steam App 30) (Version:  - Valve)
Desktop Icon für Amazon (HKLM\...\DesktopIconAmazon) (Version: 1.0.1 (de) - )
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Dino D-Day (HKLM-x32\...\Steam App 70000) (Version:  - 800 North and Digital Ranch)
Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version:  - Splash Damage®)
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-960941955-715801640-531254083-1000\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
Dystopia (HKLM-x32\...\Steam App 17580) (Version:  - Team Dystopia)
EAX4 Unified Redist (HKLM-x32\...\{89661B04-C646-4412-B6D3-5E19F02F1F37}) (Version: 4.001 - Creative Labs)
Eternal Silence (HKLM-x32\...\Steam App 17550) (Version:  - ES Team)
F300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
F300_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
F300Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Free Realms Installer (HKU\S-1-5-21-960941955-715801640-531254083-1000\...\Free Realms Installer) (Version: 1.0.3.118 - Sony Online Entertainment)
GameXN GO (HKU\S-1-5-21-960941955-715801640-531254083-1000\...\Game Organizer) (Version:  - EasyBits Media)
GetRight (HKLM-x32\...\GetRight_is1) (Version:  - Headlight Software, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
GPGNet (HKLM-x32\...\{C194D333-B84A-4BB7-B35E-060732D98DC4}) (Version: 1.0.0 - Gas Powered Games)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
Half-Life: Opposing Force (HKLM-x32\...\Steam App 50) (Version:  - Gearbox)
HomePlug-Konfigurationsassistent (HKLM-x32\...\dlanconftiny) (Version: 4.0.0.0 - HomePlug)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
ICQ 7.6 Build #5620 Banner Remover 1.0 (HKLM-x32\...\{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1) (Version:  - murb.com)
ICQ7.6 (HKLM-x32\...\{7644E42D-B096-457F-8B5B-901238FC81AE}) (Version: 7.6 - ICQ)
inSSIDer 3 (HKLM-x32\...\{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}) (Version: 3.0.7.48 - MetaGeek, LLC)
Insurgency (HKLM-x32\...\Steam App 17700) (Version:  - Team Insurgency)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Iron Grip: Marauders (HKLM-x32\...\Steam App 31740) (Version:  - )
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.06.00 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.31.3 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG MC USB Modem driver (HKLM-x32\...\{6059C682-4C5F-4106-8487-943E98225D3B}) (Version: 1.0.0.0000 - LG Electronics)
LG PC Suite II (HKLM-x32\...\{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}) (Version: 2.00.0000 - LG PC Suite)
LG PC Suite II (x32 Version: 2.00.0000 - LG PC Suite) Hidden
LG USB Modem Driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: 4.9.5.1 - LG Electronics)
Marvel Heroes 2015 (HKLM-x32\...\Steam App 226320) (Version:  - Gazillion Entertainment)
maxdome Download Manager 4.1.300.78 (HKLM-x32\...\{E948B551-08DB-4163-8995-8C43B03D1B19}) (Version: 4.1.30078 - Prosieben)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - THQ)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.1.3 (HKLM-x32\...\{DE46417A-9E9E-4BCD-BBDD-DA21943193BB}_is1) (Version: 1.1.3 - )
Minimal ADB and Fastboot version 1.2 (HKLM-x32\...\{06C90FCC-4C95-4142-A0AF-D3A4C12882DE}_is1) (Version: 1.2 - Sam Rodberg)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.3 (HKLM-x32\...\{C3E9887A-23BA-4777-8080-191A5AFCAB74}) (Version: 1.2.3 - Thorvald Natvig)
MyFreeCodec (HKU\S-1-5-21-960941955-715801640-531254083-1000\...\MyFreeCodec) (Version:  - )
NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NoAds (HKLM-x32\...\NoAds) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OnlineFotoservice (HKLM-x32\...\OnlineFotoservice) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
Origin (HKLM-x32\...\Origin) (Version: 9.1.3.2637 - Electronic Arts, Inc.)
Overwatch Mod 1.3.5 (HKLM-x32\...\Overwatch Mod) (Version: 1.3.5 - redMatter)
PDF Architect (HKLM-x32\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
pdfsam (HKLM-x32\...\pdfsam) (Version: 2.2.1 - )
Philips Songbird (HKLM-x32\...\Philips Songbird) (Version: 3.2.1667 (1667) - Koninklijke Philips Electronics N.V.)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6043 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0145 - REALTEK Semiconductor Corp.)
Ricochet (HKLM-x32\...\Steam App 60) (Version:  - Valve)
Rossmann Fotowelt Software 4.13 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.13 - ORWO Net)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shutdown Timer (HKLM\...\{DC6B4110-394D-45B9-A677-BA495D84CA63}) (Version: 3.1 - Sinvise Systems)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.11.201309191111 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.259 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.259 - Sony)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.10 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.09 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.08.82 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.34.161 - Akademische Arbeitsgemeinschaft)
Supreme Commander - Forged Alliance (HKU\S-1-5-21-960941955-715801640-531254083-1000\...\{31D95937-B237-405D-920C-A3EF4E482395}) (Version: 1.00.0000 - Gas Powered Games)
Supreme Commander (HKU\S-1-5-21-960941955-715801640-531254083-1000\...\{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}) (Version: 1.00.0000 - Gas Powered Games)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.3.0 - Synaptics Incorporated)
System Control Manager (HKLM-x32\...\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}) (Version: 2.209.1204.OE006.01 - Micro-Star International Co., Ltd.)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TomTom HOME (HKLM-x32\...\{0E09BE17-EDEA-42CA-8974-42A587F51510}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrackMania Nations Forever (HKLM-x32\...\Steam App 11020) (Version:  - Nadeo)
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.0a - TrueCrypt Foundation)
Unity Web Player (HKU\S-1-5-21-960941955-715801640-531254083-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Vodafone Mobile Connect Lite (HKLM-x32\...\{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}) (Version: 9.4.3.17550 - Vodafone)
WEB.DE Softwareaktualisierung (HKLM-x32\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.0 - 1&1 Mail & Media GmbH)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.800 - Broadcom Corporation)
Winamp (HKLM-x32\...\Winamp) (Version: 5.622  - Nullsoft, Inc)
Windows Driver Package - Acer, Inc (androidusb) USB  (03/06/2012 1.0.0010.00000) (HKLM\...\C19278C6DB5D44F2EAC8AFBCCA7FD6CFDBF4884C) (Version: 03/06/2012 1.0.0010.00000 - Acer, Inc)
Windows Driver Package - Broadcom Bluetooth  (05/27/2009 6.1.7100.0) (HKLM\...\B24074592222CFC1B8ABF520F9089E49FB1763D7) (Version: 05/27/2009 6.1.7100.0 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407) (HKLM\...\3932CA781A7894D20116FDF60F878301800EA8AB) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Linux Developer Community Net  (03/06/2012 5.1.2600.2781) (HKLM\...\EBFE4DBC36C8B8E2F5F080132B0C197C1915C0DB) (Version: 03/06/2012 5.1.2600.2781 - Linux Developer Community)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
X10 Hardware(TM) (HKLM-x32\...\X10Hardware) (Version:  - )
Zombie Panic Source (HKLM-x32\...\Steam App 17500) (Version:  - Zombie Panic! Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-960941955-715801640-531254083-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960941955-715801640-531254083-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960941955-715801640-531254083-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960941955-715801640-531254083-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960941955-715801640-531254083-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960941955-715801640-531254083-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960941955-715801640-531254083-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960941955-715801640-531254083-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960941955-715801640-531254083-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960941955-715801640-531254083-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

17-06-2015 09:58:53 Geplanter Prüfpunkt
26-06-2015 12:58:22 Geplanter Prüfpunkt

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2011-05-19 19:53 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11A3533C-544F-4765-A600-9022F3BBF77C} - System32\Tasks\{5EAAAC72-8C38-4B47-93E5-60BDF175234F} => C:\Program Files (x86)\Tools&More\Joe\Joe.exe
Task: {158A77CD-8F10-41AE-B3BC-561A35EF45AE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {2569591B-2E6B-4FC2-BC03-144588AC4709} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-960941955-715801640-531254083-1000Core => C:\Users\Ryker\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-13] (Dropbox, Inc.)
Task: {3E84D167-85E0-406D-89F1-49FD3E80F197} - System32\Tasks\{09D4BC09-C241-44FE-ADE2-818E990CD9F5} => pcalua.exe -a "C:\Users\Ryker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AHJZPAM4\ICQ_7.4_Build__4629_Banner_Remover_1.0_Setup[1].exe" -d C:\Users\Ryker\Desktop
Task: {5D5E9070-4446-4C5A-9987-375A6D0409F8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-960941955-715801640-531254083-1000UA => C:\Users\Ryker\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-13] (Dropbox, Inc.)
Task: {6788AE94-53C5-459D-BDCC-ABA7E8EBE56A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {688CBF8C-C1A5-41D6-B9DD-B6C4C46D6B8C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {8BDC7A15-3ADF-4555-B6DA-1233065EE312} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2014-03-31] (1&1 Mail & Media GmbH)
Task: {99A5983E-18A6-468F-82DE-894969B8E7A1} - System32\Tasks\{765E7C2C-E5EF-4C20-9D54-A686FDF59639} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.2.0.169.405/de/abandoninstall?source=lightinstaller&amp;page=tsGoogle&amp;installinfo=google-toolbar:offered-installed,google-chrome:notoffered;toolbaroffered
Task: {A9557707-901C-4FA3-A8A2-5977CFE1F528} - System32\Tasks\{502C5963-98BE-487A-BF29-7F8E57E9BEAB} => pcalua.exe -a "E:\DRIVER\[11] Bluetooth\BTW_ver.6.2.1.800\Setup.exe" -d "E:\DRIVER\[11] Bluetooth\BTW_ver.6.2.1.800"
Task: {DD8A5148-5934-4B06-990C-A7633BDBC693} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-25] (Adobe Systems Incorporated)
Task: {DF07D031-8199-4198-A154-CBC9AB3355AE} - System32\Tasks\{3207A0DF-B74F-492A-8EB7-4DC8FE162B9C} => pcalua.exe -a "C:\Users\Ryker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MHDETGGJ\jre-6u22-windows-i586-iftw-rv[1].exe" -d C:\Users\Ryker\Desktop
Task: {E6EE3E76-857D-4942-8E1B-01751DD5449D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {F3C22DAD-253B-4060-9868-1137D1653C2F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-960941955-715801640-531254083-1000Core.job => C:\Users\Ryker\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-960941955-715801640-531254083-1000UA.job => C:\Users\Ryker\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-04 19:17 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2011-01-11 21:18 - 2011-12-11 16:43 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2009-10-02 19:39 - 2009-10-02 19:39 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2014-09-12 18:52 - 2014-09-12 18:52 - 00537600 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\Python.Runtime\3b455cc6d4bf80f8d8f71d1cb57fa844\Python.Runtime.ni.dll
2013-01-03 18:12 - 2013-01-03 18:12 - 00471552 _____ () C:\Program Files\Box Sync\_hashlib.pyd
2013-01-03 18:12 - 2013-01-03 18:12 - 00046080 _____ () C:\Program Files\Box Sync\_socket.pyd
2013-01-03 18:12 - 2013-01-03 18:12 - 01167360 _____ () C:\Program Files\Box Sync\_ssl.pyd
2013-01-03 18:12 - 2013-01-03 18:12 - 00689664 _____ () C:\Program Files\Box Sync\unicodedata.pyd
2013-01-03 18:12 - 2013-01-03 18:12 - 00166912 _____ () C:\Program Files\Box Sync\_elementtree.pyd
2013-01-03 18:12 - 2013-01-03 18:12 - 00164352 _____ () C:\Program Files\Box Sync\pyexpat.pyd
2013-01-03 18:12 - 2013-01-03 18:12 - 00111616 _____ () C:\Program Files\Box Sync\_ctypes.pyd
2013-01-03 18:12 - 2013-01-03 18:12 - 00127488 _____ () C:\Program Files\Box Sync\win32api.pyd
2013-01-03 18:12 - 2013-01-03 18:12 - 00136704 _____ () C:\Program Files\Box Sync\pywintypes27.dll
2013-01-03 18:12 - 2013-01-03 18:12 - 00058368 _____ () C:\Program Files\Box Sync\_sqlite3.pyd
2013-01-03 18:12 - 2013-01-03 18:12 - 00535040 _____ () C:\Program Files\Box Sync\sqlite3.dll
2013-01-03 18:12 - 2013-01-03 18:12 - 00037888 _____ () C:\Program Files\Box Sync\_testcapi.pyd
2013-01-03 18:12 - 2013-01-03 18:12 - 00135168 _____ () C:\Program Files\Box Sync\win32security.pyd
2013-01-03 18:12 - 2013-01-03 18:12 - 00007168 _____ () C:\Program Files\Box Sync\_win32sysloader.pyd
2013-01-03 18:12 - 2013-01-03 18:12 - 00138752 _____ () C:\Program Files\Box Sync\win32file.pyd
2009-05-01 18:58 - 2009-05-01 18:58 - 01057512 _____ () C:\Program Files (x86)\maxdome\DCBin\PocoFoundation.dll
2009-05-01 18:58 - 2009-05-01 18:58 - 00627944 _____ () C:\Program Files (x86)\maxdome\DCBin\PocoNet.dll
2009-05-01 18:58 - 2009-05-01 18:58 - 00514352 _____ () C:\Program Files (x86)\maxdome\DCBin\sqlite3.dll
2009-05-01 18:58 - 2009-05-01 18:58 - 00517352 _____ () C:\Program Files (x86)\maxdome\DCBin\PocoXML.dll
2010-10-10 11:20 - 2010-10-10 11:20 - 00057344 _____ () C:\Program Files (x86)\NoAds\NoAds.dll
2015-06-28 13:45 - 2015-06-28 13:45 - 00043008 _____ () c:\users\ryker\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfadayx.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00750080 _____ () C:\Users\Ryker\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00047616 _____ () C:\Users\Ryker\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00865280 _____ () C:\Users\Ryker\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00200704 _____ () C:\Users\Ryker\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\Ryker\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00726016 _____ () C:\Users\Ryker\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\Ryker\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:76650B61

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-960941955-715801640-531254083-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ryker\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: GameXN (news) => "C:\ProgramData\GameXN\GameXNGO.exe" /n
MSCONFIG\startupreg: GameXN (update) => "C:\ProgramData\GameXN\GameXNGO.exe" /u
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: MobileConnect => %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
MSCONFIG\startupreg: Philips Device Listener => "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3150E58D-395C-4190-B694-91A8AA7BF036}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{2ED2DCF7-198A-4659-9AE9-3FF1391A70E3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{1CBC3238-B8B0-4C30-BB2B-09386471B100}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{04F3D656-B6E4-46CA-9C95-61780103AA40}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{63165656-A291-45AC-B0DE-DC79678B564E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{BFB8994C-9D80-4D3F-95A4-722AED35F903}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{9A019391-30A0-4EE0-BFD1-8502FF1538AC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{AD7D349A-7C8F-444C-A36D-DB7A0FB9DBE9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{032BC0C5-4465-4B9C-A033-CAE5D2E6FD4F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{CC01C849-DD4E-40F2-B60D-68B0FB87ED75}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{D7F2F4FD-B017-4156-B01B-9A4A4552876A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{51BE2A90-3750-41E2-8961-7C40BDD30C50}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{F3343690-0D2C-4A74-BB6C-BFC233DB3D5A}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{078CD23D-5684-4B22-916F-9E04BDF431A0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{53EDEC70-F245-4F5E-AFE4-945B4056CF28}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{4F1D79F2-2139-4A4C-BC46-7F4B38599E8D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{73CB268A-56BC-4B9D-B29D-03A10965EEF0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{EE87D9E1-2778-4CDC-B207-9885EA366102}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{BF55ACFF-C394-48B7-A176-7FA9CA2B60B3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{96DC050B-AF9E-4E72-A5F1-31354BA6BDBB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{A2EF00BC-FDA1-451E-BED7-23A92B288666}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{262572D4-2A32-4E84-BD7A-F0A4FDC3B397}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{E9175620-A66A-4043-B2EF-BC0C7CD6A36C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C45A8E54-C043-4071-B723-3768B6582464}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{027A2A1A-D752-4D17-8A0D-6E3DA529289B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E7DA5D4E-2B8F-47D2-9592-C0A3B67CEB37}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1EA37EC8-AEE9-435A-A285-549E73384A7F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0115CC7B-E7C1-4EB6-8582-933E9D66D84E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B126104F-56E5-462A-B4BF-3BD1368FD260}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7B836851-C6B2-48B5-AC29-9ADA10D8CC88}] => (Allow) LPort=2869
FirewallRules: [{B3D4DF08-82F7-45CA-AA07-809B57374E27}] => (Allow) LPort=1900
FirewallRules: [{1557B7F3-9481-41D5-B2D9-57FE1337015D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{A1FC333C-AF90-48B0-A38D-D624BD78CA8B}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{E28EFEE0-4119-4077-8FF3-7D2768E61643}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8261168C-04C9-4F39-9FBB-D00A6571AB1C}] => (Allow) C:\Program Files (x86)\EA GAMES\Battlefield 2\BF2.exe
FirewallRules: [{06EF0E67-C665-4B02-80FF-E67E396E92A4}] => (Allow) C:\Program Files (x86)\EA GAMES\Battlefield 2\BF2.exe
FirewallRules: [{9E8F1368-C5D0-4FF1-8126-8FEE4B9C17A6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B87CDDAF-B732-40E7-AE01-67E9C5F89595}] => (Allow) C:\Program Files (x86)\Steam\steamapps\micr0flex@web.de\half-life\hl.exe
FirewallRules: [{385CA366-37B9-457D-A4D7-C5817DC888D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\micr0flex@web.de\half-life\hl.exe
FirewallRules: [{0858E787-85D0-4391-A74A-E3D125F22655}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{DCDCE746-636F-4C06-9DA3-B1BC42BE7B03}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BBE50F9A-32BD-4DD2-BF4F-31A3AAD4066A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ryka\zombie panic! source\hl2.exe
FirewallRules: [{B59EA489-55E5-41E2-BA52-2CCFEB430FC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ryka\zombie panic! source\hl2.exe
FirewallRules: [{E0F42141-A4E9-4E30-9DF1-E88E99C38223}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ryka\eternal-silence\hl2.exe
FirewallRules: [{B82D0B19-4F2A-484C-8BEC-A8A51B708D68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ryka\eternal-silence\hl2.exe
FirewallRules: [{2CC670A1-FE7D-454A-986E-35AF83F77B99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\micr0flex@web.de\opposing force\hl.exe
FirewallRules: [{D596197E-C175-407E-81D4-63054D0C7D21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\micr0flex@web.de\opposing force\hl.exe
FirewallRules: [{4FF6FD5E-9A65-4D9B-9E42-AD9AD268C429}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ryka\eternal-silence\hl2.exe
FirewallRules: [{4457E2EE-D114-455B-882F-597EB36912A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ryka\eternal-silence\hl2.exe
FirewallRules: [{96128C9E-D04C-4EB4-AC64-8E0107299747}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ryka\dystopia\hl2.exe
FirewallRules: [{0C04A4DE-4985-48C9-A063-347C8135DDB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ryka\dystopia\hl2.exe
FirewallRules: [{997FCD40-DB70-44BA-8A9B-2CF6B11966AD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3B6977C1-F386-43D8-AD5A-275122D606C8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F7BBEA4D-87BA-46F0-812D-1DD3B3313534}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0D01B419-310A-472F-911A-059B3351C288}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D24FF0CA-B6DB-47D8-BFE2-B51A439B3465}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{092B3084-266C-4CDA-AEA1-1C76F4397521}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8D89479A-7595-4AF7-9FB4-9BD6DD2E3DD9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8B431837-3FFC-41CD-9853-1947BA8FA106}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{99329926-A6DC-4206-898B-C70DBEE6FB8C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1C20A7E6-3BB0-4CB4-9537-84D4F0BD1F07}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CDB807BB-34BF-4618-9C39-8F57BAB53E33}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AE867560-FEE5-407E-A3BA-731FC48F44CC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{91C80D6D-1A6E-43BB-BF98-40C3DF674F48}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{676655FF-48E1-4B89-B7E4-8CA4F5D2EB78}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{011787E7-E7A8-44EF-BB46-65EDDE911A47}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{702C2D34-B3F9-4456-8199-8805A613F1B7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6CEEB9BF-DF7B-4ECC-8B8A-2C230B914558}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6081A82F-58E0-4454-972F-E96DD7074F06}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{35591AB7-A104-4A6C-A1DF-4E356C6260F2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9907D2E8-F968-4DB7-BC95-4D1DFCCDA7E7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B491FDB7-1000-44CB-A65D-AA92064BE93B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CFA75D3F-B5B2-4767-A1FB-AD517ED05822}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{44E6026E-FBB0-4A55-BDEE-FB827C424BD6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{906F1627-0AB7-4F6D-AEB8-6AC574D8692F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A0A5AF72-4AB6-4B27-8022-26BAD51263FF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BBA29EB7-CBC5-4586-9CCE-90F4A34901F5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4418911B-775A-44AF-A79E-DFF75510CB70}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{575CAB96-267B-4E3F-99C9-5192C0D58101}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F302C38E-4A19-4BAF-80F9-ACF409C8D7DB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7C4830E4-4B92-4C89-BF53-C9E45015E5CA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4D482551-6CD2-4DDC-8C32-CD72874202BB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{08F123E8-C0B8-4189-B444-9E31795FE376}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7B45F9E8-DD2A-4B20-98C4-D686CDDEBD7A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B0C13B5B-1C4F-4680-8E10-B7BD95DF6D49}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6A114205-1DA2-4584-97DC-85D70BE69ECC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6990C142-7A64-48D1-8A32-8CDE6AC9ABBF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D40B941C-8131-4E29-90B4-E5470F2319E2}] => (Allow) C:\Program Files (x86)\ICQ7.6\ICQ.exe
FirewallRules: [{8236781C-7900-443D-9BAE-0588B1BC5C42}] => (Allow) C:\Program Files (x86)\ICQ7.6\ICQ.exe
FirewallRules: [{CD4E61C7-160C-40E2-BBCA-71E13BD83535}] => (Allow) C:\Program Files (x86)\ICQ7.6\ICQ.exe
FirewallRules: [{57E5375F-39F6-4C61-9026-B40D4F66CDF5}] => (Allow) C:\Program Files (x86)\ICQ7.6\ICQ.exe
FirewallRules: [{6FC63D06-90F2-445F-91F4-89CB90DA8893}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{86D03045-484A-4156-849D-051355389ED7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{253032AC-8787-45B4-AD43-AB5B0F21571F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0CD631C0-4712-44C3-9836-6E5716F4EB5F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{57B9A007-CFBD-4432-8C7E-0A49D73E284E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BC278292-B073-4EC5-AB06-743AC3C9B153}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{25981535-E2D3-4A7D-84D8-D88669B3F825}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6AD7EF68-EC93-4021-A9A9-65659FCA117D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\trackmania nations forever\TmForever.exe
FirewallRules: [{B3161CB8-5D60-49AA-9731-CDABDD2BD556}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\trackmania nations forever\TmForever.exe
FirewallRules: [{989915C0-26CC-4E1A-B524-6A21FAF82519}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe
FirewallRules: [{F5B731E5-17DC-4AB2-BA7E-B106AE93D77F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe
FirewallRules: [{4FC2EDE8-419C-4204-BE14-CDA8C2B60815}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\alien swarm\srcds.exe
FirewallRules: [{E5A01125-0F8F-4308-AF83-C57453E14732}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\alien swarm\srcds.exe
FirewallRules: [{FFAA876F-C49F-43DA-9462-6BCC5B9D8202}] => (Allow) C:\Program Files (x86)\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe
FirewallRules: [{5DFB95D9-3DF5-40FF-A98F-30FC7D2D4042}] => (Allow) C:\Program Files (x86)\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe
FirewallRules: [{C73913D7-1546-4608-A954-3C9748B386DD}] => (Allow) C:\Program Files (x86)\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe
FirewallRules: [{1E65CC8C-03BB-432F-8A08-08EEA488C013}] => (Allow) C:\Program Files (x86)\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe
FirewallRules: [{D16BC3EA-378D-4E63-9F06-DC907394332D}] => (Allow) C:\Program Files (x86)\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe
FirewallRules: [{92227C8E-D7CE-4AF9-B0BA-6E2EB43CDA08}] => (Allow) C:\Program Files (x86)\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe
FirewallRules: [{888DFC8B-5FC2-46F4-9DAD-5E71FD7F4362}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\iron grip marauders\prism.exe
FirewallRules: [{CBA6AAFD-EB9C-4043-A3BE-EA324796D5CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\iron grip marauders\prism.exe
FirewallRules: [{3DD94CB5-04F9-4966-86E2-DD5F18F30BF1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{009A5A96-D243-4481-9BD3-C61189F2422B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{7958412D-ED67-4741-BF6A-0AADD96295C6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{DB2CAF31-7CFA-4580-A6E7-A0AB00D1E91F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A51A7DE6-5010-4D9C-B8B8-5E8F81467938}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{C3DB5050-EE51-4E9E-9E3F-7AF8342267ED}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{910CAFA8-900C-45AE-85DD-C52EB9A1B1DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\micr0flex@web.de\ricochet\hl.exe
FirewallRules: [{13C1D3E4-6A06-402A-BEDC-F0C783A1EC0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\micr0flex@web.de\ricochet\hl.exe
FirewallRules: [{FE0CCA83-C513-4671-BBDB-91DE5F81AE0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe
FirewallRules: [{5566D577-A81A-4ECD-8F92-9288375FB467}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe
FirewallRules: [{04D79086-9F04-47B0-838C-23F09E38CEDF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe
FirewallRules: [{A49332FE-5C84-4629-98D9-4E0E2114AC45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe
FirewallRules: [{FD6B8F7E-23F2-494A-AA1A-6B1B7EB0E99A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\micr0flex@web.de\half-life\hl.exe
FirewallRules: [{E7A988CD-F11B-498B-A4C3-2D233877C0B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\micr0flex@web.de\half-life\hl.exe
FirewallRules: [{4671F96A-FC9A-449D-9894-74A8D766CA61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ryka\counter-strike\hl.exe
FirewallRules: [{28B64742-ECB6-48A8-9D04-AB19F1E46DE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ryka\counter-strike\hl.exe
FirewallRules: [{CB4EF122-FD91-4EF3-AF84-E7B1907F2CAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\micr0flex@web.de\counter-strike\hl.exe
FirewallRules: [{FB77EDD8-8B84-401B-BE78-CD8819BE9001}] => (Allow) C:\Program Files (x86)\Steam\steamapps\micr0flex@web.de\counter-strike\hl.exe
FirewallRules: [{CE51982A-B90E-4E8C-B541-EE10A7AB5C08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{2EC6CED9-3504-4B9C-A5A8-730D412BBE04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1A72D36C-9B15-4738-A555-BB73135750BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\trackmania nations forever\TmForever.exe
FirewallRules: [{9815933A-0425-4AFC-937B-393BB1B64550}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\trackmania nations forever\TmForever.exe
FirewallRules: [{62DEABDE-D876-4C9F-93E3-81FF03902934}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe
FirewallRules: [{41E356BF-67DA-46E8-97AD-2990397FEE44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe
FirewallRules: [{394D3182-A0B7-4E68-A165-EE4BE5A7316F}] => (Allow) C:\Program Files (x86)\Electronic Arts\Battlefield 1942\BF1942.exe
FirewallRules: [{B4ADAA3D-019A-46A4-A7E9-27CAE408FB69}] => (Allow) C:\Program Files (x86)\Electronic Arts\Battlefield 1942\BF1942.exe
FirewallRules: [{3BD553FC-FF2D-441C-8EE5-B44C95835C3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ryka\zombie panic! source\hl2.exe
FirewallRules: [{1EA0FFCC-0486-4E3E-A456-E470A7E2C19F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ryka\zombie panic! source\hl2.exe
FirewallRules: [{20A1B2C0-8C1C-46E5-ADAE-2FAF7B786244}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro 2033\metro2033.exe
FirewallRules: [{3A81907E-D117-46F3-BCDC-AC14B2D2D158}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro 2033\metro2033.exe
FirewallRules: [{E55235EC-A9DF-49DA-BD90-B4BBAF543374}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ryka\opposing force\hl.exe
FirewallRules: [{0A8E59EC-DF8F-41D2-9C11-2ED9552DAD4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ryka\opposing force\hl.exe
FirewallRules: [{D7A53E00-212C-490B-94B5-FD087C6C2AFB}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{3C6DFD28-8BA4-4D9B-9615-6E6E0B0C2089}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{4615C8B8-C314-42F5-90AC-4F0EC15F9A52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{5AF07BE5-43CB-4B64-8D8F-2635699154BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{6293F692-4213-499E-98F2-314D5BB333C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{ED49FD72-C9AD-4120-B896-C3D11E626710}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{DAF0C873-0442-40C3-B315-5C98BFCD325B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{D70604B5-411F-482F-A9BE-A89BC9577DF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{9E52189B-C0AA-4C7C-9A63-65E75659D755}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{592DFCF8-2246-4828-AC6B-0085DC73A8D1}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{4CEE6DD9-3AEC-455B-B3A4-BDCE4306EDBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{FB6F3DD6-76FA-49BB-82F2-A72CA921AB67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{C69C6201-B31A-4782-AB21-6E46C302E9D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{67EA05BF-BE03-4738-9D59-224A64684AE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{17381765-A10D-48F7-9CA6-A6B7A56BB5A5}] => (Allow) C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4B869516-021C-4C15-8C52-0A205093C9E0}] => (Allow) C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9BA9729B-50F9-4298-B4C8-06B8B8F6A65A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3F9A6A7F-E0B4-4ADB-A67D-DCCBD6E3C5DF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CB3737C4-5D00-48F5-9E10-04261E9A66B4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E6655014-B76F-4075-9988-D8BB58EDF3C3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B0996401-9267-4E86-8788-0B2D6CF74F70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{BC4328B0-AC16-44A4-B888-8B74BF12D25C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{528A56F6-76AD-42FA-BA9E-4FAE48350A27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{1C47D830-02BC-482C-A82F-6A6D10D9EFCD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{90B32C47-161B-430D-B7A2-FC003048C740}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dino D-Day\dinodday.exe
FirewallRules: [{91C116EA-AF90-46D1-8698-F6AE09CA30A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dino D-Day\dinodday.exe
FirewallRules: [{D9CE1969-856F-4C3B-BD77-7E7870789E92}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{182F3F38-B177-4269-ABD1-A9222326FF24}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1572F4ED-B99B-4B64-A127-66142792519C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
FirewallRules: [{45EA6CCB-8930-4E7A-BD5C-25EACEBEA941}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
FirewallRules: [{893594D2-90D1-4E9F-A745-B769E3F70831}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{AA8D3D86-1DC1-45DB-81E8-E9900A6F1B9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{937B221F-9106-4155-B3CC-869636747D40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/28/2015 01:45:10 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (06/28/2015 01:44:10 PM) (Source: ESENT) (EventID: 454) (User: )
Description: avguard (1880) GaviDB_1: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -501 auf.

Error: (06/28/2015 01:44:10 PM) (Source: ESENT) (EventID: 465) (User: )
Description: avguard (1880) GaviDB_1: Während des Soft Recovery-Vorgangs wurde eine Beschädigung von Protokolldatei C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\Logs\edb.log festgestellt. Der Datensatz mit der fehlerhaften Prüfsumme befindet sich an Position END. Daten, die nicht mit dem Füllmuster der Protokolldatei übereinstimmen, traten zuerst in Sektor 364 (0x0000016C) auf. Diese Protokolldatei wurde beschädigt und ist unbrauchbar.

Error: (06/28/2015 01:44:10 PM) (Source: ESENT) (EventID: 465) (User: )
Description: avguard (1880) GaviDB_1: Während des Soft Recovery-Vorgangs wurde eine Beschädigung von Protokolldatei C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\Logs\edb.log festgestellt. Der Datensatz mit der fehlerhaften Prüfsumme befindet sich an Position END. Daten, die nicht mit dem Füllmuster der Protokolldatei übereinstimmen, traten zuerst in Sektor 364 (0x0000016C) auf. Diese Protokolldatei wurde beschädigt und ist unbrauchbar.

Error: (06/28/2015 01:44:10 PM) (Source: ESENT) (EventID: 465) (User: )
Description: avguard (1880) GaviDB_1: Während des Soft Recovery-Vorgangs wurde eine Beschädigung von Protokolldatei C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\Logs\edb.log festgestellt. Der Datensatz mit der fehlerhaften Prüfsumme befindet sich an Position END. Daten, die nicht mit dem Füllmuster der Protokolldatei übereinstimmen, traten zuerst in Sektor 364 (0x0000016C) auf. Diese Protokolldatei wurde beschädigt und ist unbrauchbar.

Error: (06/28/2015 01:44:08 PM) (Source: ESENT) (EventID: 454) (User: )
Description: avguard (1880) GaviDB_0: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -501 auf.

Error: (06/28/2015 01:44:08 PM) (Source: ESENT) (EventID: 465) (User: )
Description: avguard (1880) GaviDB_0: Während des Soft Recovery-Vorgangs wurde eine Beschädigung von Protokolldatei C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\Logs\edb.log festgestellt. Der Datensatz mit der fehlerhaften Prüfsumme befindet sich an Position END. Daten, die nicht mit dem Füllmuster der Protokolldatei übereinstimmen, traten zuerst in Sektor 364 (0x0000016C) auf. Diese Protokolldatei wurde beschädigt und ist unbrauchbar.

Error: (06/28/2015 01:44:08 PM) (Source: ESENT) (EventID: 465) (User: )
Description: avguard (1880) GaviDB_0: Während des Soft Recovery-Vorgangs wurde eine Beschädigung von Protokolldatei C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\Logs\edb.log festgestellt. Der Datensatz mit der fehlerhaften Prüfsumme befindet sich an Position END. Daten, die nicht mit dem Füllmuster der Protokolldatei übereinstimmen, traten zuerst in Sektor 364 (0x0000016C) auf. Diese Protokolldatei wurde beschädigt und ist unbrauchbar.

Error: (06/28/2015 01:44:08 PM) (Source: ESENT) (EventID: 465) (User: )
Description: avguard (1880) GaviDB_0: Während des Soft Recovery-Vorgangs wurde eine Beschädigung von Protokolldatei C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\Logs\edb.log festgestellt. Der Datensatz mit der fehlerhaften Prüfsumme befindet sich an Position END. Daten, die nicht mit dem Füllmuster der Protokolldatei übereinstimmen, traten zuerst in Sektor 364 (0x0000016C) auf. Diese Protokolldatei wurde beschädigt und ist unbrauchbar.

Error: (06/28/2015 01:19:26 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.


System errors:
=============
Error: (06/28/2015 01:46:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HP Network Devices Support" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (06/28/2015 01:46:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HP Network Devices Support erreicht.

Error: (06/28/2015 01:46:12 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053HPSLPSVC{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (06/28/2015 01:44:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (06/28/2015 01:44:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Rapid Storage Technology erreicht.

Error: (06/28/2015 01:43:49 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/27/2015 08:50:48 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/27/2015 08:50:45 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/27/2015 06:20:36 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/27/2015 06:20:29 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


Microsoft Office:
=========================
Error: (06/28/2015 01:45:10 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (06/28/2015 01:44:10 PM) (Source: ESENT) (EventID: 454) (User: )
Description: avguard1880GaviDB_1: -501

Error: (06/28/2015 01:44:10 PM) (Source: ESENT) (EventID: 465) (User: )
Description: avguard1880GaviDB_1: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\Logs\edb.logEND364 (0x0000016C)

Error: (06/28/2015 01:44:10 PM) (Source: ESENT) (EventID: 465) (User: )
Description: avguard1880GaviDB_1: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\Logs\edb.logEND364 (0x0000016C)

Error: (06/28/2015 01:44:10 PM) (Source: ESENT) (EventID: 465) (User: )
Description: avguard1880GaviDB_1: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\Logs\edb.logEND364 (0x0000016C)

Error: (06/28/2015 01:44:08 PM) (Source: ESENT) (EventID: 454) (User: )
Description: avguard1880GaviDB_0: -501

Error: (06/28/2015 01:44:08 PM) (Source: ESENT) (EventID: 465) (User: )
Description: avguard1880GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\Logs\edb.logEND364 (0x0000016C)

Error: (06/28/2015 01:44:08 PM) (Source: ESENT) (EventID: 465) (User: )
Description: avguard1880GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\Logs\edb.logEND364 (0x0000016C)

Error: (06/28/2015 01:44:08 PM) (Source: ESENT) (EventID: 465) (User: )
Description: avguard1880GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\Logs\edb.logEND364 (0x0000016C)

Error: (06/28/2015 01:19:26 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestc:\program files\CCleaner\CCleaner.exe


CodeIntegrity Errors:
===================================
  Date: 2013-03-16 13:28:18.316
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-16 13:28:18.260
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-16 13:28:16.026
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-16 13:28:15.965
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-16 13:28:13.818
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-16 13:28:13.760
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-16 13:28:11.223
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-16 13:28:11.154
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-16 13:28:08.828
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-16 13:28:08.752
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz
Percentage of memory in use: 41%
Total physical RAM: 4078.06 MB
Available physical RAM: 2373.19 MB
Total Pagefile: 8154.32 MB
Available Pagefile: 5936.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:424.66 GB) (Free:155.66 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:33.47 GB) NTFS
Drive f: (Mobil) (Fixed) (Total:465.76 GB) (Free:72.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=424.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 44FDFE06)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of log ============================
         
 --- --- ---

Gmer

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-28 14:35:40
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0003 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Ryker\AppData\Local\Temp\kwdiqpow.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                                    0000000077661401 2 bytes JMP 7673b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                                      0000000077661419 2 bytes JMP 7673b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                                    0000000077661431 2 bytes JMP 767b8f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                                    000000007766144a 2 bytes CALL 7671489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                                                       * 9
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                                       00000000776614dd 2 bytes JMP 767b8822 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                                00000000776614f5 2 bytes JMP 767b89f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                                       000000007766150d 2 bytes JMP 767b8718 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                                0000000077661525 2 bytes JMP 767b8ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                                      000000007766153d 2 bytes JMP 7672fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                                           0000000077661555 2 bytes JMP 767368ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                                    000000007766156d 2 bytes JMP 767b8fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                                      0000000077661585 2 bytes JMP 767b8b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                                         000000007766159d 2 bytes JMP 767b86dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                                      00000000776615b5 2 bytes JMP 7672fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                                    00000000776615cd 2 bytes JMP 7673b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                                00000000776616b2 2 bytes JMP 767b8ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                                00000000776616bd 2 bytes JMP 767b8671 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2580] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82                                                                                                                                                                          00000000730617fa 2 bytes CALL 767111a9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2580] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88                                                                                                                                                                      0000000073061860 2 bytes CALL 767111a9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2580] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98                                                                                                                                                                    0000000073061942 2 bytes JMP 77247089 C:\Windows\syswow64\WS2_32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2580] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109                                                                                                                                                                   000000007306194d 2 bytes JMP 7724cba6 C:\Windows\syswow64\WS2_32.dll
.text    C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                                          0000000077661401 2 bytes JMP 7673b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                                            0000000077661419 2 bytes JMP 7673b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                                          0000000077661431 2 bytes JMP 767b8f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                                          000000007766144a 2 bytes CALL 7671489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                                                       * 9
.text    C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                                             00000000776614dd 2 bytes JMP 767b8822 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                                      00000000776614f5 2 bytes JMP 767b89f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                                             000000007766150d 2 bytes JMP 767b8718 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                                      0000000077661525 2 bytes JMP 767b8ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                                            000000007766153d 2 bytes JMP 7672fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                                                 0000000077661555 2 bytes JMP 767368ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                                          000000007766156d 2 bytes JMP 767b8fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                                            0000000077661585 2 bytes JMP 767b8b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                                               000000007766159d 2 bytes JMP 767b86dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                                            00000000776615b5 2 bytes JMP 7672fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                                          00000000776615cd 2 bytes JMP 7673b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                                      00000000776616b2 2 bytes JMP 767b8ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                                      00000000776616bd 2 bytes JMP 767b8671 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                                0000000077661401 2 bytes JMP 7673b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                                  0000000077661419 2 bytes JMP 7673b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                                0000000077661431 2 bytes JMP 767b8f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                                000000007766144a 2 bytes CALL 7671489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                                                       * 9
.text    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                                   00000000776614dd 2 bytes JMP 767b8822 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                            00000000776614f5 2 bytes JMP 767b89f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                                   000000007766150d 2 bytes JMP 767b8718 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                            0000000077661525 2 bytes JMP 767b8ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                                  000000007766153d 2 bytes JMP 7672fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                                       0000000077661555 2 bytes JMP 767368ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                                000000007766156d 2 bytes JMP 767b8fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                                  0000000077661585 2 bytes JMP 767b8b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                                     000000007766159d 2 bytes JMP 767b86dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                                  00000000776615b5 2 bytes JMP 7672fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                                00000000776615cd 2 bytes JMP 7673b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                            00000000776616b2 2 bytes JMP 767b8ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                            00000000776616bd 2 bytes JMP 767b8671 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17                                                                                                                                      0000000077661401 2 bytes JMP 7673b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17                                                                                                                                        0000000077661419 2 bytes JMP 7673b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17                                                                                                                                      0000000077661431 2 bytes JMP 767b8f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42                                                                                                                                      000000007766144a 2 bytes CALL 7671489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                                                       * 9
.text    C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17                                                                                                                                         00000000776614dd 2 bytes JMP 767b8822 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17                                                                                                                                  00000000776614f5 2 bytes JMP 767b89f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17                                                                                                                                         000000007766150d 2 bytes JMP 767b8718 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17                                                                                                                                  0000000077661525 2 bytes JMP 767b8ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17                                                                                                                                        000000007766153d 2 bytes JMP 7672fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17                                                                                                                                             0000000077661555 2 bytes JMP 767368ef C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17                                                                                                                                      000000007766156d 2 bytes JMP 767b8fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17                                                                                                                                        0000000077661585 2 bytes JMP 767b8b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17                                                                                                                                           000000007766159d 2 bytes JMP 767b86dc C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17                                                                                                                                        00000000776615b5 2 bytes JMP 7672fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17                                                                                                                                      00000000776615cd 2 bytes JMP 7673b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20                                                                                                                                  00000000776616b2 2 bytes JMP 767b8ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31                                                                                                                                  00000000776616bd 2 bytes JMP 767b8671 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                  0000000077661401 2 bytes JMP 7673b21b C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                    0000000077661419 2 bytes JMP 7673b346 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                  0000000077661431 2 bytes JMP 767b8f29 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                  000000007766144a 2 bytes CALL 7671489d C:\Windows\syswow64\KERNEL32.dll
.text    ...                                                                                                                                                                                                                                                       * 9
.text    C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                     00000000776614dd 2 bytes JMP 767b8822 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                              00000000776614f5 2 bytes JMP 767b89f8 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                     000000007766150d 2 bytes JMP 767b8718 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                              0000000077661525 2 bytes JMP 767b8ae2 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                    000000007766153d 2 bytes JMP 7672fca8 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                         0000000077661555 2 bytes JMP 767368ef C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                  000000007766156d 2 bytes JMP 767b8fe3 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                    0000000077661585 2 bytes JMP 767b8b42 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                       000000007766159d 2 bytes JMP 767b86dc C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                    00000000776615b5 2 bytes JMP 7672fd41 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                  00000000776615cd 2 bytes JMP 7673b2dc C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                              00000000776616b2 2 bytes JMP 767b8ea4 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                              00000000776616bd 2 bytes JMP 767b8671 C:\Windows\syswow64\KERNEL32.dll
---- Processes - GMER 2.1 ----

Library  c:\users\ryker\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfadayx.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304](2015-06-28 11:45:26)                                       0000000003bb0000
Library  C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:24)           000000006bae0000
Library  C:\Users\Ryker\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304] (ICU I18N DLL/The ICU Project)(2015-03-04 21:45:30)                                                           000000004a900000
Library  C:\Users\Ryker\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304] (ICU Common DLL/The ICU Project)(2015-03-04 21:45:30)                                                         0000000005eb0000
Library  C:\Users\Ryker\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304] (ICU Data DLL/The ICU Project)(2015-03-04 21:45:30)                                                           000000004ad00000
Library  C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28)        000000006b6a0000
Library  C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)            000000006b3b0000
Library  C:\Users\Ryker\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304](2015-03-04 21:45:30)                                                                                        000000006b2f0000
Library  C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)        000000006af40000
Library  C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)         0000000069f40000
Library  C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)          0000000069d20000
Library  C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)            0000000069ac0000
Library  C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)            0000000069a90000
Library  C:\Users\Ryker\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304](2015-03-04 21:45:30)                                                                                           0000000069a80000
Library  C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28)  0000000069a50000
Library  C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)         0000000069a10000
Library  C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)   00000000699c0000
Library  C:\Users\Ryker\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304](2015-03-04 21:45:30)                                                                       00000000695d0000
Library  C:\Users\Ryker\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304](2015-03-04 21:45:30)                                                                       00000000693c0000
Library  C:\Users\Ryker\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304](2015-03-04 21:45:30)                                                                         0000000069410000
Library  C:\Users\Ryker\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304](2015-03-04 21:45:30)                                                           0000000068df0000
Library  C:\Users\Ryker\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304](2015-03-04 21:45:30)                                                                    0000000068d80000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243ed215a                                                                                                                                                                               
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243ed215a@002566683693                                                                                                                                                                  0x5C 0xEA 0x2C 0x35 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243ed215a@00023c260efc                                                                                                                                                                  0x29 0x0F 0x18 0x70 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243ed215a@8425dbe239f8                                                                                                                                                                  0xA7 0x65 0x0B 0xB6 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                                                                                                                          
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                                                                                       C:\Program Files (x86)\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                                                                                       0x00 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                                                                                       0
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                                                                                    0xD8 0xFD 0x52 0xC3 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                                                                                                                                 
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                                                                                                              0xA0 0x02 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                                                                                                           0xC9 0xE1 0x58 0x8B ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                                                                                                                            
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                                                                                                      0x1D 0x54 0x23 0xC3 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243ed215a (not active ControlSet)                                                                                                                                                           
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243ed215a@002566683693                                                                                                                                                                      0x5C 0xEA 0x2C 0x35 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243ed215a@00023c260efc                                                                                                                                                                      0x29 0x0F 0x18 0x70 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243ed215a@8425dbe239f8                                                                                                                                                                      0xA7 0x65 0x0B 0xB6 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                                                                                                                      
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                                                                                           C:\Program Files (x86)\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                                                                                           0x00 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                                                                                           0
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                                                                                        0xD8 0xFD 0x52 0xC3 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                                                                                                                             
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                                                                                                                  0xA0 0x02 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                                                                                                               0xC9 0xE1 0x58 0x8B ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                                                                                                                        
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                                                                                                          0x1D 0x54 0x23 0xC3 ...

---- EOF - GMER 2.1 ----

deeprybka · 29.06.2015, 09:01

An wen gingen denn die Bestellungen? Lieferadresse usw.?

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...

Bitte arbeite alle Schritte der Reihe nach ab.
Lies die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
Poste die Logfiles direkt in Deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.

Los geht's:

Schritt 1
Echtzeitschutz des Virenscanners abschalten.

Schritt 2

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Ryker · 29.06.2015, 11:19

Hallo Jürgen, ich bin Jannes.

Es wurde ironischerweise 2x Kaspersky gekauft, also nix mit Lieferadresse, die haben die Codes abgegriffen.

Code:

ATTFilter

ComboFix 15-06-27.01 - Ryker 29.06.2015  11:29:10.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4078.2236 [GMT 2:00]
ausgeführt von:: c:\users\Ryker\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\3D20.tmp
C:\4EDF.tmp
C:\52C9.tmp
C:\5CAA.tmp
C:\C6DB.tmp
C:\E9B9.tmp
c:\users\Dani\AppData\Local\.#
c:\users\Dani\AppData\Local\.#\MBX@1018@1C1D10.###
c:\users\Dani\AppData\Local\.#\MBX@1018@1C1D20.###
c:\users\Dani\AppData\Local\.#\MBX@150C@731D10.###
c:\users\Dani\AppData\Local\.#\MBX@150C@731D20.###
c:\users\Ryker\AppData\Local\.#
c:\users\Ryker\AppData\Local\.#\MBX@1074@1ED1D10.###
c:\users\Ryker\AppData\Local\.#\MBX@1074@1ED1D20.###
c:\users\Ryker\AppData\Local\.#\MBX@10C4@2051D10.###
c:\users\Ryker\AppData\Local\.#\MBX@10C4@2051D20.###
c:\users\Ryker\AppData\Local\.#\MBX@10CC@251D10.###
c:\users\Ryker\AppData\Local\.#\MBX@10CC@251D20.###
c:\users\Ryker\AppData\Local\.#\MBX@10F4@271D10.###
c:\users\Ryker\AppData\Local\.#\MBX@10F4@271D20.###
c:\users\Ryker\AppData\Local\.#\MBX@111C@3D1D10.###
c:\users\Ryker\AppData\Local\.#\MBX@111C@3D1D20.###
c:\users\Ryker\AppData\Local\.#\MBX@11C0@881D10.###
c:\users\Ryker\AppData\Local\.#\MBX@11C0@881D20.###
c:\users\Ryker\AppData\Local\.#\MBX@11F8@241D10.###
c:\users\Ryker\AppData\Local\.#\MBX@11F8@241D20.###
c:\users\Ryker\AppData\Local\.#\MBX@1200@1F81D10.###
c:\users\Ryker\AppData\Local\.#\MBX@1200@1F81D20.###
c:\users\Ryker\AppData\Local\.#\MBX@122C@1F81D10.###
c:\users\Ryker\AppData\Local\.#\MBX@122C@1F81D20.###
c:\users\Ryker\AppData\Local\.#\MBX@12C8@1EE1D10.###
c:\users\Ryker\AppData\Local\.#\MBX@12C8@1EE1D20.###
c:\users\Ryker\AppData\Local\.#\MBX@12CC@2331D10.###
c:\users\Ryker\AppData\Local\.#\MBX@12CC@2331D20.###
c:\users\Ryker\AppData\Local\.#\MBX@1308@1E1D10.###
c:\users\Ryker\AppData\Local\.#\MBX@1308@1E1D20.###
c:\users\Ryker\AppData\Local\.#\MBX@133C@3E1D10.###
c:\users\Ryker\AppData\Local\.#\MBX@133C@3E1D20.###
c:\users\Ryker\AppData\Local\.#\MBX@1344@281D10.###
c:\users\Ryker\AppData\Local\.#\MBX@1344@281D20.###
c:\users\Ryker\AppData\Local\.#\MBX@1344@6E1D10.###
c:\users\Ryker\AppData\Local\.#\MBX@1344@6E1D20.###
c:\users\Ryker\AppData\Local\.#\MBX@1388@1F61D10.###
c:\users\Ryker\AppData\Local\.#\MBX@1388@1F61D20.###
c:\users\Ryker\AppData\Local\.#\MBX@1390@251D10.###
c:\users\Ryker\AppData\Local\.#\MBX@1390@251D20.###
c:\users\Ryker\AppData\Local\.#\MBX@13A0@1FE1D10.###
c:\users\Ryker\AppData\Local\.#\MBX@13A0@1FE1D20.###
c:\users\Ryker\AppData\Local\.#\MBX@13B4@2081D10.###
c:\users\Ryker\AppData\Local\.#\MBX@13B4@2081D20.###
c:\users\Ryker\AppData\Local\.#\MBX@14D8@1F81D10.###
c:\users\Ryker\AppData\Local\.#\MBX@14D8@1F81D20.###
c:\users\Ryker\AppData\Local\.#\MBX@14E0@341D10.###
c:\users\Ryker\AppData\Local\.#\MBX@14E0@341D20.###
c:\users\Ryker\AppData\Local\.#\MBX@1504@2051D10.###
c:\users\Ryker\AppData\Local\.#\MBX@1504@2051D20.###
c:\users\Ryker\AppData\Local\.#\MBX@156C@3F1D10.###
c:\users\Ryker\AppData\Local\.#\MBX@156C@3F1D20.###
c:\users\Ryker\AppData\Local\.#\MBX@158C@341D10.###
c:\users\Ryker\AppData\Local\.#\MBX@158C@341D20.###
c:\users\Ryker\AppData\Local\.#\MBX@1628@1FE1D10.###
c:\users\Ryker\AppData\Local\.#\MBX@1628@1FE1D20.###
c:\users\Ryker\AppData\Local\.#\MBX@166C@641D10.###
c:\users\Ryker\AppData\Local\.#\MBX@166C@641D20.###
c:\users\Ryker\AppData\Local\.#\MBX@1698@661D10.###
c:\users\Ryker\AppData\Local\.#\MBX@1698@661D20.###
c:\users\Ryker\AppData\Local\.#\MBX@16A0@391D10.###
c:\users\Ryker\AppData\Local\.#\MBX@16A0@391D20.###
c:\users\Ryker\AppData\Local\.#\MBX@16D8@1E81D10.###
c:\users\Ryker\AppData\Local\.#\MBX@16D8@1E81D20.###
c:\users\Ryker\AppData\Local\.#\MBX@16E4@651D10.###
c:\users\Ryker\AppData\Local\.#\MBX@16E4@651D20.###
c:\users\Ryker\AppData\Local\.#\MBX@17B0@1FC1D10.###
c:\users\Ryker\AppData\Local\.#\MBX@17B0@1FC1D20.###
c:\users\Ryker\AppData\Local\.#\MBX@17D4@391D10.###
c:\users\Ryker\AppData\Local\.#\MBX@17D4@391D20.###
c:\users\Ryker\AppData\Local\.#\MBX@1814@241D10.###
c:\users\Ryker\AppData\Local\.#\MBX@1814@241D20.###
c:\users\Ryker\AppData\Local\.#\MBX@1820@6C1D10.###
c:\users\Ryker\AppData\Local\.#\MBX@1820@6C1D20.###
c:\users\Ryker\AppData\Local\.#\MBX@1870@381D10.###
c:\users\Ryker\AppData\Local\.#\MBX@1870@381D20.###
c:\users\Ryker\AppData\Local\.#\MBX@188C@21A1D10.###
c:\users\Ryker\AppData\Local\.#\MBX@188C@21A1D20.###
c:\users\Ryker\AppData\Local\.#\MBX@195C@2091D10.###
c:\users\Ryker\AppData\Local\.#\MBX@195C@2091D20.###
c:\users\Ryker\AppData\Local\.#\MBX@1AE4@2071D10.###
c:\users\Ryker\AppData\Local\.#\MBX@1AE4@2071D20.###
c:\users\Ryker\AppData\Local\.#\MBX@1B00@1FC1D10.###
c:\users\Ryker\AppData\Local\.#\MBX@1B00@1FC1D20.###
c:\users\Ryker\AppData\Local\.#\MBX@1B1C@6F1D10.###
c:\users\Ryker\AppData\Local\.#\MBX@1B1C@6F1D20.###
c:\users\Ryker\AppData\Local\.#\MBX@1B3C@2211D10.###
c:\users\Ryker\AppData\Local\.#\MBX@1B3C@2211D20.###
c:\users\Ryker\AppData\Local\.#\MBX@1B60@281D10.###
c:\users\Ryker\AppData\Local\.#\MBX@1B60@281D20.###
c:\users\Ryker\AppData\Local\.#\MBX@1B74@281D10.###
c:\users\Ryker\AppData\Local\.#\MBX@1B74@281D20.###
c:\users\Ryker\AppData\Local\.#\MBX@1C38@1F31D10.###
c:\users\Ryker\AppData\Local\.#\MBX@1C38@1F31D20.###
c:\users\Ryker\AppData\Local\.#\MBX@1D54@6E1D10.###
c:\users\Ryker\AppData\Local\.#\MBX@1D54@6E1D20.###
c:\users\Ryker\AppData\Local\.#\MBX@1EB8@231D10.###
c:\users\Ryker\AppData\Local\.#\MBX@1EB8@231D20.###
c:\users\Ryker\AppData\Local\.#\MBX@2FC@2A1D10.###
c:\users\Ryker\AppData\Local\.#\MBX@2FC@2A1D20.###
c:\users\Ryker\AppData\Local\.#\MBX@3F0@2101D10.###
c:\users\Ryker\AppData\Local\.#\MBX@3F0@2101D20.###
c:\users\Ryker\AppData\Local\.#\MBX@428@251D10.###
c:\users\Ryker\AppData\Local\.#\MBX@428@251D20.###
c:\users\Ryker\AppData\Local\.#\MBX@428@681D10.###
c:\users\Ryker\AppData\Local\.#\MBX@428@681D20.###
c:\users\Ryker\AppData\Local\.#\MBX@430@3F1D10.###
c:\users\Ryker\AppData\Local\.#\MBX@430@3F1D20.###
c:\users\Ryker\AppData\Local\.#\MBX@440@20E1D10.###
c:\users\Ryker\AppData\Local\.#\MBX@440@20E1D20.###
c:\users\Ryker\AppData\Local\.#\MBX@468@271D10.###
c:\users\Ryker\AppData\Local\.#\MBX@468@271D20.###
c:\users\Ryker\AppData\Local\.#\MBX@64C@2061D10.###
c:\users\Ryker\AppData\Local\.#\MBX@64C@2061D20.###
c:\users\Ryker\AppData\Local\.#\MBX@65C@1DE1D10.###
c:\users\Ryker\AppData\Local\.#\MBX@65C@1DE1D20.###
c:\users\Ryker\AppData\Local\.#\MBX@7B8@3D1D10.###
c:\users\Ryker\AppData\Local\.#\MBX@7B8@3D1D20.###
c:\users\Ryker\AppData\Local\.#\MBX@99C@2161D10.###
c:\users\Ryker\AppData\Local\.#\MBX@99C@2161D20.###
c:\users\Ryker\AppData\Local\.#\MBX@A1C@231D10.###
c:\users\Ryker\AppData\Local\.#\MBX@A1C@231D20.###
c:\users\Ryker\AppData\Local\.#\MBX@BDC@21C1D10.###
c:\users\Ryker\AppData\Local\.#\MBX@BDC@21C1D20.###
c:\users\Ryker\AppData\Local\.#\MBX@C04@20D1D10.###
c:\users\Ryker\AppData\Local\.#\MBX@C04@20D1D20.###
c:\users\Ryker\AppData\Local\.#\MBX@C30@20E1D10.###
c:\users\Ryker\AppData\Local\.#\MBX@C30@20E1D20.###
c:\users\Ryker\AppData\Local\.#\MBX@CF0@2111D10.###
c:\users\Ryker\AppData\Local\.#\MBX@CF0@2111D20.###
c:\users\Ryker\AppData\Local\.#\MBX@D10@821D10.###
c:\users\Ryker\AppData\Local\.#\MBX@D10@821D20.###
c:\users\Ryker\AppData\Local\.#\MBX@E48@661D10.###
c:\users\Ryker\AppData\Local\.#\MBX@E48@661D20.###
c:\users\Ryker\AppData\Local\.#\MBX@E74@2031D10.###
c:\users\Ryker\AppData\Local\.#\MBX@E74@2031D20.###
c:\users\Ryker\AppData\Local\.#\MBX@F7C@20E1D10.###
c:\users\Ryker\AppData\Local\.#\MBX@F7C@20E1D20.###
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-05-28 bis 2015-06-29  ))))))))))))))))))))))))))))))
.
.
2015-06-29 09:48 . 2015-06-29 09:48	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-06-29 09:48 . 2015-06-29 09:48	--------	d-----w-	c:\users\Dani\AppData\Local\temp
2015-06-28 11:50 . 2015-06-28 11:53	--------	d-----w-	C:\FRST
2015-06-13 07:56 . 2015-06-13 07:56	--------	d-----w-	c:\users\Ryker\AppData\Local\Dropbox
2015-06-13 07:56 . 2015-06-13 07:56	--------	d-----w-	c:\programdata\Dropbox
2015-06-10 07:50 . 2015-05-09 03:27	98304	----a-w-	c:\windows\system32\wudriver.dll
2015-06-10 07:43 . 2015-05-25 17:08	3206144	----a-w-	c:\windows\system32\win32k.sys
2015-06-10 07:37 . 2015-04-24 18:17	633856	----a-w-	c:\windows\system32\comctl32.dll
2015-06-10 07:37 . 2015-04-24 17:56	530432	----a-w-	c:\windows\SysWow64\comctl32.dll
2015-06-10 07:36 . 2015-04-11 03:19	69888	----a-w-	c:\windows\system32\drivers\stream.sys
2015-06-10 07:18 . 2015-06-10 07:18	--------	d-----w-	c:\users\Ryker\AppData\Roaming\Shooter
2015-06-09 07:42 . 2015-06-09 07:42	--------	d-----w-	c:\program files\Common Files\AV
2015-06-04 08:18 . 2015-06-04 08:18	--------	d-----w-	c:\users\Ryker\AppData\Local\GWX
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-25 09:44 . 2012-04-10 06:30	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-25 09:44 . 2011-05-18 16:52	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-10 07:58 . 2010-07-20 17:37	140135120	----a-w-	c:\windows\system32\MRT.exe
2015-06-09 07:28 . 2013-05-09 10:48	153256	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2015-06-09 07:28 . 2013-05-09 10:48	132656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2015-05-25 18:01 . 2015-06-10 07:38	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-05-01 13:17 . 2015-05-13 10:17	124112	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-13 10:17	102608	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 03:17 . 2015-05-13 09:13	1647104	----a-w-	c:\windows\system32\DWrite.dll
2015-04-20 03:17 . 2015-05-13 09:13	1179136	----a-w-	c:\windows\system32\FntCache.dll
2015-04-20 02:56 . 2015-05-13 09:13	1250816	----a-w-	c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-13 09:16	460800	----a-w-	c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-13 09:16	342016	----a-w-	c:\windows\SysWow64\certcli.dll
2015-04-14 01:38 . 2015-04-14 01:38	1217192	----a-w-	c:\windows\SysWow64\FM20.DLL
2015-04-13 03:28 . 2015-05-13 09:15	328704	----a-w-	c:\windows\system32\services.exe
2015-04-08 03:29 . 2015-05-13 09:13	275456	----a-w-	c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-13 09:13	24576	----a-w-	c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-13 09:13	216064	----a-w-	c:\windows\SysWow64\InkEd.dll
2013-12-12 04:43 . 2013-12-12 04:43	49940480	----a-w-	c:\program files (x86)\GUT251D.tmp
2013-02-12 17:33 . 2013-02-12 17:36	2529792	----a-w-	c:\program files (x86)\Joe.msi
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34	151576	----a-w-	c:\users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34	151576	----a-w-	c:\users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34	151576	----a-w-	c:\users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34	151576	----a-w-	c:\users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34	151576	----a-w-	c:\users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34	151576	----a-w-	c:\users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34	151576	----a-w-	c:\users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34	151576	----a-w-	c:\users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34	151576	----a-w-	c:\users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34	151576	----a-w-	c:\users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34	151576	----a-w-	c:\users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34	151576	----a-w-	c:\users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34	151576	----a-w-	c:\users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34	151576	----a-w-	c:\users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34	151576	----a-w-	c:\users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34	151576	----a-w-	c:\users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NoAds"="c:\program files (x86)\NoAds\NoAds.exe" [2010-10-10 151552]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2015-03-18 720064]
"Dropbox Update"="c:\users\Ryker\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-13 134512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"MGSysCtrl"="c:\program files (x86)\System Control Manager\MGSysCtrl.exe" [2009-12-04 2244608]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"YouCam Mirror Tray icon"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2010-02-09 171104]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-06-09 705840]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-20 767176]
.
c:\users\Ryker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 43871584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 1082144]
Box Sync.lnk - c:\program files\Box Sync\BoxSync.exe -hidden [2013-2-21 7969792]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rsvcdwdr;rsvcdwdr;c:\windows\system32\DRIVERS\rsvcdwdr.sys;c:\windows\SYSNATIVE\DRIVERS\rsvcdwdr.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys;c:\windows\SYSNATIVE\DRIVERS\johci.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys;c:\windows\SYSNATIVE\DRIVERS\avfwot.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe;c:\program files (x86)\System Control Manager\MSIService.exe [x]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys;c:\windows\sysWOW64\drivers\npf_devolo.sys [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 Prosieben;maxdome Download Manager;c:\program files (x86)\maxdome\DCBin\DCService.exe;c:\program files (x86)\maxdome\DCBin\DCService.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys;c:\windows\SYSNATIVE\DRIVERS\avfwim.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys;c:\windows\SYSNATIVE\Drivers\x10hid.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-23 05:42	990024	----a-w-	c:\program files (x86)\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 09:44]
.
2015-06-28 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-960941955-715801640-531254083-1000Core.job
- c:\users\Ryker\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-13 07:56]
.
2015-06-29 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-960941955-715801640-531254083-1000UA.job
- c:\users\Ryker\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-13 07:56]
.
2015-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-19 09:13]
.
2015-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-19 09:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34	184856	----a-w-	c:\users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34	184856	----a-w-	c:\users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34	184856	----a-w-	c:\users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34	184856	----a-w-	c:\users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34	184856	----a-w-	c:\users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34	184856	----a-w-	c:\users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34	184856	----a-w-	c:\users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34	184856	----a-w-	c:\users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopFileLocked]
@="{C253B817-3A00-475f-A5A3-6F2DD704B48D}"
[HKEY_CLASSES_ROOT\CLSID\{C253B817-3A00-475f-A5A3-6F2DD704B48D}]
2010-11-05 01:57	444752	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSynced]
@="{19ACC806-F7AA-46AA-A80A-726A07CA6637}"
[HKEY_CLASSES_ROOT\CLSID\{19ACC806-F7AA-46AA-A80A-726A07CA6637}]
2010-11-05 01:57	444752	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSyncedCollabs]
@="{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}"
[HKEY_CLASSES_ROOT\CLSID\{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}]
2010-11-05 01:57	444752	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSynced]
@="{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}"
[HKEY_CLASSES_ROOT\CLSID\{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}]
2010-11-05 01:57	444752	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSyncedCollab]
@="{9E48C232-F601-4E41-BB3E-16CBAF317AA4}"
[HKEY_CLASSES_ROOT\CLSID\{9E48C232-F601-4E41-BB3E-16CBAF317AA4}]
2010-11-05 01:57	444752	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-25 10060832]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-02-25 877600]
"BoxSyncHelper"="c:\program files\Box Sync\BoxSyncHelper.exe" [2013-02-21 393216]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.de/?gws_rd=ssl
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Download with GetRight - c:\program files (x86)\GetRight\GRdownload.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files (x86)\GetRight\GRbrowse.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Ryker\AppData\Roaming\Mozilla\Firefox\Profiles\3dgv4qz5.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.startpage.com/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Prosieben]
"ImagePath"="\"c:\program files (x86)\maxdome\DCBin\DCService.exe\" /accountid:Prosieben"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_194_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_194_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_194_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_194_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-06-29  12:10:17
ComboFix-quarantined-files.txt  2015-06-29 10:10
.
Vor Suchlauf: 14 Verzeichnis(se), 168.141.942.784 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 168.702.529.536 Bytes frei
.
- - End Of File - - 76AED17DBB480D55EF22E477369CD01B

deeprybka · 29.06.2015, 11:54

Hi,
also zum Verständnis:
Du hast mehrere amazon-Konten. Mit einem wurden nicht autorisierte Bestellungen durchgeführt. Wurden die Kaspersky-Sachen dann als Download eingekauft? Oder wie wurden die Lizenzen vergeben?

Meist sind ja die Onlinekonten gehackt, selten der lokale PC.

Machen wir mal weiter:

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

Download und Anleitung
Starte Malwarebytes' Anti-Malware (MBAM).
Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
Unter Einstellungen/ Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
Gehe zurück zum Armaturenbrett und klicke auf "Jetzt scannen".
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben und poste mir das Log.

Schritt 3

Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

Ryker · 29.06.2015, 13:16

Amazon zeigt einem die Lizenz-Keys in den Bestelldetails ich denke darauf hatten die es abgesehen. AntiVir habe ich vorm Scan nicht deaktiviert, da nicht von dir gefordert, war das richtig?

Hier AdwCleaner:

Code:

ATTFilter

# AdwCleaner v4.207 - Bericht erstellt 29/06/2015 um 14:05:30
# Aktualisiert 21/06/2015 von Xplode
# Datenbank : 2015-06-23.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Ryker - RYKERS-PC
# Gestarted von : C:\Users\Ryker\Desktop\AdwCleaner_4.207.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian Technologies
Ordner Gelöscht : C:\Program Files (x86)\Applian Technologies
Ordner Gelöscht : C:\Users\Dani\AppData\LocalLow\HPAppData
Ordner Gelöscht : C:\Users\Ryker\AppData\LocalLow\HPAppData
Ordner Gelöscht : C:\Users\Ryker\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Ryker\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Ryker\AppData\Roaming\download Manager
Datei Gelöscht : C:\Users\Dani\Desktop\eBay.lnk

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\Headlight
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Headlight
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\W3I
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Applian FLV and Media Player
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 de)


-\\ Google Chrome v43.0.2357.130


*************************

AdwCleaner[R0].txt - [3405 Bytes] - [29/06/2015 14:03:26]
AdwCleaner[S0].txt - [3098 Bytes] - [29/06/2015 14:05:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3157  Bytes] ##########

deeprybka · 29.06.2015, 13:21

Ja, das war richtig. Ich würde gleich mal die Passwörter von einem anderen Rechner aus ändern. Auch Email-Konten usw.

Ryker · 29.06.2015, 15:50

Ja wir haben unsere Amazon-Accounts und Emailkonten neu gesichert.

Hier MBAM:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 29.06.2015
Suchlauf-Zeit: 14:19:05
Logdatei: MBAM.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.29.01
Rootkit Datenbank: v2015.06.26.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Ryker

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 443307
Verstrichene Zeit: 34 Min, 24 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 2
PUP.Optional.Spigot.A, HKU\S-1-5-21-960941955-715801640-531254083-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0D20A1A4-6C62-45A3-AFD3-3BD2EEBEE242}, In Quarantäne, [670eb40c8bff26107901fb0036cd9967], 
PUP.Optional.Spigot.A, HKU\S-1-5-21-960941955-715801640-531254083-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0D20A1A4-6C62-45A3-AFD3-3BD2EEBEE242}, In Quarantäne, [e491536dbfcbe1558af036c5ff04ea16], 

Registrierungswerte: 2
PUP.Optional.Spigot.A, HKU\S-1-5-21-960941955-715801640-531254083-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0D20A1A4-6C62-45A3-AFD3-3BD2EEBEE242}|URL, hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}, In Quarantäne, [670eb40c8bff26107901fb0036cd9967]
PUP.Optional.Spigot.A, HKU\S-1-5-21-960941955-715801640-531254083-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0D20A1A4-6C62-45A3-AFD3-3BD2EEBEE242}|URL, hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}, In Quarantäne, [e491536dbfcbe1558af036c5ff04ea16]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

und FRST:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015
Ran by Ryker (administrator) on RYKERS-PC on 29-06-2015 16:46:20
Running from C:\Users\Ryker\Desktop
Loaded Profiles: Ryker & Dani (Available Profiles: Ryker & Dani)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\System Control Manager\MSIService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Entriq, Inc.) C:\Program Files (x86)\maxdome\DCBin\DCService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Box, Inc.) C:\Program Files\Box Sync\BoxSyncHelper.exe
(South Bay Software) C:\Program Files (x86)\NoAds\NoAds.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Box, Inc.) C:\Program Files\Box Sync\BoxSync.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [877600 2010-02-25] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1825064 2010-02-25] (Synaptics Incorporated)
HKLM\...\Run: [BoxSyncHelper] => C:\Program Files\Box Sync\BoxSyncHelper.exe [393216 2013-02-21] (Box, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [MGSysCtrl] => C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe [2244608 2009-12-04] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [171104 2010-02-10] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [705840 2015-06-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-960941955-715801640-531254083-1000\...\Run: [NoAds] => C:\Program Files (x86)\NoAds\NoAds.exe [151552 2010-10-10] (South Bay Software)
HKU\S-1-5-21-960941955-715801640-531254083-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-960941955-715801640-531254083-1000\...\Run: [Dropbox Update] => C:\Users\Ryker\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-13] (Dropbox, Inc.)
HKU\S-1-5-21-960941955-715801640-531254083-1001\...\Run: [NoAds] => C:\Program Files (x86)\NoAds\NoAds.exe [151552 2010-10-10] (South Bay Software)
HKU\S-1-5-21-960941955-715801640-531254083-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-960941955-715801640-531254083-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3514176 2011-11-10] (DT Soft Ltd)
HKU\S-1-5-21-960941955-715801640-531254083-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony)
HKU\S-1-5-21-960941955-715801640-531254083-1001\...\MountPoints2: I - I:\SafeStick.exe
HKU\S-1-5-21-960941955-715801640-531254083-1001\...\MountPoints2: {4569298d-8fcc-11e2-a967-4061861ec5a8} - F:\Startme.exe
HKU\S-1-5-21-960941955-715801640-531254083-1001\...\MountPoints2: {af05eaf2-f1a3-11df-8851-4061861ec5a8} - G:\SafeStick.exe
HKU\S-1-5-21-960941955-715801640-531254083-1001\...\MountPoints2: {c3d2bd40-18de-11e1-881d-806e6f6e6963} - G:\Autorun.exe
HKU\S-1-5-21-960941955-715801640-531254083-1001\...\MountPoints2: {da7c684d-f804-11df-a35a-001e101f3315} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-960941955-715801640-531254083-1001\...\MountPoints2: {dbaa237b-f0dc-11df-a223-4061861ec5a8} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-960941955-715801640-531254083-1001\...\MountPoints2: {dbaa240b-f0dc-11df-a223-4061861ec5a8} - G:\setup_vmc_lite.exe /checkApplicationPresence
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-01-08]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Box Sync.lnk [2013-03-11]
ShortcutTarget: Box Sync.lnk -> C:\Program Files\Box Sync\BoxSync.exe (Box, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2010-07-21]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Ryker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-12-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [000BoxDesktopFileLocked] -> {C253B817-3A00-475f-A5A3-6F2DD704B48D} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxDesktopNotSynced] -> {19ACC806-F7AA-46AA-A80A-726A07CA6637} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxDesktopNotSyncedCollabs] -> {337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxDesktopSynced] -> {B7AC9C6D-F15B-4B1A-A88D-F518D13861D9} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxDesktopSyncedCollab] -> {9E48C232-F601-4E41-BB3E-16CBAF317AA4} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-960941955-715801640-531254083-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-960941955-715801640-531254083-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-960941955-715801640-531254083-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-960941955-715801640-531254083-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=ssl
HKU\S-1-5-21-960941955-715801640-531254083-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-960941955-715801640-531254083-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-960941955-715801640-531254083-1000 -> DefaultScope {31EFCD58-B44F-4848-80A1-82BA001F42A4} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-960941955-715801640-531254083-1000 -> {19B01535-33FC-445D-8AB3-FE5118293BAB} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-960941955-715801640-531254083-1000 -> {31EFCD58-B44F-4848-80A1-82BA001F42A4} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-960941955-715801640-531254083-1000 -> {5EB87694-D33F-41C2-BC77-2DC287C315D4} URL = hxxp://startpage.com/do/search?query={searchTerms}&nossl=1&cat=web&pl=ie&language=deutsch
SearchScopes: HKU\S-1-5-21-960941955-715801640-531254083-1000 -> {748FBE47-3386-490C-8F27-2B75C20FC04F} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-960941955-715801640-531254083-1000 -> {ADA2086D-F337-4AC2-87E8-4C9629BBBF02} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-960941955-715801640-531254083-1000 -> {BA2AA739-C53B-46A7-BA70-B292E27E37F6} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-960941955-715801640-531254083-1000 -> {C2D65A89-B608-4AC4-88EA-8DF96A93A0D3} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKU\S-1-5-21-960941955-715801640-531254083-1000 -> {F5132BAE-AD1C-4E14-87C6-CA6F783877BE} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-960941955-715801640-531254083-1001 -> {19B01535-33FC-445D-8AB3-FE5118293BAB} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-960941955-715801640-531254083-1001 -> {2811C5DC-B4FA-411D-9ABE-09F69CAA7F87} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-960941955-715801640-531254083-1001 -> {31EFCD58-B44F-4848-80A1-82BA001F42A4} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-960941955-715801640-531254083-1001 -> {AEA49BEC-BE81-4CD2-9BB3-E855BB99ABAA} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-960941955-715801640-531254083-1001 -> {BA2AA739-C53B-46A7-BA70-B292E27E37F6} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-960941955-715801640-531254083-1001 -> {C2D65A89-B608-4AC4-88EA-8DF96A93A0D3} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKU\S-1-5-21-960941955-715801640-531254083-1001 -> {F5132BAE-AD1C-4E14-87C6-CA6F783877BE} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: IE to GetRight Helper -> {31FF080D-12A3-439A-A2EF-4BA95A3148E8} -> C:\Program Files (x86)\GetRight\xx2gr.dll [2007-07-18] (Headlight Software, Inc.)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-01-09] (pdfforge GbR)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-960941955-715801640-531254083-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
Toolbar: HKU\S-1-5-21-960941955-715801640-531254083-1001 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
Toolbar: HKU\S-1-5-21-960941955-715801640-531254083-1001 -> No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{07FD061E-49C2-492B-868B-EA16BAA5F115}: [DhcpNameServer] 139.7.30.126 139.7.30.125
Tcpip\..\Interfaces\{25D1ADBB-950C-45A3-9243-86AE9CE82348}: [DhcpNameServer] 139.7.30.126 139.7.30.125
Tcpip\..\Interfaces\{5687D8EB-30A2-430B-9B2B-79A1810684B1}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Ryker\AppData\Roaming\Mozilla\Firefox\Profiles\3dgv4qz5.default
FF Homepage: https://www.startpage.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-25] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-25] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-04-14] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-960941955-715801640-531254083-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Ryker\AppData\LocalLow\Sony Online Entertainment\npsoe.dll No File
FF Plugin HKU\S-1-5-21-960941955-715801640-531254083-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ryker\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-09] (Unity Technologies ApS)
FF Extension: WEB.DE Coupon Alert - C:\Users\Ryker\AppData\Roaming\Mozilla\Firefox\Profiles\3dgv4qz5.default\Extensions\gutschein@web.de.xpi [2015-03-12]
FF Extension: Qipu Cashbackmelder open beta - C:\Users\Ryker\AppData\Roaming\Mozilla\Firefox\Profiles\3dgv4qz5.default\Extensions\toolbar@qipu.de.xpi [2014-01-07]
FF Extension: Clean Links - C:\Users\Ryker\AppData\Roaming\Mozilla\Firefox\Profiles\3dgv4qz5.default\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2014-01-07]
FF Extension: QuickImage - C:\Users\Ryker\AppData\Roaming\Mozilla\Firefox\Profiles\3dgv4qz5.default\Extensions\{B9FBA24F-5573-4889-80AC-80809FB9C425}.xpi [2014-05-02]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-09-11]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Optimization Client\addon
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-04-07]
FF HKU\S-1-5-21-960941955-715801640-531254083-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR Profile: C:\Users\Ryker\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ryker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-08]
CHR Extension: (Google Docs) - C:\Users\Ryker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-08]
CHR Extension: (Google Drive) - C:\Users\Ryker\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-08]
CHR Extension: (YouTube) - C:\Users\Ryker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-08]
CHR Extension: (Google Search) - C:\Users\Ryker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-08]
CHR Extension: (Google Sheets) - C:\Users\Ryker\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-08]
CHR Extension: (Bookmark Manager) - C:\Users\Ryker\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ryker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-08]
CHR Extension: (Google Wallet) - C:\Users\Ryker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-08]
CHR Extension: (Gmail) - C:\Users\Ryker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1044728 2015-06-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [803632 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [448304 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [448304 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [994608 2015-06-09] (Avira Operations GmbH & Co. KG)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S2 MBAMService; C:\Users\Ryker\Desktop\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\System Control Manager\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-24] (Electronic Arts)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2011-12-11] ()
R2 Prosieben; C:\Program Files (x86)\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-11] (Vodafone) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [31744 2011-05-09] (Google Inc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-05-09] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-05-09] (Avira GmbH)
R1 avfwot; C:\Windows\SysWOW64\DRIVERS\avfwot.sys [131336 2011-06-29] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [133632 2009-11-04] (Huawei Technologies Co., Ltd.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
S3 GEARAspiWDM; C:\Windows\SysWOW64\Drivers\GEARAspiWDM.sys [15664 2010-05-10] (GEAR Software Inc.)
R3 HabuFltr; C:\Windows\System32\drivers\habu.sys [13824 2009-08-07] (Razer (Asia-Pacific) Pte Ltd)
R0 johci; C:\Windows\System32\DRIVERS\johci.sys [20392 2010-02-25] (JMicron )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2012-08-07] (CACE Technologies)
S3 rsvcdwdr; C:\Windows\System32\DRIVERS\rsvcdwdr.sys [45160 2011-02-28] (RapidSolution Software AG)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2011-11-27] (Duplex Secure Ltd.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2009-08-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27648 2009-08-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2009-08-11] (LG Electronics Inc.)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-29 16:18 - 2015-06-29 16:18 - 00002177 _____ C:\Users\Ryker\Desktop\MBAM.txt
2015-06-29 14:18 - 2015-06-29 16:41 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-29 14:17 - 2015-06-29 14:17 - 00000777 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-29 14:17 - 2015-06-29 14:17 - 00000000 ____D C:\Users\Ryker\Desktop\ Malwarebytes Anti-Malware 
2015-06-29 14:17 - 2015-06-29 14:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-29 14:17 - 2015-06-29 14:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-29 14:17 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-29 14:17 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-29 14:17 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-29 14:13 - 2015-06-29 14:13 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Ryker\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-29 14:03 - 2015-06-29 14:05 - 00000000 ____D C:\AdwCleaner
2015-06-29 14:02 - 2015-06-28 07:57 - 02244096 _____ C:\Users\Ryker\Desktop\AdwCleaner_4.207.exe
2015-06-29 12:44 - 2015-06-29 12:10 - 00042081 _____ C:\Users\Ryker\Desktop\ComboFix.txt
2015-06-29 12:10 - 2015-06-29 12:10 - 00042081 _____ C:\ComboFix.txt
2015-06-29 11:25 - 2015-06-29 12:11 - 00000000 ____D C:\Qoobox
2015-06-29 11:25 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-29 11:25 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-29 11:25 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-29 11:25 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-29 11:25 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-29 11:25 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-29 11:25 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-29 11:25 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-29 11:24 - 2015-06-29 12:04 - 00000000 ____D C:\Windows\erdnt
2015-06-29 11:21 - 2015-06-29 11:21 - 05630589 ____R (Swearware) C:\Users\Ryker\Desktop\ComboFix.exe
2015-06-28 14:35 - 2015-06-28 14:35 - 00045053 _____ C:\Users\Ryker\Desktop\Gmer-19357-Scan.log
2015-06-28 13:58 - 2015-06-28 13:58 - 00380416 _____ C:\Users\Ryker\Desktop\Gmer-19357.exe
2015-06-28 13:53 - 2015-06-28 13:53 - 00073907 _____ C:\Users\Ryker\Desktop\Addition.txt
2015-06-28 13:50 - 2015-06-29 16:46 - 00033898 _____ C:\Users\Ryker\Desktop\FRST.txt
2015-06-28 13:50 - 2015-06-29 16:46 - 00000000 ____D C:\FRST
2015-06-28 13:50 - 2015-06-28 13:50 - 02112512 _____ (Farbar) C:\Users\Ryker\Desktop\FRST64.exe
2015-06-28 13:42 - 2015-06-28 13:42 - 00000582 _____ C:\Users\Ryker\Desktop\defogger_disable.log
2015-06-28 13:42 - 2015-06-28 13:42 - 00000020 _____ C:\Users\Ryker\defogger_reenable
2015-06-28 13:40 - 2015-06-28 13:40 - 00001674 _____ C:\Users\Ryker\Desktop\AviraEreignisse.txt
2015-06-28 13:38 - 2015-06-28 13:38 - 00001674 _____ C:\Users\Ryker\Documents\AntiVir Ereignisse.txt
2015-06-13 09:57 - 2015-06-13 09:57 - 00000000 ____D C:\Users\Ryker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-13 09:56 - 2015-06-29 16:01 - 00001224 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-960941955-715801640-531254083-1000UA.job
2015-06-13 09:56 - 2015-06-28 10:01 - 00001172 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-960941955-715801640-531254083-1000Core.job
2015-06-13 09:56 - 2015-06-13 09:56 - 00004198 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-960941955-715801640-531254083-1000UA
2015-06-13 09:56 - 2015-06-13 09:56 - 00003802 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-960941955-715801640-531254083-1000Core
2015-06-13 09:56 - 2015-06-13 09:56 - 00000000 ____D C:\Users\Ryker\AppData\Local\Dropbox
2015-06-13 09:56 - 2015-06-13 09:56 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-10 09:53 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 09:53 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 09:53 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 09:53 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 09:53 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 09:53 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 09:53 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 09:53 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 09:53 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 09:53 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 09:53 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 09:53 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 09:53 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 09:53 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 09:53 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 09:53 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 09:53 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 09:53 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 09:53 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 09:53 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 09:53 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 09:53 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 09:53 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 09:53 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 09:53 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 09:53 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 09:53 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 09:53 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 09:53 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 09:53 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 09:53 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 09:53 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 09:53 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 09:53 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 09:53 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 09:53 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 09:53 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 09:53 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 09:53 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 09:53 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 09:53 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 09:53 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 09:53 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 09:53 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 09:53 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 09:53 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 09:53 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 09:53 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 09:53 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 09:53 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 09:53 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 09:53 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 09:53 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 09:53 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 09:53 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 09:53 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 09:53 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 09:53 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 09:53 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 09:53 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 09:50 - 2015-05-09 05:27 - 03147776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-10 09:50 - 2015-05-09 05:27 - 02589184 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-10 09:50 - 2015-05-09 05:27 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-10 09:50 - 2015-05-09 05:27 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-10 09:50 - 2015-05-09 05:27 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-10 09:50 - 2015-05-09 05:27 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-10 09:50 - 2015-05-09 05:27 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-10 09:50 - 2015-05-09 05:26 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-10 09:50 - 2015-05-09 05:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-10 09:50 - 2015-05-09 05:26 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-10 09:50 - 2015-05-09 05:26 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-10 09:50 - 2015-05-09 05:14 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-10 09:50 - 2015-05-09 05:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-10 09:50 - 2015-05-09 05:14 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-10 09:50 - 2015-05-09 05:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-10 09:50 - 2015-05-09 05:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-10 09:50 - 2015-03-14 05:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-06-10 09:50 - 2015-03-14 05:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-06-10 09:50 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-06-10 09:50 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-06-10 09:43 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 09:38 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 09:38 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 09:38 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 09:38 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 09:38 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 09:38 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 09:38 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 09:38 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 09:38 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 09:38 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 09:38 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 09:38 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 09:38 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 09:38 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 09:38 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 09:38 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 09:38 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 09:38 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 09:38 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 09:38 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 09:38 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 09:38 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 09:38 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 09:38 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 09:38 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 09:38 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 09:38 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 09:38 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 09:38 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 09:38 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 09:38 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 09:38 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 09:38 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 09:38 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 09:38 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 09:38 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 09:38 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 09:38 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 09:38 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 09:38 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 09:38 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 09:38 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 09:38 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 09:38 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 09:38 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 09:38 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 09:38 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 09:38 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 09:38 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 09:38 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 09:38 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 09:38 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 09:38 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 09:38 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 09:38 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 09:38 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 09:38 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 09:38 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 09:38 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 09:38 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 09:38 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 09:38 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 09:38 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 09:38 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 09:38 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 09:38 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 09:38 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 09:38 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 09:38 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 09:38 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 09:37 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 09:37 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 09:36 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-10 09:18 - 2015-06-10 09:18 - 00000000 ____D C:\Users\Ryker\AppData\Roaming\Shooter
2015-06-09 09:42 - 2015-06-09 09:42 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-07 09:12 - 2015-06-07 10:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-04 10:18 - 2015-06-04 10:18 - 00000000 ____D C:\Users\Ryker\AppData\Local\GWX

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-29 16:44 - 2014-01-07 19:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-29 16:44 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-29 16:44 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-29 16:39 - 2011-03-19 13:49 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-29 16:38 - 2013-12-07 11:20 - 00000000 ___RD C:\Users\Ryker\Dropbox
2015-06-29 16:38 - 2013-12-07 11:16 - 00000000 ____D C:\Users\Ryker\AppData\Roaming\Dropbox
2015-06-29 16:38 - 2011-03-19 13:49 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-29 16:20 - 2015-02-18 06:53 - 00019714 _____ C:\Windows\PFRO.log
2015-06-29 16:20 - 2015-01-11 15:43 - 00024835 _____ C:\Windows\setupact.log
2015-06-29 16:20 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-29 16:18 - 2010-07-20 18:27 - 01824082 _____ C:\Windows\WindowsUpdate.log
2015-06-29 15:06 - 2011-01-21 09:28 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{BB3A12EE-EFDC-4723-8FC6-AC964CF19383}
2015-06-29 12:10 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-06-29 11:55 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-06-28 13:57 - 2013-04-14 11:22 - 00000000 ____D C:\Users\Ryker\Desktop\Zwischenspeicher
2015-06-28 13:42 - 2010-07-20 18:39 - 00000000 ____D C:\Users\Ryker
2015-06-28 13:29 - 2010-11-16 22:32 - 00000000 ____D C:\Users\Ryker\Documents\Outlook-Dateien
2015-06-27 06:30 - 2010-07-26 18:11 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-26 10:19 - 2015-01-03 07:05 - 00021323 _____ C:\Users\Ryker\Desktop\Budget.xlsx
2015-06-25 11:44 - 2014-01-07 19:04 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-25 11:44 - 2012-04-10 08:30 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-25 11:44 - 2011-05-18 18:52 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-24 11:05 - 2012-12-04 20:03 - 00000000 ____D C:\Users\Ryker\AppData\Roaming\Origin
2015-06-24 11:05 - 2012-12-04 20:03 - 00000000 ____D C:\Users\Ryker\AppData\Local\Origin
2015-06-24 11:05 - 2010-12-28 11:51 - 00000000 ____D C:\ProgramData\Origin
2015-06-24 11:01 - 2012-12-04 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-06-24 11:01 - 2012-12-04 20:03 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-23 10:17 - 2014-12-24 10:54 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-23 07:44 - 2015-03-08 10:30 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-19 07:10 - 2009-07-14 19:58 - 00703192 _____ C:\Windows\system32\perfh007.dat
2015-06-19 07:10 - 2009-07-14 19:58 - 00150800 _____ C:\Windows\system32\perfc007.dat
2015-06-19 07:10 - 2009-07-14 07:13 - 01629348 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-18 19:36 - 2015-02-22 07:05 - 00000000 ____D C:\Users\Ryker\Desktop\Couponing
2015-06-16 12:14 - 2014-08-20 16:33 - 00000000 ____D C:\Users\Ryker\AppData\Local\Adobe
2015-06-15 06:59 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-10 11:59 - 2014-11-16 16:28 - 00000000 __SHD C:\Users\Ryker\AppData\Local\EmieBrowserModeList
2015-06-10 11:59 - 2014-04-11 10:52 - 00000000 __SHD C:\Users\Ryker\AppData\Local\EmieUserList
2015-06-10 11:59 - 2014-04-11 10:52 - 00000000 __SHD C:\Users\Ryker\AppData\Local\EmieSiteList
2015-06-10 11:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-10 10:28 - 2009-07-14 06:45 - 00412872 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-10 10:24 - 2015-04-15 11:16 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-10 10:24 - 2014-05-09 21:09 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-10 10:24 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 10:14 - 2010-11-16 21:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 10:11 - 2010-11-16 22:21 - 01603628 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-10 10:07 - 2013-08-14 18:21 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 09:58 - 2010-07-20 19:37 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 09:57 - 2009-07-14 04:34 - 00000513 _____ C:\Windows\win.ini
2015-06-10 09:12 - 2011-04-12 20:08 - 00000000 ____D C:\Users\Ryker\Documents\My Games
2015-06-09 09:28 - 2013-05-09 12:48 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-09 09:28 - 2013-05-09 12:48 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-08 19:30 - 2012-01-14 11:37 - 00000000 ____D C:\Users\Ryker\AppData\Roaming\HpUpdate
2015-06-08 09:00 - 2014-01-07 18:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-03 20:00 - 2013-03-18 15:14 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AB33931C-FAAF-4FFB-8F35-79C2C828A480}

==================== Files in the root of some directories =======

2013-12-12 06:43 - 2013-12-12 06:43 - 49940480 _____ () C:\Program Files (x86)\GUT251D.tmp
2013-02-12 19:36 - 2013-02-12 19:33 - 2529792 _____ () C:\Program Files (x86)\Joe.msi
2013-10-18 12:39 - 2013-10-18 12:39 - 0000037 ___SH () C:\Users\Ryker\AppData\Local\70149b02515b3bb20dd492.47983420
2012-09-12 21:57 - 2012-09-12 21:57 - 0007597 _____ () C:\Users\Ryker\AppData\Local\Resmon.ResmonCfg
2009-06-16 14:25 - 2009-06-16 14:25 - 0121512 ____R () C:\ProgramData\DeviceManager.xml.rc4
2011-08-08 18:26 - 2011-06-09 18:26 - 0000032 ____R () C:\ProgramData\hash.dat
2010-07-21 19:37 - 2013-05-12 12:00 - 0005034 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some files in TEMP:
====================
C:\Users\Ryker\AppData\Local\Temp\avgnt.exe
C:\Users\Ryker\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxb84nb.dll
C:\Users\Ryker\AppData\Local\Temp\Quarantine.exe
C:\Users\Ryker\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-23 08:02

==================== End of log ============================

deeprybka · 29.06.2015, 15:56

Prima. Dann noch bitte einen Suchscan mit ESET:

Schritt 1

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Ryker · 30.06.2015, 04:56

Sooo, hier das Log von ESET

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=1f49dc8115991a4c90ba57d106179f25
# end=init
# utc_time=2015-06-29 05:02:14
# local_time=2015-06-29 07:02:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24557
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=1f49dc8115991a4c90ba57d106179f25
# end=updated
# utc_time=2015-06-29 05:04:42
# local_time=2015-06-29 07:04:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=1f49dc8115991a4c90ba57d106179f25
# engine=24557
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-29 09:23:54
# local_time=2015-06-29 11:23:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1805 16777213 100 100 25432 155959507 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 61786563 187242884 0 0
# scanned=537926
# found=0
# cleaned=0
# scan_time=15551

deeprybka · 30.06.2015, 09:26

Sehr schön!

Schritt 1

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:

Code:

ATTFilter

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
HKU\S-1-5-21-960941955-715801640-531254083-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
HKU\S-1-5-21-960941955-715801640-531254083-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-960941955-715801640-531254083-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
Toolbar: HKU\S-1-5-21-960941955-715801640-531254083-1001 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
Toolbar: HKU\S-1-5-21-960941955-715801640-531254083-1001 -> No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} -  No File
AlternateDataStreams: C:\ProgramData\Temp:76650B61

Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.

Starte FRST und drücke auf den Fix-Button.
Das Tool erstellt eine "Fixlog.txt" -Datei.
Das Log musst Du nicht posten.

Code:

ATTFilter

Java 7 Update 55

Bitte deinstallieren und mit der aktuellen Version ersetzen.

Wir haben es geschafft!

Die Logs sehen für mich im Moment sauber aus.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken (z.B. hier) in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.

Meine Kauf-Empfehlung:

ESET Smart Security

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware scannen.

Optional:

NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Ryker · 30.06.2015, 14:17

Danke sehr! Bewertung und Spende folgen

deeprybka · 30.06.2015, 14:24

Danke! Alles Gute!

30.06.2015, 14:24	#14
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Avira meldet TR/Dldr.Agent.2343.1 [trojan] und java/Lamar.sgf.27 [virus] Danke! Alles Gute! __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Avira meldet TR/Dldr.Agent.2343.1 [trojan] und java/Lamar.sgf.27 [virus]

Log-Analyse und Auswertung: Avira meldet TR/Dldr.Agent.2343.1 [trojan] und java/Lamar.sgf.27 [virus]