Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: atiedxx.exe, csrss.exe und winlogon.exe Trojaner gefunden.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 20.07.2015, 03:10   #1
Mark_1295
 
atiedxx.exe, csrss.exe und winlogon.exe Trojaner gefunden. - Standard

atiedxx.exe, csrss.exe und winlogon.exe Trojaner gefunden.



Hallo erstmal!
Ich habe soeben ein paar Prozesse von mir gegoogelt und bin darauf gestoßen, dass die Prozesse atiedxx.exe, csrss.exe und winlogon.exe Trojaner sind. Ich benutze Win7 und keinen Plan, wie die auf meinen PC gekommen sind, aber wahrscheinlich durch verschiedene Downloads aus dem Internet.

Genauso, wie andere auf diesem Forum gesagt haben, bewirken diese Trojaner, dass mein PC langsamer geworden ist, habe mich ja schon länger gefragt, warum das der Fall ist.
Sie bewirken, dass wenn ich zB Spotify starte, dass da dann 3 mal das Programm offen ist oder beim hochstarten, dass dann um die 9 mal der Windows-Media-Player Updater als Prozess geöffnet wird. Und ich glaube, dass die immer wieder Werbe-Add-ons für Firefox installieren, die zB: Adblock umgehen.

Schritt 1: defogger_disable.log

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 02:52 on 20/07/2015 (Markus Meyer)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Schritt 2: FRST.txt und Addition.txt

FRST.txt:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01
Ran by Markus Meyer (administrator) on MARKUSMEYER-HP on 20-07-2015 03:12:03
Running from C:\Users\Markus Meyer\Desktop
Loaded Profiles: Markus Meyer (Available Profiles: Markus Meyer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmcore.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(Blabbers Communications Ltd) C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dxtory Software) C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Program Files (x86)\Jittery Application\0a9e7e87.ftf.ftf
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Aztec Media Inc) C:\Program Files (x86)\Assets Manager\smdmf\SmdmFService.exe
() C:\Program Files (x86)\Spotless Awareness\Spotless Awareness.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Spotify Ltd) C:\Users\Markus Meyer\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Markus Meyer\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Markus Meyer\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Markus Meyer\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Markus Meyer\AppData\Roaming\Spotify\Spotify.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-02-04] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [455680 2012-06-25] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2012-06-25] (Saitek)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-13] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [MFARestart] => C:\ProgramData\MFAData\pack\avgrunasx.exe [247136 2011-08-02] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-30] (Easybits)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-07-11] (Nullsoft, Inc.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-03-17] (CyberLink Corp.)
HKLM-x32\...\Run: [cmsc] => c:\program files (x86)\cmcm\Clean Master\cmtray.exe [771912 2015-04-01] (Kingsoft Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-07-14] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2895552 2015-07-16] (Valve Corporation)
HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [41200 2015-07-09] (Overwolf LTD)
HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\Run: [Spotify Web Helper] => C:\Users\Markus Meyer\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2008632 2015-07-13] (Spotify Ltd)
HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\Run: [Spotify] => C:\Users\Markus Meyer\AppData\Roaming\Spotify\Spotify.exe [7334968 2015-07-13] (Spotify Ltd)
HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\Run: [Dropbox Update] => C:\Users\Markus Meyer\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-21] (Dropbox, Inc.)
AppInit_DLLs: C:\PROGRA~3\ASSIST~1\ASSIST~2.DLL => C:\ProgramData\Assistant\Assistant_x64.dll [4319744 2014-03-27] ()
AppInit_DLLs-x32: c:\progra~3\assist~1\assist~1.dll => c:\ProgramData\Assistant\Assistant.dll [4114944 2014-03-27] ()
Startup: C:\Users\Markus Meyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-05-09]
ShortcutTarget: Dropbox.lnk -> C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1660394222-742470415-1346051432-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-1660394222-742470415-1346051432-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=146&itype=n&ver=15586&tm=621&src=ds&p={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM -> {E9622797-9614-413F-9EC6-9AFE59DC98BC} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=146&itype=n&ver=15586&tm=621&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchannel.info/?l=1&q={searchTerms}&pid=576&r=2013/07/11&hid=2721309486&lg=EN&cc=AT&unqvl=24
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {E9622797-9614-413F-9EC6-9AFE59DC98BC} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1660394222-742470415-1346051432-1000 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1660394222-742470415-1346051432-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1660394222-742470415-1346051432-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=acc2592f000000000000bc7737ce8124
SearchScopes: HKU\S-1-5-21-1660394222-742470415-1346051432-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-1660394222-742470415-1346051432-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=146&itype=n&ver=15586&tm=621&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1660394222-742470415-1346051432-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-1660394222-742470415-1346051432-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1660394222-742470415-1346051432-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1660394222-742470415-1346051432-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1660394222-742470415-1346051432-1000 -> {E9622797-9614-413F-9EC6-9AFE59DC98BC} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-17] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-17] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1660394222-742470415-1346051432-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll [2013-02-18] (Blabbers Communications Ltd)
Handler-x32: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll [2013-02-18] (Blabbers Communications Ltd)
Handler-x32: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll [2013-02-18] (Blabbers Communications Ltd)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-04-09] (EasyBits Software Corp.)
Tcpip\..\Interfaces\{62C90C10-94BE-4F98-98B8-118772EDD064}: [DhcpNameServer] 212.33.36.155 212.33.55.5
Tcpip\..\Interfaces\{657FB976-8DE4-48CC-9072-2DD379F15991}: [DhcpNameServer] 212.33.36.155 212.33.55.5

FireFox:
========
FF ProfilePath: C:\Users\Markus Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\8g60e7l1.default-1418240712063
FF SearchEngineOrder.1: default-search.net
FF SelectedSearchEngine: default-search.net
FF Homepage: about:home
FF Keyword.URL: hxxp://www.default-search.net/search?sid=476&aid=146&itype=n&ver=15586&tm=621&src=ds&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @java.com/DTPlugin,version=10.6.2 -> C:\Windows\system32\npDeployJava1.dll [2012-09-01] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-12-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-12-07] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2010-12-08] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1660394222-742470415-1346051432-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Markus Meyer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1660394222-742470415-1346051432-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-06-08] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-07-11] (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Markus Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\8g60e7l1.default-1418240712063\searchplugins\default-search.xml [2015-02-12]
FF SearchPlugin: C:\Users\Markus Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\8g60e7l1.default-1418240712063\searchplugins\youtube-videosuche.xml [2015-03-06]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml [2015-02-12]
FF Extension: Ginyas Browser Companion - C:\Users\Markus Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\8g60e7l1.default-1418240712063\Extensions\bbrs_002@blabbers.com [2015-07-09]
FF Extension: Extreme Blocker - C:\Users\Markus Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\8g60e7l1.default-1418240712063\Extensions\uikamptjhnmg@xsczfmjpgxmivd.org [2015-07-18]
FF Extension: TinyURL Generator - C:\Users\Markus Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\8g60e7l1.default-1418240712063\Extensions\tinyurl.addon@fast-chat.co.uk.xpi [2015-07-15]
FF Extension: Adblock Plus - C:\Users\Markus Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\8g60e7l1.default-1418240712063\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-08]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2015-07-18]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-07-03]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Browser Companion Helper) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf [2012-11-12]
CHR Extension: (No Name) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\boiegokgnfcjbkeijinpemhfoekfmaik [2014-04-24]
CHR Extension: (Adblock Plus) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-24]
CHR Extension: (SAverExtension) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkefnjfpgnpgpkkkpflkcimgikhgkbnb [2013-12-30]
CHR Extension: (SMSnetwork for Chrome) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlkmhlkkbjgbjpiidobibnckobfagpbd [2014-06-05]
CHR Extension: (Ponyhoof) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjjgphedlaihnlgaibiaihhmhaejjdd [2014-04-24]
CHR Extension: (GGreeaotSAvue4U) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\emnhfmahopbelmaoeooelbgnhhfpelhc [2014-02-27]
CHR Extension: (Myibidder Auction Bid Sniper for eBay) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp [2015-07-08]
CHR Extension: (AdBlock) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-24]
CHR Extension: (1click timer) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\igloknlllonknnbkfgggfkigmeegmakf [2014-07-03]
CHR Extension: (No Name) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkpahjicmehopmlkbenbkmckcedlcmhk [2014-12-09]
CHR Extension: (DIsCounTExxtensi) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kapefjkjbamjahejjngoffibmgemngom [2014-05-21]
CHR Extension: (Facebook Color Changer Enhancer) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbdkclmnkbjelpeddibimjmgofgkdagn [2014-06-11]
CHR Extension: (Skype Click to Call) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-11-06]
CHR Extension: (No Name) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmiagjknjjfockcklibjlfdojojaffff [2012-12-01]
CHR Extension: (No Name) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhhflamheoandbibgflojkjccnenjbda [2015-01-07]
CHR Extension: (FunDealsu) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\olofjkgoajokennbpnmfcpkiapegnhlp [2014-05-21]
CHR HKU\S-1-5-21-1660394222-742470415-1346051432-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11]
CHR HKLM-x32\...\Chrome\Extension: [bodddioamolcibagionmmobehnbhiakf] - C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx [2012-03-21]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 699fd52f; c:\ProgramData\Assistant\AssistantSvc.dll [178000 2014-03-27] () [File not signed]
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [901184 2011-01-24] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2011-01-24] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [991296 2011-01-24] (Intel Corporation) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315208 2015-04-01] (Kingsoft Corporation)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Jittery Application; C:\Program Files (x86)\Jittery Application\0a9e7e87.ftf.ftf [7491827 2015-05-15] () [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-07-14] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-02-04] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1001200 2015-07-09] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-05-30] ()
R2 SmdmFService; C:\Program Files (x86)\Assets Manager\smdmf\SmdmFService.exe [3570704 2015-02-03] (Aztec Media Inc)
R2 Spotless Awareness; C:\Program Files (x86)\Spotless Awareness\Spotless Awareness.exe [8016410 2015-06-11] () [File not signed] <==== ATTENTION
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 BBSvc; "C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE" [X]
S2 SeaPort; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [X]
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files (x86)\Assets Manager\smdmf\x64\smdmfmgrc3.cfg [45968 2015-02-03] (Aztec Media Inc)
R3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2015-02-12] (Kingsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 Said505F; C:\Windows\System32\DRIVERS\Said505F.sys [25920 2012-05-11] (Saitek)
S3 SaiK0CD0; C:\Windows\System32\DRIVERS\SaiK0CD0.sys [181608 2012-08-06] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [24680 2012-06-26] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52200 2012-06-26] (Saitek)
S3 SaiU0CD0; C:\Windows\System32\DRIVERS\SaiU0CD0.sys [47208 2012-08-06] (Saitek)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-03-17] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 03:12 - 2015-07-20 03:13 - 00033488 _____ C:\Users\Markus Meyer\Desktop\FRST.txt
2015-07-20 03:11 - 2015-07-20 03:12 - 00000000 ____D C:\FRST
2015-07-20 03:11 - 2015-07-20 03:11 - 02134528 _____ (Farbar) C:\Users\Markus Meyer\Desktop\FRST64.exe
2015-07-20 02:52 - 2015-07-20 02:52 - 00000486 _____ C:\Users\Markus Meyer\Desktop\defogger_disable.log
2015-07-20 02:52 - 2015-07-20 02:52 - 00000000 _____ C:\Users\Markus Meyer\defogger_reenable
2015-07-20 02:51 - 2015-07-20 02:51 - 00050477 _____ C:\Users\Markus Meyer\Desktop\Defogger.exe
2015-07-20 01:03 - 2015-07-20 01:03 - 00071632 _____ C:\Users\Markus Meyer\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-17 16:33 - 2015-07-17 16:33 - 00562784 _____ (Oracle Corporation) C:\Users\Markus Meyer\Downloads\jxpiinstall.exe
2015-07-17 16:33 - 2015-07-17 16:33 - 00000000 ____D C:\Users\Markus Meyer\AppData\Roaming\Oracle
2015-07-17 16:32 - 2015-07-17 16:35 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-17 16:32 - 2015-07-17 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-17 16:32 - 2015-07-17 16:31 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-07-17 16:32 - 2015-07-17 16:31 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-07-15 15:19 - 2015-07-15 15:19 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-15 15:16 - 2015-07-17 16:48 - 00000000 ____D C:\ProgramData\Oracle
2015-07-15 15:15 - 2015-07-15 15:16 - 43221600 _____ (Oracle Corporation) C:\Users\Markus Meyer\Downloads\jre-8u51-windows-x64.exe
2015-07-15 15:10 - 2015-07-15 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-07-15 15:10 - 2015-07-15 15:10 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-07-14 16:12 - 2015-07-14 16:12 - 00000000 ____D C:\Users\Markus Meyer\Desktop\Ritterfest Linz 2015
2015-07-12 08:46 - 2015-07-12 08:46 - 00000000 ____D C:\Users\Markus Meyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-08 17:05 - 2015-07-20 02:32 - 00514799 _____ C:\Windows\WindowsUpdate.log
2015-07-08 16:51 - 2015-07-09 06:54 - 00000000 ____D C:\Program Files (x86)\AollCheaepPriice
2015-07-08 16:51 - 2015-07-08 16:51 - 00000000 ____D C:\Program Files (x86)\AllChheapPriceo
2015-07-08 16:50 - 2015-07-08 16:50 - 00000000 ____D C:\Program Files (x86)\Myibidder Auction Bid Sniper for eBay
2015-07-08 16:49 - 2015-07-09 06:54 - 00000000 ____D C:\Program Files (x86)\AlluCCheapPrice
2015-07-04 17:06 - 2015-07-04 17:08 - 00000000 ____D C:\Users\Markus Meyer\AppData\Roaming\TEdit
2015-07-04 17:06 - 2015-07-04 17:06 - 00000000 ____D C:\Users\Markus Meyer\AppData\Local\TEditXna
2015-07-03 23:42 - 2015-07-03 23:42 - 00000000 ____D C:\Users\Markus Meyer\AppData\Local\CEF
2015-07-03 17:04 - 2015-07-17 16:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-01 20:15 - 2015-07-01 20:15 - 02157552 _____ C:\Users\Apps\glue-resources-pre-vis-2.spa
2015-06-21 18:35 - 2015-07-20 02:46 - 00001252 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1660394222-742470415-1346051432-1000UA.job
2015-06-21 18:35 - 2015-07-19 09:46 - 00001200 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1660394222-742470415-1346051432-1000Core.job
2015-06-21 18:35 - 2015-07-18 09:41 - 00004236 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1660394222-742470415-1346051432-1000UA
2015-06-21 18:35 - 2015-07-18 09:41 - 00003840 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1660394222-742470415-1346051432-1000Core
2015-06-21 18:35 - 2015-06-21 18:35 - 00000000 ____D C:\Users\Markus Meyer\AppData\Local\Dropbox
2015-06-21 18:35 - 2015-06-21 18:35 - 00000000 ____D C:\ProgramData\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 03:10 - 2015-02-12 21:34 - 00000000 ____D C:\Users\Markus Meyer\AppData\Local\Spotify
2015-07-20 03:10 - 2015-02-12 21:33 - 00000000 ____D C:\Users\Markus Meyer\AppData\Roaming\Spotify
2015-07-20 03:07 - 2011-08-20 20:48 - 00000000 ____D C:\Users\Markus Meyer\AppData\Roaming\Skype
2015-07-20 02:58 - 2013-02-18 20:45 - 00001052 _____ C:\Windows\Tasks\GinyasBrowserCompanion Stats Report.job
2015-07-20 02:54 - 2012-11-12 20:02 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-20 02:54 - 2012-11-12 20:02 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-20 02:52 - 2011-08-20 17:36 - 00000000 ____D C:\Users\Markus Meyer
2015-07-20 02:45 - 2013-02-18 20:45 - 00001004 _____ C:\Windows\Tasks\GinyasBrowserCompanion Runner.job
2015-07-20 02:17 - 2012-04-05 13:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-20 02:00 - 2014-08-22 15:28 - 00000000 ____D C:\Users\Markus Meyer\AppData\Local\Adobe
2015-07-20 01:14 - 2014-08-18 19:12 - 00000000 ____D C:\Program Files (x86)\Overwolf
2015-07-20 00:02 - 2015-04-08 21:59 - 00000000 ____D C:\Users\Markus Meyer\AppData\Local\LogMeIn Hamachi
2015-07-20 00:02 - 2013-03-13 19:44 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-19 22:11 - 2011-08-22 16:19 - 00000000 ____D C:\Users\Markus Meyer\AppData\Roaming\TS3Client
2015-07-19 20:58 - 2009-07-14 06:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-19 20:58 - 2009-07-14 06:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-19 20:46 - 2015-02-12 19:21 - 00000000 ____D C:\ProgramData\smdmf
2015-07-19 20:45 - 2013-07-11 17:15 - 00000430 ____H C:\Windows\Tasks\schedule!3036567561.job
2015-07-19 20:45 - 2013-02-18 20:45 - 00001004 _____ C:\Windows\Tasks\GinyasBrowserCompanion FireFox Watcher.job
2015-07-19 20:45 - 2013-02-18 20:45 - 00001004 _____ C:\Windows\Tasks\GinyasBrowserCompanion Chrome Watcher.job
2015-07-19 20:45 - 2013-02-18 20:45 - 00000936 _____ C:\Windows\Tasks\GinyasBrowserCompanion Update Checker.job
2015-07-19 20:44 - 2015-04-25 18:20 - 00000000 ____D C:\Users\locales
2015-07-19 20:44 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-19 20:38 - 2011-08-20 17:44 - 00003982 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{49C7B74D-76DF-493E-A649-6842D00EE0E9}
2015-07-19 06:10 - 2014-03-10 23:50 - 00000000 ____D C:\ProgramData\FindBestDeala
2015-07-18 22:43 - 2012-08-30 18:37 - 00000000 ___RD C:\Users\Markus Meyer\Dropbox
2015-07-18 22:43 - 2012-08-30 18:35 - 00000000 ____D C:\Users\Markus Meyer\AppData\Roaming\Dropbox
2015-07-18 22:42 - 2014-08-18 19:10 - 00000000 ____D C:\Users\Markus Meyer\AppData\Local\Overwolf
2015-07-17 16:43 - 2011-04-09 20:51 - 00000000 ____D C:\Program Files\Java
2015-07-17 16:35 - 2011-04-09 20:51 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-15 15:48 - 2011-08-20 21:10 - 00000000 ___RD C:\Users\Markus Meyer\Desktop\Stuff
2015-07-15 15:20 - 2015-01-02 21:00 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-15 15:19 - 2011-04-09 20:48 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-15 15:17 - 2011-04-09 20:48 - 00000000 ____D C:\ProgramData\Adobe
2015-07-15 03:17 - 2012-04-05 13:47 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 03:17 - 2012-04-05 13:46 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 03:17 - 2011-08-20 21:20 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-14 11:44 - 2012-01-02 15:44 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-07-13 16:05 - 2015-05-30 00:13 - 00352095 _____ C:\Users\Apps\local-files-desktop.spa
2015-07-13 16:05 - 2015-05-23 20:20 - 00158566 _____ C:\Users\Apps\hub.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 41287224 _____ C:\Users\libcef.dll
2015-07-13 16:05 - 2015-04-25 18:20 - 10457856 _____ C:\Users\icudtl.dat
2015-07-13 16:05 - 2015-04-25 18:20 - 07334968 _____ (Spotify Ltd) C:\Users\Spotify.exe
2015-07-13 16:05 - 2015-04-25 18:20 - 04253463 _____ C:\Users\devtools_resources.pak
2015-07-13 16:05 - 2015-04-25 18:20 - 03457592 _____ (Microsoft Corporation) C:\Users\d3dcompiler_47.dll
2015-07-13 16:05 - 2015-04-25 18:20 - 02332541 _____ C:\Users\Apps\musixmatch-lyrics.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 02157552 _____ C:\Users\Apps\glue-resources.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 02106424 _____ (Microsoft Corporation) C:\Users\d3dcompiler_43.dll
2015-07-13 16:05 - 2015-04-25 18:20 - 02018406 _____ C:\Users\cef.pak
2015-07-13 16:05 - 2015-04-25 18:20 - 02008632 _____ (Spotify Ltd) C:\Users\SpotifyWebHelper.exe
2015-07-13 16:05 - 2015-04-25 18:20 - 01488440 _____ C:\Users\libGLESv2.dll
2015-07-13 16:05 - 2015-04-25 18:20 - 00968248 _____ (The Chromium Authors) C:\Users\ffmpegsumo.dll
2015-07-13 16:05 - 2015-04-25 18:20 - 00838200 _____ (Spotify Ltd) C:\Users\SpotifyCrashService.exe
2015-07-13 16:05 - 2015-04-25 18:20 - 00723187 _____ C:\Users\Apps\browse.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00661932 _____ C:\Users\Apps\zlink.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00598403 _____ C:\Users\cef_200_percent.pak
2015-07-13 16:05 - 2015-04-25 18:20 - 00536796 _____ C:\Users\Apps\notification-center.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00528578 _____ C:\Users\Apps\collection.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00512001 _____ C:\Users\Apps\genre.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00508698 _____ C:\Users\Apps\collection-artist.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00493494 _____ C:\Users\Apps\discover.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00466223 _____ C:\Users\Apps\collection-album.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00444515 _____ C:\Users\cef_100_percent.pak
2015-07-13 16:05 - 2015-04-25 18:20 - 00443181 _____ C:\Users\Apps\article.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00420097 _____ C:\Users\Apps\messages.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00416475 _____ C:\Users\Apps\album.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00386535 _____ C:\Users\Apps\social-feed.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00383644 _____ C:\Users\Apps\collection-songs.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00368227 _____ C:\Users\Apps\charts.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00363479 _____ C:\Users\Apps\artist.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00356839 _____ C:\Users\Apps\playlist-desktop.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00346718 _____ C:\Users\Apps\social-chart.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00342668 _____ C:\Users\Apps\buddy-list.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00300863 _____ C:\Users\Apps\radio.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00299055 _____ C:\Users\Apps\folder.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00294773 _____ C:\Users\Apps\settings.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00255357 _____ C:\Users\Apps\profile.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00248623 _____ C:\Users\Apps\share.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00244653 _____ C:\Users\Apps\zlink-queue.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00236396 _____ C:\Users\Apps\chart.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00216723 _____ C:\Users\Apps\search.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00210562 _____ C:\Users\Apps\findfriends.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00196416 _____ C:\Users\Apps\suggest.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00160044 _____ C:\Users\Apps\zlogin.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00158229 _____ C:\Users\Apps\follow.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00098360 _____ (Spotify Ltd) C:\Users\SpotifyLauncher.exe
2015-07-13 16:05 - 2015-04-25 18:20 - 00096206 _____ C:\Users\Apps\about.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00079928 _____ C:\Users\libEGL.dll
2015-07-13 16:05 - 2015-04-25 18:20 - 00073272 _____ C:\Users\wow_helper.exe
2015-07-13 16:05 - 2015-04-25 18:20 - 00053462 _____ C:\Users\Apps\ad.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00040241 _____ C:\Users\Apps\licenses.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00038320 _____ C:\Users\Apps\error.spa
2015-07-13 16:05 - 2015-04-25 18:20 - 00013506 _____ C:\Users\locales\en-US.pak
2015-07-13 16:05 - 2015-04-25 18:20 - 00008009 _____ C:\Users\locales\el.mo
2015-07-13 16:05 - 2015-04-25 18:20 - 00007791 _____ C:\Users\locales\ru.mo
2015-07-13 16:05 - 2015-04-25 18:20 - 00007076 _____ C:\Users\locales\ja.mo
2015-07-13 16:05 - 2015-04-25 18:20 - 00006969 _____ C:\Users\locales\hu.mo
2015-07-13 16:05 - 2015-04-25 18:20 - 00006950 _____ C:\Users\locales\fr-CA.mo
2015-07-13 16:05 - 2015-04-25 18:20 - 00006899 _____ C:\Users\locales\fr.mo
2015-07-13 16:05 - 2015-04-25 18:20 - 00006876 _____ C:\Users\locales\fi.mo
2015-07-13 16:05 - 2015-04-25 18:20 - 00006875 _____ C:\Users\locales\pl.mo
2015-07-13 16:05 - 2015-04-25 18:20 - 00006808 _____ C:\Users\locales\es-419.mo
2015-07-13 16:05 - 2015-04-25 18:20 - 00006793 _____ C:\Users\locales\nl.mo
2015-07-13 16:05 - 2015-04-25 18:20 - 00006756 _____ C:\Users\locales\de.mo
2015-07-13 16:05 - 2015-04-25 18:20 - 00006740 _____ C:\Users\locales\zsm.mo
2015-07-13 16:05 - 2015-04-25 18:20 - 00006739 _____ C:\Users\locales\it.mo
2015-07-13 16:05 - 2015-04-25 18:20 - 00006731 _____ C:\Users\locales\es.mo
2015-07-13 16:05 - 2015-04-25 18:20 - 00006726 _____ C:\Users\locales\tr.mo
2015-07-13 16:05 - 2015-04-25 18:20 - 00006719 _____ C:\Users\locales\zh-Hant.mo
2015-07-13 16:05 - 2015-04-25 18:20 - 00006717 _____ C:\Users\locales\pt-BR.mo
2015-07-13 16:05 - 2015-04-25 18:20 - 00006672 _____ C:\Users\locales\sv.mo
2015-07-13 16:05 - 2015-04-25 18:20 - 00006540 _____ C:\Users\locales\arb.mo
2015-07-13 16:05 - 2015-04-25 18:20 - 00006469 _____ C:\Users\locales\en.mo
2015-07-13 16:05 - 2015-04-25 18:20 - 00000020 _____ C:\Users\inst_ver.dat
2015-07-13 16:05 - 2015-04-25 18:20 - 00000000 _____ C:\Users\Markus.redir
2015-07-08 17:00 - 2013-06-30 21:02 - 00000000 ____D C:\ProgramData\Mozilla
2015-07-08 16:51 - 2015-04-16 22:45 - 00000079 _____ C:\Program Files (x86)\prefs.js
2015-07-08 16:51 - 2015-03-02 19:30 - 00000000 ____D C:\ProgramData\2676599837052602665UL
2015-07-08 08:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\servicing
2015-07-07 16:53 - 2013-06-30 21:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-05 16:14 - 2011-08-20 20:48 - 00000000 ____D C:\ProgramData\Skype
2015-07-05 12:08 - 2010-11-21 05:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-04 19:04 - 2013-02-01 20:51 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-02 17:45 - 2015-06-11 10:27 - 00000000 ____D C:\Program Files (x86)\Spotless Awareness
2015-06-29 04:29 - 2015-06-05 11:59 - 00000000 ____D C:\Program Files (x86)\Notepad++
2015-06-29 04:29 - 2011-08-21 11:57 - 00000000 ____D C:\Users\Markus Meyer\AppData\Local\CrashDumps
2015-06-28 20:44 - 2012-01-26 19:03 - 00000000 ____D C:\Windows\Minidump
2015-06-28 20:22 - 2015-04-27 22:35 - 00000000 __SHD C:\Users\Markus Meyer\AppData\Local\EmieBrowserModeList
2015-06-28 20:22 - 2014-08-18 19:11 - 00000000 __SHD C:\Users\Markus Meyer\AppData\Local\EmieUserList
2015-06-28 20:22 - 2014-08-18 19:11 - 00000000 __SHD C:\Users\Markus Meyer\AppData\Local\EmieSiteList
2015-06-28 16:05 - 2015-06-05 11:59 - 00000000 ____D C:\Users\Markus Meyer\AppData\Roaming\Notepad++
2015-06-28 15:48 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-28 05:55 - 2014-08-20 19:28 - 00000000 ____D C:\Users\Markus Meyer\AppData\Roaming\Winamp

==================== Files in the root of some directories =======

2015-04-16 22:45 - 2015-07-08 16:51 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-03-18 01:54 - 2015-03-18 01:54 - 0000020 _____ () C:\Users\Markus Meyer\AppData\Roaming\appdataFr3.bin
2013-06-14 13:29 - 2013-06-14 13:30 - 0047104 ___SH () C:\Users\Markus Meyer\AppData\Roaming\Thumbs.db
2011-11-22 22:59 - 2014-02-05 00:06 - 0006144 _____ () C:\Users\Markus Meyer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-13 23:16 - 2015-06-13 23:16 - 0000000 _____ () C:\Users\Markus Meyer\AppData\Local\Temp.dat
2012-06-28 15:33 - 2012-04-29 15:33 - 0000032 ____R () C:\ProgramData\hash.dat
2011-08-22 16:13 - 2011-08-22 16:13 - 0000003 _____ () C:\ProgramData\MusicStation.log
2011-08-22 16:13 - 2011-08-22 16:13 - 0000243 _____ () C:\ProgramData\MusicStation.xml

Files to move or delete:
====================
C:\ProgramData\hash.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-16 06:39

==================== End of log ============================
         
Addition.exe:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by Markus Meyer at 2015-07-20 03:15:04
Running from C:\Users\Markus Meyer\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1660394222-742470415-1346051432-500 - Administrator - Disabled)
Gast (S-1-5-21-1660394222-742470415-1346051432-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1660394222-742470415-1346051432-1002 - Limited - Enabled)
Markus Meyer (S-1-5-21-1660394222-742470415-1346051432-1000 - Administrator - Enabled) => C:\Users\Markus Meyer

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Action Replay Code Manager (HKLM-x32\...\Action Replay Code Manager_is1) (Version:  - )
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
AdPunisher (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - AdPunisher) <==== ATTENTION
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AION Free-To-Play (HKLM-x32\...\InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}) (Version: 2.70.0000 - Gameforge)
AION Free-To-Play (x32 Version: 2.70.0000 - Gameforge) Hidden
AllChheapPriceo (HKLM-x32\...\{5A1D3F9E-73B5-95EC-1233-6646E1358965}) (Version:  - "") <==== ATTENTION
Amazon Cloud Player (HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\Amazon Amazon Cloud Player) (Version: 2.2.0.399 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Assets Manager (HKLM-x32\...\Assets Manager) (Version: 5.0.0.15586 - Aztec Media Inc) <==== ATTENTION
Assistant (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{699fd52f}) (Version:  - Verified Publisher) <==== ATTENTION
ATI Catalyst Install Manager (HKLM\...\{DA0D8FDA-D538-1145-8BA2-6F22C4EB4F75}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
AuthenTec TrueAPI (Version: 1.2.1.33 - AuthenTec, Inc.) Hidden
AVG 2012 (Version: 12.0.2114 - AVG Technologies) Hidden
Batman: Arkham Asylum (HKLM-x32\...\{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}) (Version: 1.0.0.0 - Eidos Interactive Limited)
Batman: Arkham City™ (HKLM-x32\...\GFWL_{57520FA0-AC56-469B-9983-FF1000008300}) (Version: 1.0.0000.131 - WB Games)
Batman: Arkham City™ (x32 Version: 1.0.0000.131 - WB Games) Hidden
Batman: Arkham City™ (x32 Version: 1.0.0001.131 - WB Games) Hidden
Batman: Arkham City™ (x32 Version: 1.0.0003.131 - WB Games) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Big Rig Europe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
BrowserCompanion (HKLM-x32\...\BrowserCompanion) (Version:  - ) <==== ATTENTION
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch (x32 Version: 1.1 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch (x32 Version: 1.2 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch (x32 Version: 1.3 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (x32 Version: 1.4 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch (x32 Version: 1.5 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Clean Master (HKLM-x32\...\Clean Master) (Version: 1.0 - Cheetah Mobile)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.3917.58 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3908 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Souls Prepare to Die Edition (x32 Version: 1.0.0001.130 - NAMCO BANDAI Games Europe S.A.S.) Hidden
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.42.130 - Electronic Arts)
Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dxtory 2.0.104 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.104 - Dxtory Software)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom (x32 Version: 2.2.0.95 - WildTangent) Hidden
Five Nights at Freddy's (HKLM-x32\...\Steam App 319510) (Version:  - Scott Cawthon)
Free YouTube Download version 3.2.2.430 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.2.430 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.17.1127 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.17.1127 - DVDVideoSoft Ltd.)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
GinyasBrowserCompanion (HKLM-x32\...\GinyasBrowserCompanion) (Version:  - Ginyas) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
HP 3D DriveGuard (HKLM\...\{76785052-9E6A-4403-B06A-929B6BF9D742}) (Version: 4.1.5.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{3C5AB11A-2DDB-49E6-9FC0-CFD88A7DDFE4}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP On Screen Display (HKLM-x32\...\{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}) (Version: 1.1.2 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13231.3673 - Hewlett-Packard Company)
HP SimplePass 2011 (HKLM-x32\...\{BCFAA37D-A6DB-43BF-A351-43F183E52D07}) (Version: 5.1.0.495 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{CE4551E8-8D09-4126-A39B-B7DF82C5EB83}) (Version: 4.0.110.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6329.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3517 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{C7B40C35-85AE-4303-9EEA-1A1EA779664D}) (Version: 1.0.2.0511 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{794E5C90-96E5-4413-B3F5-C803205AE30C}) (Version: 14.0.3000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel(R) Wireless Display (HKLM-x32\...\{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}) (Version: 2.0.30.0 - Intel Corporation)
Java 7 Update 79 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217079FF}) (Version: 7.0.790 - Oracle)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kingdoms of Amalur: Reckoning (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.377 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.377 - LogMeIn, Inc.) Hidden
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.1.4 - www.leaguereplays.com)
Lorem Ipsum Generator Default Text (HKLM-x32\...\{35E13884-BAC3-5F4A-799B-05F882E0BD9F}) (Version:  - "") <==== ATTENTION
M.M.O.7 Update Tool (HKLM-x32\...\{24521E5B-24F2-4E84-AA44-8D1BB13140E2}) (Version: 1.1.1 - Mad Catz)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Age of Empires (HKLM-x32\...\Age of Empires) (Version:  - )
Microsoft Age of Empires Expansion (HKLM-x32\...\Age of Empires Expansion 1.0) (Version:  - )
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft Version 1.6.6 BETA (HKLM-x32\...\{ED3219B0-8C17-452A-AF77-FFF11F03FE50}_is1) (Version: 1.6.6 BETA - Copyright 2009-2011 Mojang AB)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MusicStation (HKLM-x32\...\{E74E7F63-E70F-43f2-873F-35FB66F263B2}) (Version: 2.0.5.71 - Omnifone)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
NC Launcher (GameForge) (HKLM-x32\...\NCLauncher_GameForge) (Version:  - NCsoft)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.9.2 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}) (Version: 1.2.0416 - Bethesda Softworks)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera 12.10 (HKLM-x32\...\Opera 12.10.1652) (Version: 12.10.1652 - Opera Software ASA)
OptimizerPro (HKLM\...\OptimizerPro) (Version: 1.0 - BetterSoft) <==== ATTENTION
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4554 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.87.22.0 - Overwolf Ltd.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.74 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Smart Technology Programming Software 7.0.17.2 (HKLM\...\{EF483420-4184-4E11-A8BE-B6921549BE58}) (Version: 7.0.17.2 - Mad Catz)
Spotify (HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\Spotify) (Version: 1.0.9.133.gcedaee38 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stronghold (HKLM-x32\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version:  - )
Stronghold 2 Deluxe (HKLM-x32\...\{16D2C649-CBA8-44EE-B730-12584667D487}) (Version: 1.40.100 - Firefly Studios)
Stronghold Crusader (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version:  - )
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
Tomb Raider: Anniversary 1.0 (HKLM-x32\...\Tomb Raider: Anniversary) (Version:  - )
Tomb Raider: Legend 1.2 (HKLM-x32\...\Tomb Raider: Legend) (Version:  - )
Two Worlds (HKLM-x32\...\Two Worlds) (Version: 1.7.0 - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{7C54D017-21BB-43AE-9746-33E78AF4A425}) (Version: 4.3.118.0 - Validity Sensors, Inc.)
Vegas Pro 12.0 (64-bit) (HKLM\...\{8858A840-1D35-11E2-A8C7-F04DA23A5C58}) (Version: 12.0.394 - Sony)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.31 - WildTangent) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.621  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.8-0 - Bitnami)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1660394222-742470415-1346051432-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1660394222-742470415-1346051432-1000_Classes\CLSID\{97D17A04-4438-4C8E-BAC7-BC21B8B9E999}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1660394222-742470415-1346051432-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1660394222-742470415-1346051432-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1660394222-742470415-1346051432-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1660394222-742470415-1346051432-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1660394222-742470415-1346051432-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1660394222-742470415-1346051432-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1660394222-742470415-1346051432-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1660394222-742470415-1346051432-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1660394222-742470415-1346051432-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

14-07-2015 10:53:23 Geplanter Prüfpunkt
17-07-2015 16:29:20 Removed Java(TM) 6 Update 35
17-07-2015 16:31:21 Installed Java 7 Update 79

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08623E46-E8FE-4532-B513-B0646A8B7FBB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {117DE90C-0830-46AA-ACD0-481530A8C194} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-08] (CyberLink)
Task: {1ABED571-0AF9-4E87-8418-4468F79F7351} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-07-09] (Overwolf LTD)
Task: {2C57DE8A-84F9-4BBC-9C4A-C2FE3FE9C318} - System32\Tasks\{F60309C7-7CF9-4318-8D91-31A0A2242D57} => pcalua.exe -a "C:\Users\Markus Meyer\Desktop\Arena106.exe" -d "C:\Users\Markus Meyer\Desktop"
Task: {2CC9563D-6111-4E3B-AF82-6ACDB946DDB5} - System32\Tasks\GinyasBrowserCompanion FireFox Watcher => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe [2013-02-18] (Blabbers Communications Ltd) <==== ATTENTION
Task: {314131D1-7C8E-4B57-9D52-F4B1D1224A58} - System32\Tasks\{2E17ED8E-A591-458D-A5FA-FAE7166DAC42} => pcalua.exe -a C:\ProgramData\AdPunisher\AdPunisher.exe -c /progname=AdPunisher /progver=3.4.2 /progpub=AdPunisher /proguninstallurl=asdahjka.com /deleteappfolder=0 /VERYSILENT
Task: {46D8A9B9-E912-46BC-B6B2-96675425DEAF} - System32\Tasks\GinyasBrowserCompanion Runner => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe [2013-02-18] (Blabbers Communications Ltd) <==== ATTENTION
Task: {521C7B71-B0A6-407E-B9C6-749C8FCA1051} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-12] (Google Inc.)
Task: {54EB32FE-6FF4-4B07-B11E-8007A74190F4} - System32\Tasks\{3FD75532-4316-436E-9E65-2BB91D155993} => pcalua.exe -a "C:\Program Files (x86)\Steam\steamapps\common\Transistor\TransistorVideoSetup.exe" -d "C:\Program Files (x86)\Steam\steamapps\common\Transistor"
Task: {5DD50B57-0028-4F9E-AAA6-4A6876DBAE9F} - System32\Tasks\schedule!3036567561 => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe [2013-01-23] () <==== ATTENTION
Task: {75ED7687-6079-4735-ACAC-75E4CCF5976A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-12] (Google Inc.)
Task: {7C3DF70B-AC4C-427B-B09A-AD6C0F2CD592} - System32\Tasks\Tomb Raider - Anniversary => C:\Program Files (x86)\Tomb Raider - Anniversary\TRA.exe [2011-09-24] (Eidos Inc.)
Task: {7F6ACBDD-DDA1-42C5-902C-048DF8E51C25} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1660394222-742470415-1346051432-1000UA => C:\Users\Markus Meyer\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21] (Dropbox, Inc.)
Task: {869F8BC2-E27C-44CE-B6B0-1F3B0E17D288} - System32\Tasks\GinyasBrowserCompanion Chrome Watcher => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe [2013-02-18] (Blabbers Communications Ltd) <==== ATTENTION
Task: {9F63F88D-F14A-4E5C-B04B-64632CDAAE22} - System32\Tasks\{797958D8-E0BA-4F78-9BFC-C4E1BA415660} => pcalua.exe -a E:\setup.exe -d E:\
Task: {A4F61D8B-8831-41F8-85DE-44D1B3CE45FF} - System32\Tasks\AdobeAAMUpdater-1.0-MarkusMeyer-HP-Markus Meyer => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {A826D457-BBD4-4F24-8F6A-485487368B0F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1660394222-742470415-1346051432-1000Core => C:\Users\Markus Meyer\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21] (Dropbox, Inc.)
Task: {A99EC303-D644-4B34-A2BA-2A120E7C957C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {ABDBFA35-B35F-4C73-B9C5-08855DA08479} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-31] ()
Task: {B38F290A-7DC4-482A-8A7D-F8C251CD01B7} - System32\Tasks\GinyasBrowserCompanion Update Checker => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe [2013-02-18] (Blabbers Communications Ltd) <==== ATTENTION
Task: {C4E5FAC1-F645-43CB-8ED0-6B74676145C5} - System32\Tasks\GinyasBrowserCompanion Stats Report => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe [2013-02-18] (Blabbers Communications Ltd) <==== ATTENTION
Task: {DB23210D-4AA5-4174-B657-70300463B7E1} - System32\Tasks\{345CD035-6703-45B2-B378-C1CFFEE25BBA} => pcalua.exe -a "C:\Users\Markus Meyer\Desktop\Spiele\MINECRAFT\minecraft mods\Sonic Ether's Unbelievable Shaders v08 (Windows)\INSTALLER.exe" -d "C:\Users\Markus Meyer\Desktop\Spiele\MINECRAFT\minecraft mods\Sonic Ether's Unbelievable Shaders v08 (Windows)"
Task: {F8B73193-7F01-49F7-98A7-C154628257D5} - System32\Tasks\{458F4FE3-4B96-4165-B41A-489C0EA926D8} => pcalua.exe -a C:\ProgramData\MFAData\pack\avgmfapx.exe -d C:\Windows\SysWOW64 -c /ResumeInstallation="C:\ProgramData\MFAData\state.dat"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1660394222-742470415-1346051432-1000Core.job => C:\Users\Markus Meyer\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1660394222-742470415-1346051432-1000UA.job => C:\Users\Markus Meyer\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GinyasBrowserCompanion Chrome Watcher.job => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTION
Task: C:\Windows\Tasks\GinyasBrowserCompanion FireFox Watcher.job => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTION
Task: C:\Windows\Tasks\GinyasBrowserCompanion Runner.job => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTION
Task: C:\Windows\Tasks\GinyasBrowserCompanion Stats Report.job => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTION
Task: C:\Windows\Tasks\GinyasBrowserCompanion Update Checker.job => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\schedule!3036567561.job => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exeK/schedule /profile c:\programdata\bettersoft\optimizerpro\3036567561.ini <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2011-02-04 15:42 - 2011-02-04 15:42 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-03-27 22:31 - 2014-03-27 22:31 - 04319744 _____ () C:\ProgramData\Assistant\Assistant_x64.dll
2011-02-04 15:42 - 2011-02-04 15:42 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-07-11 17:15 - 2013-01-23 21:58 - 00348160 ____N () C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe
2011-07-14 23:45 - 2011-01-27 18:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-05-15 12:53 - 2015-05-15 12:53 - 07491827 _____ () C:\Program Files (x86)\Jittery Application\0a9e7e87.ftf.ftf
2012-03-17 22:22 - 2014-05-30 19:33 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-06-11 10:27 - 2015-06-11 10:27 - 08016410 _____ () C:\Program Files (x86)\Spotless Awareness\Spotless Awareness.exe
2011-03-14 14:21 - 2011-03-14 14:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-03-15 09:57 - 2011-03-15 09:57 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-06-24 02:21 - 2010-06-24 02:21 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2014-03-27 22:31 - 2014-03-27 22:31 - 04114944 _____ () c:\ProgramData\Assistant\Assistant.dll
2014-03-23 21:19 - 2014-03-27 22:31 - 00178000 _____ () c:\ProgramData\Assistant\AssistantSvc.dll
2010-06-24 02:19 - 2010-06-24 02:19 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-10-18 00:11 - 2014-10-18 00:11 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9b1cac8d98bd69d3e56a26ff2f96f266\IsdiInterop.ni.dll
2011-07-14 23:44 - 2011-01-13 03:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-03-12 20:03 - 2015-07-13 16:05 - 41287224 _____ () C:\Users\Markus Meyer\AppData\Roaming\Spotify\libcef.dll
2015-03-12 20:03 - 2015-07-13 16:05 - 01488440 _____ () C:\Users\Markus Meyer\AppData\Roaming\Spotify\libglesv2.dll
2015-03-12 20:03 - 2015-07-13 16:05 - 00079928 _____ () C:\Users\Markus Meyer\AppData\Roaming\Spotify\libegl.dll
2015-03-12 20:03 - 2015-03-21 14:13 - 09305656 _____ () C:\Users\Markus Meyer\AppData\Roaming\Spotify\pdf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\sony.com -> sony.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1660394222-742470415-1346051432-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Markus Meyer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 212.33.36.155 - 212.33.55.5

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeBridge => "C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Amazon Cloud Player => "C:\Users\Markus Meyer\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: GoogleChromeAutoLaunch_6ED5A31595A188B8AF2E77AEACF8C4D2 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BACA2A57-9FFA-4A38-9C7C-275B4CD92C0F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A809C7A2-DCD5-405C-B400-4ABD95B7875B}] => (Allow) LPort=2869
FirewallRules: [{ED4A05C1-FBEC-45EC-AF8C-DE92AC93D3FE}] => (Allow) LPort=1900
FirewallRules: [{8982F64F-90F2-458F-92B6-DCA7C0637AC6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B684D451-7D9B-4EE1-B4A5-01F9B6E2A715}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{313F3F04-6F29-40DB-83E7-7C5A74BE6FAE}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
FirewallRules: [{AC250745-93A9-4536-9CCC-F45733ABC6A1}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{DB54112C-E8D4-4FFE-91D0-F2534FD7775F}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{DBFBEAA2-E945-462E-99D6-2A6BED8333B1}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{214B763B-4A5A-49D6-A24C-329632A16B4C}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold 2\Stronghold2.exe
FirewallRules: [{28042633-DE5B-47DD-B17C-EE5CC03B8A11}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold 2\Stronghold2.exe
FirewallRules: [{FD881BD6-87C1-4839-B7C3-EBFDD80A421E}] => (Allow) C:\Program Files (x86)\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe
FirewallRules: [{CEBCF353-401B-4E69-8134-B30B6A0EC498}] => (Allow) C:\Program Files (x86)\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe
FirewallRules: [{BAE8617A-33BD-4E96-B015-93F2D7571DE1}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{0048D87C-D8C8-4A85-9267-E8BB52B42637}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{654B32F5-7FD5-41D8-8882-DFC25B29DD9D}] => (Allow) C:\Program Files (x86)\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe
FirewallRules: [{1AD916F5-992A-4E72-8544-1755FB8DBBCE}] => (Allow) C:\Program Files (x86)\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe
FirewallRules: [{A7F00BB6-1DFA-44A8-BF13-5407392C2E8A}] => (Allow) C:\Program Files (x86)\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe
FirewallRules: [{37642C87-343C-401A-9B3E-D8BEA813132C}] => (Allow) C:\Program Files (x86)\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe
FirewallRules: [{4E79B68F-5C0E-4F6D-829E-4905B025C9DE}] => (Allow) C:\Program Files (x86)\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe
FirewallRules: [{DC74CD3B-B2B2-471B-BE56-FA3FDA77CE80}] => (Allow) C:\Program Files (x86)\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe
FirewallRules: [TCP Query User{8AC48E9E-650F-4605-A86E-8C49B7693527}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{6F031619-5645-4937-BEEA-4F1137F71656}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{CBD0DD36-DCAE-4325-A3BE-FF71F4B88457}] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{9F858C26-7966-472F-A0CE-C331F0963B25}] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{EC0759B9-1B45-431F-80CB-B09E712174D8}C:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe] => (Allow) C:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe
FirewallRules: [UDP Query User{8267D6D1-6F26-473E-8020-CC996F746528}C:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe] => (Allow) C:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe
FirewallRules: [{BFFE86CF-6D5C-4751-8ABE-0411CFD391FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8D6A52EA-7B45-49C9-8AE0-B75FD55F1310}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5376A9E9-47F3-4C52-BA65-633C070937FF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EDA6AF5D-AB9A-44EF-AA0B-52E14127EAAF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{88AD1242-1BA4-4C24-9544-935B79AAD5DB}] => (Allow) C:\Program Files (x86)\WB Games\Batman Arkham City\Binaries\Win32\BatmanAC.exe
FirewallRules: [{5DD28917-8672-4F9A-8593-6D86D09A46FC}] => (Allow) C:\Program Files (x86)\WB Games\Batman Arkham City\Binaries\Win32\BatmanAC.exe
FirewallRules: [TCP Query User{AFEF79B5-FE59-435D-BB5B-E42C27AD4807}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{1E4163F9-A7B3-40C4-8C7F-AD962E5B1655}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{BA360B98-9D2B-4FCA-87CF-D0E1B1CA3E7B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1340D14A-8A67-4DA2-BFCF-05B2FE2E9611}] => (Allow) C:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [{1559FB7A-0917-4ADD-906D-4C9CFEFC09B3}] => (Allow) C:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [TCP Query User{0C0C4DD6-EB84-4657-B88D-6A1D1DA1F248}C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe] => (Allow) C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe
FirewallRules: [UDP Query User{02D2E0BB-7555-49FB-9224-94795B69F8A6}C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe] => (Allow) C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe
FirewallRules: [{6D61B2F8-76AB-4CB6-84C3-C29F1908C855}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E021CA1F-C5F4-48BE-A30E-34B0A2A2FA37}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{777C899A-DA65-4A37-A33E-917E21FD5C21}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{085D7CCD-29BD-4AD9-A658-5DE2D7359376}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E3D0C886-32BF-4CE7-AF36-B50B2BB650E7}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe
FirewallRules: [{9372DFB6-4C01-4A2D-851B-66C4B2A30205}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe
FirewallRules: [TCP Query User{C19F8039-96C9-4B2F-BF66-90560287DA3B}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe] => (Block) C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe
FirewallRules: [UDP Query User{787401E0-2419-4569-9D58-09578316D99A}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe] => (Block) C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe
FirewallRules: [{57828FB8-380D-407A-BBF7-6673BCD28F37}] => (Allow) C:\Games\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{1BED526C-D126-462A-ABF8-59D3D999C4DA}] => (Allow) C:\Games\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{B4F261B2-1F67-4239-B185-B92945C438B1}] => (Allow) C:\Games\Mass Effect\MassEffectLauncher.exe
FirewallRules: [{8891BE99-CA76-4CD7-AC7D-58D4D5371398}] => (Allow) C:\Games\Mass Effect\MassEffectLauncher.exe
FirewallRules: [TCP Query User{9B9CC903-E650-495B-AEE8-1AD8973A42C4}C:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe] => (Allow) C:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe
FirewallRules: [UDP Query User{A03BC8BA-1836-42E5-8F69-5411B563D9D7}C:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe] => (Allow) C:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe
FirewallRules: [TCP Query User{41FD964E-3B64-451A-BD22-DBF4FA025D7E}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{F0AAD9A7-5669-4956-9651-001A61FA7793}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{59DC7481-7E9E-4849-B927-876152B50B9C}C:\users\markus meyer\appdata\local\temp\gw2.exe] => (Allow) C:\users\markus meyer\appdata\local\temp\gw2.exe
FirewallRules: [UDP Query User{F72605AA-96D8-45D1-B2B9-05EAE6CDBDCA}C:\users\markus meyer\appdata\local\temp\gw2.exe] => (Allow) C:\users\markus meyer\appdata\local\temp\gw2.exe
FirewallRules: [TCP Query User{5A7A298E-93CD-4C27-A88E-2CB5A78332A1}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{6A314685-7D09-4D4D-874F-4A64B0B38ACC}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{EE3C1445-E233-4791-9E77-12E16F59ABA1}C:\users\markus meyer\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\markus meyer\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{C6EC8A71-30F2-468E-94E0-D5B834312670}C:\users\markus meyer\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\markus meyer\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{5A18065B-66EF-4D47-9791-92B82DEDF393}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{DE4CC7AA-A7BF-4192-878D-F3EBA7A8F8BF}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{497B92D8-6095-4A82-A307-79AB2BE5E271}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [UDP Query User{FACE1CF6-DB7D-43D1-ACAD-30828019D8D3}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [{D06F80C3-EB7F-4E01-8918-5FA6E962E649}] => (Allow) %SystemDrive%\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{2C816BF1-BB21-40E5-BEB8-CD87F4D7A516}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{E31F6B4F-403A-423D-85FD-0A04D61E97E4}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{F876B077-12B5-4E94-91BC-2E954DF518A3}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{0313DBC1-AA42-4B39-A8F8-B6823AEE45A5}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{58AC3ABE-29DC-4078-8E72-1A1521F235D3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A5DA3AE8-7AAF-45C7-8C24-83AA68D7BDF8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B4FE6699-1DD9-4F1A-B766-171E4C2D8705}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{343E8237-8325-4AFF-A23E-470FF0492759}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{4E189CAD-1E66-4AC1-BE7B-B5C4EB226EEF}] => (Allow) C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{AB14F9AA-1301-40AD-8806-AC847D5986F7}] => (Allow) C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{F033DB60-F66C-443C-A293-665EBFEDCE7D}C:\program files (x86)\namco bandai games\darksouls\data.exe] => (Allow) C:\program files (x86)\namco bandai games\darksouls\data.exe
FirewallRules: [UDP Query User{7F8E7F6F-BB42-4C8A-B81F-98A2AED1ABAB}C:\program files (x86)\namco bandai games\darksouls\data.exe] => (Allow) C:\program files (x86)\namco bandai games\darksouls\data.exe
FirewallRules: [{E143C52B-D96B-4E24-8989-9CDCB2BDE846}] => (Allow) C:\Program Files (x86)\Reality Pump\Two Worlds\TwoWorlds.exe
FirewallRules: [{74A07F70-2B21-4D95-BF7D-2F9F2752A0CE}] => (Allow) C:\Program Files (x86)\Reality Pump\Two Worlds\TwoWorlds.exe
FirewallRules: [{C7F74B36-7799-4570-948D-71C23979F0DD}] => (Allow) C:\Program Files (x86)\Reality Pump\Two Worlds\TwoWorlds_RADEON.exe
FirewallRules: [{9D3E4F18-618E-4518-A696-F5B8DE0F1A7E}] => (Allow) C:\Program Files (x86)\Reality Pump\Two Worlds\TwoWorlds_RADEON.exe
FirewallRules: [{9170FBF6-D58E-46BF-9504-C0A627408F69}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{2D119E35-288E-4758-A268-45D2C2D7D3F6}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{B5279D20-4D76-480B-B448-D78F676FA6DB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{153EE1D0-65F6-4E52-8362-8542C1B2AD64}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{4634ADFC-409F-454D-AECE-79C97E269C0D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{4457760F-3149-4D8D-BBF0-91F4C38B1943}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{6D795773-6FD1-495E-8E08-C437AF8D82D7}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{A56DF3EF-769D-4643-9FA4-460F06B5FDE2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CCC2DA00-F924-46B7-9234-B9A37B5CB4BC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{49624E43-5681-42D6-8F66-EB737706839E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{11DC8B5E-FF9B-498D-AD8B-77B1FDEC9DA1}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{48FAB60F-3FD1-45F5-B761-BBB6B0979611}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{DA5A3292-70E7-4213-9726-B852C098794D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FB60AC18-7FE9-4957-B2A0-31B0A3908746}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1EDE3350-460A-4CFB-9719-1B66303B8024}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{35FD096F-9322-41D8-A738-570306EE2075}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{D64FC538-8D36-4887-B8BE-4CF56AE0E501}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{302FC150-F02A-4031-B6F1-0F5E508F6C92}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{D43DF489-E33F-42AA-8B51-A4C01FF75659}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{D2C9115C-5B78-4663-9631-D47DAC6FB42F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{A0102207-1838-45F5-92AF-686B3E0B855E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [TCP Query User{6FCECB98-F56E-4CA3-88FA-B4DDA8FC2756}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [UDP Query User{CDB562B6-748F-474A-8EE3-2A85FCBACF65}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [TCP Query User{42168896-D7FC-4BD0-9525-92C7A083A401}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [UDP Query User{7DC8DD08-FA28-4CEE-9B02-41B1F0C6526E}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [{145200F7-0DDA-4307-8A15-52C4230D98EE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{549B94D0-198D-4C69-8995-2110233939D9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3CA54E62-6204-4440-AB00-4D1F937BD2EF}C:\users\markus meyer\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\markus meyer\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8A4E389A-6502-4B02-8782-51315DDD2192}C:\users\markus meyer\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\markus meyer\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C1193093-E5E7-4D76-8056-C15DBDBF3704}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{C3D206C9-A873-4A3D-8EF0-69AB5E4401D8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{87FDE8AA-C71F-4BE6-A257-8EBD9C391DC5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{BBE422EC-77E4-434A-B6F9-7C46DF7C9B6E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [TCP Query User{08D71451-4E3C-403F-92D2-A73FAA9EC6EE}C:\users\markus meyer\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\markus meyer\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{44B9DA52-48B3-48B4-92AF-B48387C6A85E}C:\users\markus meyer\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\markus meyer\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{E17FC18D-799B-4CCA-8888-F0609FDBBA06}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{30A5A31F-EAD6-45EC-AD96-8B2CB5ABB9A1}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{ED6FACF7-6DC9-4BF9-9863-0A0C2AA1D5B5}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{4F5638F6-62C1-40C6-8AC1-383D48829EB8}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [{F9D649FD-765B-4962-AC90-D4223D473961}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{0352D893-BEC1-467C-922F-D318328BED67}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{CB90298A-C4CF-41F7-993A-31DD7BA0FD05}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{0D9318B1-DF5D-4F34-B708-2553081B8E5C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{37342D0E-95B3-435F-97DC-969FF0093D03}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/19/2015 08:47:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/19/2015 08:45:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: tbhcn.exe, Version: 1.0.0.9, Zeitstempel: 0x5121f458
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x55636317
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e3fe
ID des fehlerhaften Prozesses: 0xa40
Startzeit der fehlerhaften Anwendung: 0xtbhcn.exe0
Pfad der fehlerhaften Anwendung: tbhcn.exe1
Pfad des fehlerhaften Moduls: tbhcn.exe2
Berichtskennung: tbhcn.exe3

Error: (07/19/2015 08:45:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: tbhcn.exe, Version: 1.0.0.9, Zeitstempel: 0x5121f458
Name des fehlerhaften Moduls: tbhcn.exe, Version: 1.0.0.9, Zeitstempel: 0x5121f458
Ausnahmecode: 0x40000015
Fehleroffset: 0x00057738
ID des fehlerhaften Prozesses: 0xa24
Startzeit der fehlerhaften Anwendung: 0xtbhcn.exe0
Pfad der fehlerhaften Anwendung: tbhcn.exe1
Pfad des fehlerhaften Moduls: tbhcn.exe2
Berichtskennung: tbhcn.exe3

Error: (07/19/2015 08:43:19 PM) (Source: ATIeRecord) (EventID: 16398) (User: )
Description: ATI EEU failed to post message to CCC

Error: (07/19/2015 08:43:19 PM) (Source: ATIeRecord) (EventID: 16398) (User: )
Description: ATI EEU failed to post message to CCC

Error: (07/19/2015 08:43:18 PM) (Source: ATIeRecord) (EventID: 16398) (User: )
Description: ATI EEU failed to post message to CCC

Error: (07/19/2015 08:43:13 PM) (Source: ATIeRecord) (EventID: 16398) (User: )
Description: ATI EEU failed to post message to CCC

Error: (07/19/2015 08:43:11 PM) (Source: ATIeRecord) (EventID: 16398) (User: )
Description: ATI EEU failed to post message to CCC

Error: (07/19/2015 08:43:10 PM) (Source: ATIeRecord) (EventID: 16398) (User: )
Description: ATI EEU failed to post message to CCC

Error: (07/19/2015 08:43:10 PM) (Source: ATIeRecord) (EventID: 16398) (User: )
Description: ATI EEU failed to post message to CCC


System errors:
=============
Error: (07/20/2015 12:02:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/19/2015 08:57:43 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (07/19/2015 08:54:50 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (07/19/2015 08:52:08 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (07/19/2015 08:47:21 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: Fehler beim Starten des Assistenten für das Sprachpaket-Setup. Führen Sie einen Neustart des Systems aus, und führen Sie den Assistenten erneut aus.

Error: (07/19/2015 08:47:21 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80070002

Error: (07/19/2015 08:47:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TrustedInstaller" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/19/2015 08:47:21 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 2TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (07/19/2015 08:46:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht.

Error: (07/19/2015 08:45:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SeaPort" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 41%
Total physical RAM: 8139.86 MB
Available physical RAM: 4772 MB
Total Virtual: 16277.93 MB
Available Virtual: 12491.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:682.97 GB) (Free:164.61 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:15.37 GB) (Free:1.67 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: EAA2A155)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=683 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End of log ============================
         
Schritt 3: GMER.txt
Ist als Anhang hinzugefügt, weil das die Zeichenanzahl überschreitet.

Ich habe jetzt noch nichts probiert, da ich in diesem Gebiet noch unerfahren bin.
Danke für jegliche Hilfe schon im voraus!

Markus

Alt 20.07.2015, 04:34   #2
M-K-D-B
/// TB-Ausbilder
 
atiedxx.exe, csrss.exe und winlogon.exe Trojaner gefunden. - Standard

atiedxx.exe, csrss.exe und winlogon.exe Trojaner gefunden.






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!




Alle von dir genannten Prozesse sind legitim (und damit keine "Trojaner"), sofern sie sich im richtigen Verzeichnis befinden.

Wir überprüfen dennoch den Rechner.





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________


Alt 21.07.2015, 21:16   #3
Mark_1295
 
atiedxx.exe, csrss.exe und winlogon.exe Trojaner gefunden. - Standard

atiedxx.exe, csrss.exe und winlogon.exe Trojaner gefunden.



Danke für die Hilfe bis jetzt!

Hab jetzt mal ComboFix drüberlaufen lassen und hier ist der Log:

Code:
ATTFilter
ComboFix 15-07-20.01 - Markus Meyer 21.07.2015  21:46:08.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.8140.5750 [GMT 2:00]
ausgeführt von:: c:\users\Markus Meyer\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\AlllCheapPriucee
c:\program files (x86)\AlllCheapPriucee\oF06Igg79F3n1f.dat
c:\program files (x86)\AlllCheapPriucee\oF06Igg79F3n1f.exe
c:\program files (x86)\AlllCheapPriucee\oF06Igg79F3n1f.tlb
c:\program files (x86)\AlluCCheapPrice
c:\program files (x86)\AlluCCheapPrice\65Rbg6SAEBjYCu.dat
c:\program files (x86)\AlluCCheapPrice\65Rbg6SAEBjYCu.exe
c:\program files (x86)\AlluCCheapPrice\65Rbg6SAEBjYCu.tlb
c:\program files (x86)\AlluCheeaPPrIicee
c:\program files (x86)\AlluCheeaPPrIicee\j27VAg9iNNmHOo.dat
c:\program files (x86)\AlluCheeaPPrIicee\j27VAg9iNNmHOo.exe
c:\program files (x86)\AlluCheeaPPrIicee\j27VAg9iNNmHOo.tlb
c:\program files (x86)\AollCheaepPriice
c:\program files (x86)\AollCheaepPriice\QR7HLqEPB87Wyx.dat
c:\program files (x86)\AollCheaepPriice\QR7HLqEPB87Wyx.exe
c:\program files (x86)\AollCheaepPriice\QR7HLqEPB87Wyx.tlb
c:\program files (x86)\BrowserCompanion
c:\program files (x86)\BrowserCompanion\ack.end
c:\program files (x86)\BrowserCompanion\blabbers-ch.crx
c:\program files (x86)\BrowserCompanion\blabbers-ff-full.xpi
c:\program files (x86)\BrowserCompanion\jsloader.dll
c:\program files (x86)\BrowserCompanion\logo.ico
c:\program files (x86)\BrowserCompanion\tdataprotocol.dll
c:\program files (x86)\BrowserCompanion\terms.lnk.url
c:\program files (x86)\BrowserCompanion\toolbar.dll
c:\program files (x86)\BrowserCompanion\uninstall.exe
c:\program files (x86)\BrowserCompanion\updatebhoWin32.dll
c:\program files (x86)\BrowserCompanion\updatebhoWin32.dll_1
c:\program files (x86)\BrowserCompanion\updater.ini
c:\program files (x86)\BrowserCompanion\widgetserv.exe
c:\program files (x86)\start
c:\program files (x86)\start\Start.dat
c:\programdata\2676599837052602665UL
c:\programdata\2676599837052602665UL\22d744506cad0c4c3a4228e33e5795cc.ini
c:\programdata\2676599837052602665UL\2544e9905b19ed48ebd7a8ace77dcc39.ini
c:\programdata\2676599837052602665UL\28d0b1947fe80791ebd7a8ace77dcc39.ini
c:\programdata\2676599837052602665UL\35555c15a234937f3a4228e33e5795cc.ini
c:\programdata\2676599837052602665UL\37a553f5bd0c8932ebd7a8ace77dcc39.ini
c:\programdata\2676599837052602665UL\3f0327b152e6b712ebd7a8ace77dcc39.ini
c:\programdata\2676599837052602665UL\4cc9484e5308b1bcebd7a8ace77dcc39.ini
c:\programdata\2676599837052602665UL\4dc887bcc29b26c6ebd7a8ace77dcc39.ini
c:\programdata\2676599837052602665UL\509988526bee90c23a4228e33e5795cc.ini
c:\programdata\2676599837052602665UL\52f7a96b3ed86261ebd7a8ace77dcc39.ini
c:\programdata\2676599837052602665UL\55a8e9c86128951febd7a8ace77dcc39.ini
c:\programdata\2676599837052602665UL\58e0cfd5ceb309573a4228e33e5795cc.ini
c:\programdata\2676599837052602665UL\5ba3ff2d19c3f7823a4228e33e5795cc.ini
c:\programdata\2676599837052602665UL\638b22b38fe15e8cebd7a8ace77dcc39.ini
c:\programdata\2676599837052602665UL\6757e794ec36f69e3a4228e33e5795cc.ini
c:\programdata\2676599837052602665UL\67c9553d6b57f65c3a4228e33e5795cc.ini
c:\programdata\2676599837052602665UL\7766d983eaa2eed8ebd7a8ace77dcc39.ini
c:\programdata\2676599837052602665UL\78429644664d31173a4228e33e5795cc.ini
c:\programdata\2676599837052602665UL\7d3a17969ee8d54eebd7a8ace77dcc39.ini
c:\programdata\2676599837052602665UL\880e4cb7292a1ce4ebd7a8ace77dcc39.ini
c:\programdata\2676599837052602665UL\8c1e6cd4f6995a4d3a4228e33e5795cc.ini
c:\programdata\2676599837052602665UL\906b6fb1d09c124b3a4228e33e5795cc.ini
c:\programdata\2676599837052602665UL\94ab5725d9da5e7e3a4228e33e5795cc.ini
c:\programdata\2676599837052602665UL\94d8a7fa1f91add83a4228e33e5795cc.ini
c:\programdata\2676599837052602665UL\98cd8fa88a3bac0a3a4228e33e5795cc.ini
c:\programdata\2676599837052602665UL\9ae0d396fcdda3fd3a4228e33e5795cc.ini
c:\programdata\2676599837052602665UL\a2a7943e65aa5d273a4228e33e5795cc.ini
c:\programdata\2676599837052602665UL\ab04ecb30c557b37ebd7a8ace77dcc39.ini
c:\programdata\2676599837052602665UL\af0c9ff59bf040b63a4228e33e5795cc.ini
c:\programdata\2676599837052602665UL\af7d149721897c8aebd7a8ace77dcc39.ini
c:\programdata\2676599837052602665UL\beca2007fdd0d58a3a4228e33e5795cc.ini
c:\programdata\2676599837052602665UL\c007a25cf45c47493a4228e33e5795cc.ini
c:\programdata\2676599837052602665UL\c964044650c9e4ef3a4228e33e5795cc.ini
c:\programdata\2676599837052602665UL\c9cd1ae9d4a3d15eebd7a8ace77dcc39.ini
c:\programdata\2676599837052602665UL\d10de703829fe2d8ebd7a8ace77dcc39.ini
c:\programdata\2676599837052602665UL\d1b1b8b13a226202ebd7a8ace77dcc39.ini
c:\programdata\2676599837052602665UL\d20502567d1fd4083a4228e33e5795cc.ini
c:\programdata\2676599837052602665UL\d2c158d94d8265433a4228e33e5795cc.ini
c:\programdata\2676599837052602665UL\d43a473d94acb0b6ebd7a8ace77dcc39.ini
c:\programdata\2676599837052602665UL\eec8e69576387ef13a4228e33e5795cc.ini
c:\programdata\2676599837052602665UL\f2d1c1d6e6b29a363a4228e33e5795cc.ini
c:\programdata\2676599837052602665UL\f678e7392b0ab21f3a4228e33e5795cc.ini
c:\programdata\2676599837052602665UL\f7610c3afe2bbcd13a4228e33e5795cc.ini
c:\programdata\Assistant\Assistant.dll
c:\programdata\Assistant\AssistantSvc.dll
c:\programdata\BetterSoft\OptimizerPro
c:\programdata\BetterSoft\OptimizerPro\3036567561.ini
c:\programdata\BetterSoft\OptimizerPro\OptimizerPro.exe
c:\programdata\ntuser.pol
c:\programdata\Roaming
c:\programdata\SearchNewTab
c:\programdata\SearchNewTab\51decc363a48e.dll
c:\programdata\SearchNewTab\51decc363a48e.tlb
c:\programdata\SearchNewTab\data\SearchNewTab.dat
c:\programdata\SearchNewTab\settings.ini
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-06-21 bis 2015-07-21  ))))))))))))))))))))))))))))))
.
.
2015-07-21 20:03 . 2015-07-21 20:03	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-07-21 18:53 . 2015-07-21 18:53	75888	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{269ED7B7-4451-4C90-A89A-25CF29466112}\offreg.148.dll
2015-07-21 18:21 . 2015-06-12 07:50	12221144	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{269ED7B7-4451-4C90-A89A-25CF29466112}\mpengine.dll
2015-07-21 11:10 . 2015-07-21 11:10	--------	d-----w-	c:\program files (x86)\AlllCheapPricee
2015-07-21 11:09 . 2015-07-21 11:09	--------	d-----w-	c:\program files (x86)\AppJump App Launcher and Organizer
2015-07-20 22:41 . 2015-07-20 22:41	20	----a-w-	c:\users\Markus Meyer\AppData\Roaming\appdataFr2.bin
2015-07-20 14:31 . 2015-06-12 07:50	12221144	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-07-20 01:11 . 2015-07-20 01:16	--------	d-----w-	C:\FRST
2015-07-17 14:37 . 2015-07-01 04:29	1190000	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4DE3C56A-B7D2-4C90-8797-3EFA44386E52}\gapaengine.dll
2015-07-17 14:36 . 2015-07-17 14:36	--------	d-----w-	c:\program files (x86)\Common Files\Java
2015-07-17 14:33 . 2015-07-17 14:33	--------	d-----w-	c:\users\Markus Meyer\AppData\Roaming\Oracle
2015-07-17 14:32 . 2015-07-17 14:35	97888	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-07-15 13:16 . 2015-07-17 14:48	--------	d-----w-	c:\programdata\Oracle
2015-07-15 13:10 . 2015-07-15 13:10	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2015-07-08 14:51 . 2015-07-08 14:51	--------	d-----w-	c:\program files (x86)\AllChheapPriceo
2015-07-08 14:50 . 2015-07-08 14:50	--------	d-----w-	c:\program files (x86)\Myibidder Auction Bid Sniper for eBay
2015-07-04 15:06 . 2015-07-04 15:08	--------	d-----w-	c:\users\Markus Meyer\AppData\Roaming\TEdit
2015-07-04 15:06 . 2015-07-04 15:06	--------	d-----w-	c:\users\Markus Meyer\AppData\Local\TEditXna
2015-07-03 21:42 . 2015-07-03 21:42	--------	d-----w-	c:\users\Markus Meyer\AppData\Local\CEF
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-21 11:09 . 2015-04-16 20:45	79	----a-w-	c:\program files (x86)\prefs.js
2015-07-15 01:17 . 2012-04-05 11:46	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-15 01:17 . 2011-08-20 19:20	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-14 09:44 . 2012-01-02 13:44	33856	---ha-w-	c:\windows\system32\hamachi.sys
2015-07-13 14:05 . 2015-04-25 16:20	968248	----a-w-	c:\users\ffmpegsumo.dll
2015-07-13 14:05 . 2015-04-25 16:20	79928	----a-w-	c:\users\libEGL.dll
2015-07-13 14:05 . 2015-04-25 16:20	73272	----a-w-	c:\users\wow_helper.exe
2015-07-13 14:05 . 2015-04-25 16:20	41287224	----a-w-	c:\users\libcef.dll
2015-07-13 14:05 . 2015-04-25 16:20	3457592	----a-w-	c:\users\d3dcompiler_47.dll
2015-07-13 14:05 . 2015-04-25 16:20	1488440	----a-w-	c:\users\libGLESv2.dll
2015-07-13 14:05 . 2015-04-25 16:20	2106424	----a-w-	c:\users\d3dcompiler_43.dll
2015-07-13 14:05 . 2015-04-25 16:20	2008632	----a-w-	c:\users\SpotifyWebHelper.exe
2015-07-13 14:05 . 2015-04-25 16:20	98360	----a-w-	c:\users\SpotifyLauncher.exe
2015-07-13 14:05 . 2015-04-25 16:20	838200	----a-w-	c:\users\SpotifyCrashService.exe
2015-07-13 14:05 . 2015-04-25 16:20	7334968	----a-w-	c:\users\Spotify.exe
2015-07-05 10:08 . 2010-11-21 03:27	300704	------w-	c:\windows\system32\MpSigStub.exe
2015-07-01 04:29 . 2012-06-14 15:48	1190000	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-06-11 01:03 . 2011-08-22 21:59	140135120	----a-w-	c:\windows\system32\MRT.exe
2015-06-01 19:16 . 2015-06-10 12:03	389840	----a-w-	c:\windows\system32\iedkcs32.dll
2015-05-27 14:35 . 2015-06-10 12:03	24917504	----a-w-	c:\windows\system32\mshtml.dll
2015-05-25 18:24 . 2015-06-10 12:02	5569984	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-05-25 18:23 . 2015-06-10 12:02	155584	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2015-05-25 18:23 . 2015-06-10 12:02	95680	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2015-05-25 18:21 . 2015-06-10 12:02	1728960	----a-w-	c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-10 12:02	243712	----a-w-	c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-10 12:02	362496	----a-w-	c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-10 12:02	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-10 12:02	215040	----a-w-	c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-10 12:02	1255424	----a-w-	c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-10 12:02	210944	----a-w-	c:\windows\system32\wdigest.dll
2015-05-25 18:19 . 2015-06-10 12:02	879104	----a-w-	c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-10 12:02	86528	----a-w-	c:\windows\system32\TSpkg.dll
2015-05-25 18:19 . 2015-06-10 12:02	136192	----a-w-	c:\windows\system32\sspicli.dll
2015-05-25 18:19 . 2015-06-10 12:02	29184	----a-w-	c:\windows\system32\sspisrv.dll
2015-05-25 18:19 . 2015-06-10 12:02	503808	----a-w-	c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-10 12:02	113664	----a-w-	c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-10 12:02	50176	----a-w-	c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-10 12:02	28160	----a-w-	c:\windows\system32\secur32.dll
2015-05-25 18:19 . 2015-06-10 12:02	342016	----a-w-	c:\windows\system32\schannel.dll
2015-05-25 18:19 . 2015-06-10 12:02	314880	----a-w-	c:\windows\system32\msv1_0.dll
2015-05-25 18:19 . 2015-06-10 12:02	309760	----a-w-	c:\windows\system32\ncrypt.dll
2015-05-25 18:19 . 2015-06-10 12:02	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-10 12:02	728576	----a-w-	c:\windows\system32\kerberos.dll
2015-05-25 18:19 . 2015-06-10 12:02	424960	----a-w-	c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-10 12:02	1461760	----a-w-	c:\windows\system32\lsasrv.dll
2015-05-25 18:19 . 2015-06-10 12:02	1162752	----a-w-	c:\windows\system32\kernel32.dll
2015-05-25 18:18 . 2015-06-10 12:02	43520	----a-w-	c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-10 12:02	22016	----a-w-	c:\windows\system32\credssp.dll
2015-05-25 18:18 . 2015-06-10 12:02	879104	----a-w-	c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-10 12:02	404992	----a-w-	c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-10 12:02	47104	----a-w-	c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-10 12:02	112640	----a-w-	c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-10 12:02	296960	----a-w-	c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-10 12:02	43008	----a-w-	c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-10 12:02	104448	----a-w-	c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-10 12:02	31232	----a-w-	c:\windows\system32\lsass.exe
2015-05-25 18:18 . 2015-06-10 12:02	19456	----a-w-	c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-10 12:02	338432	----a-w-	c:\windows\system32\conhost.exe
2015-05-25 18:18 . 2015-06-10 12:02	64000	----a-w-	c:\windows\system32\auditpol.exe
2015-05-25 18:14 . 2015-06-10 12:02	60416	----a-w-	c:\windows\system32\msobjs.dll
2015-05-25 18:14 . 2015-06-10 12:02	146432	----a-w-	c:\windows\system32\msaudite.dll
2015-05-25 18:11 . 2015-06-10 12:02	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 12:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 12:02	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 12:02	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 12:02	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 12:02	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 12:02	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 12:02	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 12:02	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 12:02	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 12:02	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 12:02	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 12:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 12:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 12:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 12:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 12:02	6656	----a-w-	c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-10 12:02	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 12:02	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 12:02	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 12:02	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 12:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 12:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 12:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 12:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 12:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 12:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 12:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 12:02	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 12:02	686080	----a-w-	c:\windows\system32\adtschema.dll
2015-05-25 18:07 . 2015-06-10 12:02	3989440	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-10 12:02	3934144	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-10 12:02	1310744	----a-w-	c:\windows\SysWow64\ntdll.dll
2015-05-25 18:01 . 2015-06-10 12:02	172032	----a-w-	c:\windows\SysWow64\wdigest.dll
2015-05-25 18:01 . 2015-06-10 12:02	635392	----a-w-	c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-10 12:02	65536	----a-w-	c:\windows\SysWow64\TSpkg.dll
2015-05-25 18:01 . 2015-06-10 12:02	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2015-05-25 18:01 . 2015-06-10 12:02	248832	----a-w-	c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-06-10 12:02	92160	----a-w-	c:\windows\SysWow64\sechost.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30	151576	----a-w-	c:\users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30	151576	----a-w-	c:\users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30	151576	----a-w-	c:\users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dxtory Update Checker 2.0"="c:\program files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe" [2010-10-17 93696]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-07-16 2895552]
"Overwolf"="c:\program files (x86)\Overwolf\Overwolf.exe" [2015-07-19 41200]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-06-29 53282944]
"Spotify Web Helper"="c:\users\Markus Meyer\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-07-13 2008632]
"Spotify"="c:\users\Markus Meyer\AppData\Roaming\Spotify\Spotify.exe" [2015-07-13 7334968]
"Dropbox Update"="c:\users\Markus Meyer\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-21 134512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-15 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"MFARestart"="c:\programdata\MFAData\pack\avgrunasx.exe" [2011-08-02 247136]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"Magic Desktop for HP notification"="c:\programdata\Easybits Magic Desktop for HP\mdhpSUN.exe" [2013-12-30 1258504]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"PowerDVD14Agent"="c:\program files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe" [2014-03-17 795672]
"cmsc"="c:\program files (x86)\cmcm\Clean Master\cmtray.exe" [2015-04-01 771912]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2015-07-14 5579624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-06-08 334896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 699fd52f;Assistant;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Jittery Application;Jittery Application;c:\program files (x86)\Jittery Application\0a9e7e87.ftf.ftf;c:\program files (x86)\Jittery Application\0a9e7e87.ftf.ftf [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Spotless Awareness;Spotless Awareness;c:\program files (x86)\Spotless Awareness\Spotless Awareness.exe;c:\program files (x86)\Spotless Awareness\Spotless Awareness.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 OverwolfUpdater;Overwolf Updater Windows SCM;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Said505F;Said505F;c:\windows\system32\DRIVERS\Said505F.sys;c:\windows\SYSNATIVE\DRIVERS\Said505F.sys [x]
R3 SaiK0CD0;SaiK0CD0;c:\windows\system32\DRIVERS\SaiK0CD0.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0CD0.sys [x]
R3 SaiU0CD0;SaiU0CD0;c:\windows\system32\DRIVERS\SaiU0CD0.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU0CD0.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 F06DEFF2-5B9C-490D-910F-35D3A9119622;F06DEFF2-5B9C-490D-910F-35D3A9119622;c:\program files (x86)\Assets Manager\smdmf\x64\smdmfmgrc3.cfg;c:\program files (x86)\Assets Manager\smdmf\x64\smdmfmgrc3.cfg [x]
S2 {C5F942FD-1110-4664-86CE-0C6BDA305235};Power Control [2014/08/31 14:38];c:\program files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 cmcore;Clean Master Core Service;c:\program files (x86)\cmcm\Clean Master\cmcore.exe;c:\program files (x86)\cmcm\Clean Master\cmcore.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 SmdmFService;SmdmF Service;c:\program files (x86)\Assets Manager\smdmf\SmdmFService.exe;c:\program files (x86)\Assets Manager\smdmf\SmdmFService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 ksapi64;ksapi64;c:\windows\system32\drivers\ksapi64.sys;c:\windows\SYSNATIVE\drivers\ksapi64.sys [x]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-21 19:31	995144	----a-w-	c:\program files (x86)\Google\Chrome\Application\44.0.2403.89\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 01:17]
.
2015-07-21 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1660394222-742470415-1346051432-1000Core.job
- c:\users\Markus Meyer\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21 16:35]
.
2015-07-21 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1660394222-742470415-1346051432-1000UA.job
- c:\users\Markus Meyer\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21 16:35]
.
2015-07-21 c:\windows\Tasks\GinyasBrowserCompanion Chrome Watcher.job
- c:\programdata\GinyasBrowserCompanion\tbhcn.exe [2013-02-18 10:49]
.
2015-07-21 c:\windows\Tasks\GinyasBrowserCompanion FireFox Watcher.job
- c:\programdata\GinyasBrowserCompanion\tbhcn.exe [2013-02-18 10:49]
.
2015-07-21 c:\windows\Tasks\GinyasBrowserCompanion Runner.job
- c:\programdata\GinyasBrowserCompanion\tbhcn.exe [2013-02-18 10:49]
.
2015-07-21 c:\windows\Tasks\GinyasBrowserCompanion Stats Report.job
- c:\programdata\GinyasBrowserCompanion\tbhcn.exe [2013-02-18 10:49]
.
2015-07-21 c:\windows\Tasks\GinyasBrowserCompanion Update Checker.job
- c:\programdata\GinyasBrowserCompanion\tbhcn.exe [2013-02-18 10:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30	184856	----a-w-	c:\users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30	184856	----a-w-	c:\users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30	184856	----a-w-	c:\users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30	184856	----a-w-	c:\users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-02-04 1933584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-06-25 455680]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-06-25 158208]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-27 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-04-09 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-04-09 442352]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Markus Meyer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to iPod Converter - c:\users\Markus Meyer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - 
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - 
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - 
FF - ProfilePath - c:\users\Markus Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\8g60e7l1.default-1418240712063\
FF - prefs.js: browser.search.selectedEngine - default-search.net
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.default-search.net/search?sid=476&aid=146&itype=n&ver=15586&tm=621&src=ds&p=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-BrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-GinyasBrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe
AddRemove-{5A1D3F9E-73B5-95EC-1233-6646E1358965} - c:\program files (x86)\AlllCheapPriucee\oF06Igg79F3n1f.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{699fd52f} - c:\progra~3\ASSIST~1\ASSIST~1.DLL
AddRemove-{ED3219B0-8C17-452A-AF77-FFF11F03FE50}_is1 - c:\users\Markus Meyer\AppData\Roaming\.minecraft\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\F06DEFF2-5B9C-490D-910F-35D3A9119622]
"ImagePath"="\??\c:\program files (x86)\Assets Manager\smdmf\x64\smdmfmgrc3.cfg"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Jittery Application]
"ImagePath"="\"c:\program files (x86)\Jittery Application\0a9e7e87.ftf.ftf\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{C5F942FD-1110-4664-86CE-0C6BDA305235}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1660394222-742470415-1346051432-1000\Software\SecuROM\License information*]
"datasecu"=hex:d5,34,6c,51,25,bb,45,45,00,a7,36,5c,84,28,c6,06,cd,91,8a,63,6d,
   93,0d,8f,09,2d,ee,d2,94,40,cc,64,ba,e4,e3,c7,88,48,89,53,72,22,38,0d,1f,31,\
"rkeysecu"=hex:36,65,ed,88,d2,96,8e,47,ee,76,91,9a,23,8d,6a,f4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-07-21  22:09:26
ComboFix-quarantined-files.txt  2015-07-21 20:09
.
Vor Suchlauf: 20 Verzeichnis(se), 175.236.415.488 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 174.879.289.344 Bytes frei
.
- - End Of File - - 88D5E8962F1DB76704C56E7A77028622
         

Danke nochmals,

Markus
__________________

Alt 22.07.2015, 04:42   #4
M-K-D-B
/// TB-Ausbilder
 
atiedxx.exe, csrss.exe und winlogon.exe Trojaner gefunden. - Standard

atiedxx.exe, csrss.exe und winlogon.exe Trojaner gefunden.



Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von JRT,
  • die beiden neuen Logdateien von FRST.

Alt 26.07.2015, 08:36   #5
M-K-D-B
/// TB-Ausbilder
 
atiedxx.exe, csrss.exe und winlogon.exe Trojaner gefunden. - Standard

atiedxx.exe, csrss.exe und winlogon.exe Trojaner gefunden.



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!


Antwort

Themen zu atiedxx.exe, csrss.exe und winlogon.exe Trojaner gefunden.
adware, bonjour, branding, browser, chromium, converter, cpu, excel, failed, firefox, firefox 39.0, flash player, google, home, homepage, launch, league of legends, mozilla, mp3, programm, prozesse, registry, rundll, scan, security, software, system, trojaner, udp, usb, warum




Ähnliche Themen: atiedxx.exe, csrss.exe und winlogon.exe Trojaner gefunden.


  1. Windows7: zu langsam - atiedxx.exe, csrss.exe und winlogon.exe
    Log-Analyse und Auswertung - 21.06.2015 (12)
  2. Langsamer Laptop atiedxx.exe, csrss.exe und winlogon.exe
    Log-Analyse und Auswertung - 05.03.2015 (11)
  3. Prozesse 2dpainting.exe;atieclxx.exe;csrss.exe und winlogon.exe verdächtig
    Plagegeister aller Art und deren Bekämpfung - 09.08.2014 (5)
  4. Virus (csrss.exe/winlogon.exe) nach mbr und normaler Formatierung immer noch da
    Log-Analyse und Auswertung - 19.05.2014 (7)
  5. csrss.exe, atiedxx.exe, winlogon.exe, ePowerEvent.exe - Dateipfad lässt sich nicht öffnen & kein Benutzer & keine Beschreibung
    Log-Analyse und Auswertung - 19.05.2014 (7)
  6. winlogon.exe und csrss.exe ---> Trojaner
    Log-Analyse und Auswertung - 30.10.2013 (3)
  7. Winlogon.exe & csrss.exe...Virus? Trojan (?)
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (22)
  8. tpnumlk.exe , csrss.exe , winlogon.exe ohne Benutzer und Beschreibung im Task-Manager (Win7)
    Plagegeister aller Art und deren Bekämpfung - 01.12.2011 (21)
  9. atiecixx.exe , csrss.exe , winlogon.exe ohne Benutzer und Beschreibung im Task-Manager (Win7)
    Plagegeister aller Art und deren Bekämpfung - 28.10.2011 (7)
  10. Prozesse csrss.exe, atiedxx.exe, winlogon; Computer langsam
    Log-Analyse und Auswertung - 21.08.2011 (5)
  11. Facebook-Virus?, *.JPG.scr geöffnet, Folge: winsvc.exe, csrss.exe, atiedxx.exe, winlogon.exe
    Log-Analyse und Auswertung - 16.08.2011 (2)
  12. Trojaner + csrss.exe & winlogon.exe ohne Beschreibung
    Plagegeister aller Art und deren Bekämpfung - 09.06.2011 (32)
  13. Csrss.exe Winlogon.exe Atieclxx.exe ohne zuweisung im Taskmanager
    Log-Analyse und Auswertung - 26.05.2011 (6)
  14. atiedxx,csrss sowie winlogon.exe ohne Dateipfad - Verseucht!
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (1)
  15. csrss.exe, atiedxx.exe, winlogon?
    Plagegeister aller Art und deren Bekämpfung - 03.09.2010 (7)
  16. winlogon.exe/csrss.exe ? jemand entscheidet was ich darf und was nicht..Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 08.01.2010 (10)
  17. csrss/winlogon/rundll32 unter vista,HILFE
    Log-Analyse und Auswertung - 08.08.2008 (6)

Zum Thema atiedxx.exe, csrss.exe und winlogon.exe Trojaner gefunden. - Hallo erstmal! Ich habe soeben ein paar Prozesse von mir gegoogelt und bin darauf gestoßen, dass die Prozesse atiedxx.exe, csrss.exe und winlogon.exe Trojaner sind. Ich benutze Win7 und keinen Plan, - atiedxx.exe, csrss.exe und winlogon.exe Trojaner gefunden....
Archiv
Du betrachtest: atiedxx.exe, csrss.exe und winlogon.exe Trojaner gefunden. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.