Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Trojanerfund durch Microsoft Security,extrem langsamer PC, Deaktivierung der Firewall (https://www.trojaner-board.de/160497-windows-7-trojanerfund-microsoft-security-extrem-langsamer-pc-deaktivierung-firewall.html)

Anchovi 10.11.2014 23:30
Noch bin ich ein bisschen wach ;)

Momentan hakt der Emisoft-Scan bei ca. 60 Prozent, schon eine geraume Zeit. Ist das normal?

deeprybka 10.11.2014 23:41
Warte mal ab...Wenn die Windows-Uhr stehen bleibt oder er ewig die gleiche Datei scannt, dann läuft wohl was schief.

Anchovi 11.11.2014 00:07
Alles klar. Habe neu gestartet, jetzt läuft er und scannt- zwar recht langsam, aber er scannt ;)

deeprybka 11.11.2014 00:09
Naja, was heißt langsam? Der befummelt jetzt jede einzelne Datei... :D

Anchovi 11.11.2014 10:06
So, hier jetzt die beiden von dir gewünschten Scans.
Code:
Emsisoft Emergency Kit - Version 9.0
Letztes Update: 10.11.2014 23:19:57
Benutzerkonto: Hendrik-PC\Hendrik

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\

PUPs-Erkennung: An
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:        10.11.2014 23:37:01

Gescannt        576009
Gefunden        0

Scan Ende:        11.11.2014 05:43:53
Scan Zeit:        6:06:52

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by Hendrik (administrator) on HENDRIK-PC on 11-11-2014 09:59:35
Running from C:\Users\Hendrik\Desktop
Loaded Profiles: Hendrik & DefaultAppPool (Available profiles: Hendrik & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Join Air\AssistantServices.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Program Files (x86)\Join Air\UIExec.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Hendrik\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-05-17] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-04-03] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-09] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\Join Air\UIExec.exe [132608 2009-08-31] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1724138799-3868663929-1243099489-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-1724138799-3868663929-1243099489-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-1724138799-3868663929-1243099489-1000\...\Run: [Wiuhyfreyquwh] => "C:\Users\Hendrik\AppData\Roaming\Urmytiyf\ywwego.exe"
HKU\S-1-5-21-1724138799-3868663929-1243099489-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1724138799-3868663929-1243099489-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\0j0h3k4m.default-1413030961018
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKU\S-1-5-21-1724138799-3868663929-1243099489-1000: @torrentstream.net/tsplugin,version=1.0.6 -> C:\Users\Hendrik\AppData\Roaming\TorrentStream\player\npts.dll (The Torrent Stream and VideoLAN and Delft University of Technology)
FF Plugin ProgramFiles/Appdata: C:\Users\Hendrik\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Webmail Ad Blocker - C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\0j0h3k4m.default-1413030961018\Extensions\gmailnoads@mywebber.com.xpi [2014-10-11]
FF Extension: Adblock Plus - C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\0j0h3k4m.default-1413030961018\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-11]

Chrome:
=======
CHR HomePage: Default -> chrome://newtab
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Users\Hendrik\AppData\Roaming\Mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.670.1) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U67) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Torrent Stream P2P Multimedia Plug-in) - C:\Users\Hendrik\AppData\Roaming\TorrentStream\player\npts.dll (The Torrent Stream and VideoLAN and Delft University of Technology)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll No File
CHR Profile: C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-16]
CHR Extension: (Google Drive) - C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-16]
CHR Extension: (Google-Suche) - C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-16]
CHR Extension: (Google Wallet) - C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-16]
CHR Extension: (TS Magic Player) - C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ochbjojkpcmlfeagbaahkofepalngihg [2014-04-26]
CHR Extension: (Google Mail) - C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-14] (Microsoft Corporation)
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-04-03] (Crawler.com)
R2 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [241664 2009-08-31] () [File not signed]
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S2 lxdu_device; C:\Windows\system32\lxducoms.exe -service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 assd; C:\Windows\System32\Drivers\assd.sys [27264 2010-04-28] (ASUS Corporation)
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-11-10] (Emsisoft GmbH)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [34304 2012-01-11] (ManyCam LLC)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2012-02-22] (ManyCam LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-12-08] (Windows (R) Win 7 DDK provider)
S2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam64.sys [1071032 2012-04-15] (Windows (R) Win 7 DDK provider)
S1 brdzkxcp; \??\C:\Windows\system32\drivers\brdzkxcp.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 gucgznbc; \??\C:\Windows\system32\drivers\gucgznbc.sys [X]
S1 inqltdso; \??\C:\Windows\system32\drivers\inqltdso.sys [X]
S1 laaolckg; \??\C:\Windows\system32\drivers\laaolckg.sys [X]
S1 lxukkwfx; \??\C:\Windows\system32\drivers\lxukkwfx.sys [X]
S1 vngoazpn; \??\C:\Windows\system32\drivers\vngoazpn.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 07:45 - 2014-11-11 07:45 - 00000934 _____ () C:\Users\Hendrik\Desktop\a2scan_141110-233701.txt
2014-11-10 23:16 - 2014-11-10 23:16 - 00000745 _____ () C:\Users\Hendrik\Desktop\Start Emsisoft Emergency Kit.lnk
2014-11-10 23:15 - 2014-11-10 23:17 - 00000000 ____D () C:\EEK
2014-11-10 23:12 - 2014-11-10 23:14 - 156056136 _____ () C:\Users\Hendrik\Desktop\EmsisoftEmergencyKit.exe
2014-11-10 22:44 - 2014-11-10 22:44 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Hendrik\Desktop\tdsskiller.exe
2014-11-10 22:19 - 2014-11-10 22:19 - 00061319 _____ () C:\Users\Hendrik\Desktop\ESETRovnixCleaner.exe_20141110.221918.6052.zip
2014-11-10 22:19 - 2014-11-10 22:19 - 00006510 _____ () C:\Users\Hendrik\Desktop\ESETRovnixCleaner.exe_20141110.221918.6052.log
2014-11-10 21:58 - 2014-11-10 22:19 - 00170280 _____ (ESET) C:\Windows\system32\Drivers\ESETCleanersDriver.sys
2014-11-10 21:58 - 2014-11-10 21:59 - 00007370 _____ () C:\Users\Hendrik\Downloads\ESETRovnixCleaner.exe_20141110.215848.8388.log
2014-11-10 21:58 - 2014-11-10 21:58 - 00064500 _____ () C:\Users\Hendrik\Downloads\ESETRovnixCleaner.exe_20141110.215848.8388.zip
2014-11-10 21:57 - 2014-11-10 21:57 - 00338120 _____ (ESET) C:\Users\Hendrik\Desktop\ESETRovnixCleaner.exe
2014-11-10 21:49 - 2014-11-11 10:00 - 00024950 _____ () C:\Users\Hendrik\Desktop\FRST.txt
2014-11-10 21:33 - 2014-11-10 21:35 - 02116096 _____ (Farbar) C:\Users\Hendrik\Desktop\FRST64(1).exe
2014-11-10 20:13 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-10 20:13 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-10 20:13 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-10 20:13 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-10 20:13 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-10 20:13 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-10 20:13 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-10 20:13 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-10 20:12 - 2014-11-10 21:29 - 00000000 ____D () C:\ComboFix
2014-11-10 20:10 - 2014-11-10 20:12 - 00000000 ____D () C:\Qoobox
2014-11-10 20:06 - 2014-11-10 21:18 - 00000000 ____D () C:\Windows\erdnt
2014-11-10 19:57 - 2014-11-10 19:58 - 05598341 ____R (Swearware) C:\Users\Hendrik\Desktop\ComboFix.exe
2014-11-10 19:47 - 2014-11-10 19:47 - 00000000 ____D () C:\OETemp
2014-11-10 19:41 - 2014-11-10 19:41 - 05598341 _____ (Swearware) C:\Users\Hendrik\Downloads\ComboFix(1).exe
2014-11-10 19:40 - 2014-11-10 19:41 - 05598341 _____ (Swearware) C:\Users\Hendrik\Downloads\ComboFix.exe
2014-11-10 18:58 - 2014-11-10 19:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-08 11:48 - 2014-11-08 13:38 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Gyxyewlu
2014-11-08 11:48 - 2014-11-08 13:38 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Baexkir
2014-11-08 11:48 - 2014-11-08 11:48 - 00003834 _____ () C:\Windows\System32\Tasks\Security Center Update - 1783181859
2014-11-08 11:48 - 2014-11-08 11:48 - 00003830 _____ () C:\Windows\System32\Tasks\Security Center Update - 279616795
2014-11-08 11:48 - 2014-11-08 11:48 - 00003826 _____ () C:\Windows\System32\Tasks\Security Center Update - 3634134863
2014-11-08 11:47 - 2014-11-08 13:38 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Vyyhxe
2014-11-07 16:38 - 2014-11-10 19:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-11-06 21:29 - 2014-11-06 21:43 - 00000000 ____D () C:\Users\Hendrik\Downloads\pictures (78)
2014-11-06 19:00 - 2014-11-10 19:51 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-06 18:59 - 2014-11-06 18:59 - 04583464 _____ (Avira Operations GmbH & Co. KG) C:\Users\Hendrik\Downloads\avira_de_av___ws.exe
2014-11-06 18:41 - 2014-11-06 18:41 - 00380416 _____ () C:\Users\Hendrik\Desktop\Gmer-19357.exe
2014-11-06 18:34 - 2014-11-06 18:36 - 00041719 _____ () C:\Users\Hendrik\Downloads\Addition.txt
2014-11-06 18:31 - 2014-11-10 21:47 - 00063412 _____ () C:\Users\Hendrik\Downloads\FRST.txt
2014-11-06 18:30 - 2014-11-11 09:59 - 00000000 ____D () C:\FRST
2014-11-06 18:30 - 2014-11-06 18:30 - 02114560 _____ (Farbar) C:\Users\Hendrik\Downloads\FRST64.exe
2014-11-06 18:28 - 2014-11-06 18:29 - 00000476 _____ () C:\Users\Hendrik\Downloads\defogger_disable.log
2014-11-06 18:28 - 2014-11-06 18:28 - 00000000 _____ () C:\Users\Hendrik\defogger_reenable
2014-11-06 18:27 - 2014-11-06 18:27 - 00050477 _____ () C:\Users\Hendrik\Downloads\Defogger.exe
2014-11-06 16:25 - 2014-11-06 18:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-06 16:19 - 2014-11-06 16:19 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-06 16:19 - 2014-11-06 16:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-06 16:18 - 2014-11-06 16:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-06 16:18 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-06 16:18 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-06 16:18 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-06 16:16 - 2014-11-06 16:17 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Hendrik\Downloads\mbam-setup-2.0.3.1025(2).exe
2014-11-06 16:00 - 2014-11-06 16:00 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Hendrik\Downloads\mbam-setup-2.0.3.1025(1).exe
2014-11-06 15:43 - 2014-11-06 15:43 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Hendrik\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-06 12:02 - 2014-11-06 12:06 - 121435896 _____ (Microsoft Corporation) C:\Users\Hendrik\Downloads\msert(2).exe
2014-11-05 17:18 - 2014-11-05 17:18 - 01125200 _____ () C:\Users\Hendrik\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-11-05 16:42 - 2014-11-05 16:42 - 00896504 _____ (Microsoft Corporation) C:\Users\Hendrik\Downloads\mssstool64.exe
2014-11-04 22:47 - 2014-11-05 15:52 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Urmytiyf
2014-11-04 21:50 - 2014-11-06 13:44 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-11-04 17:44 - 2014-11-06 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2014-11-04 17:44 - 2014-11-06 15:30 - 00000000 ____D () C:\Program Files\Wondershare
2014-11-04 17:44 - 2014-11-04 17:44 - 00000000 ___HD () C:\Program Files (x86)\Dr.Fone_Temp
2014-11-04 17:44 - 2014-11-04 17:44 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\Wondershare
2014-11-04 17:44 - 2014-11-04 17:44 - 00000000 ____D () C:\ProgramData\Wondershare
2014-11-04 17:43 - 2014-11-04 17:43 - 00000000 ____D () C:\Users\Public\Documents\Wondershare
2014-11-04 17:16 - 2014-11-04 17:16 - 00000000 ____D () C:\Users\Hendrik\Desktop\Media
2014-11-04 17:07 - 2014-11-05 16:09 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincubate
2014-11-04 10:42 - 2014-11-04 10:47 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\WindSolutions
2014-11-04 10:42 - 2014-11-04 10:46 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-11-04 00:08 - 2014-11-04 00:08 - 00000000 ____D () C:\Users\Hendrik\.android
2014-11-03 23:53 - 2014-11-04 00:05 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-11-02 00:42 - 2014-11-02 00:43 - 107254738 _____ () C:\Users\Hendrik\Documents\clip0918.avi
2014-11-01 12:32 - 2014-11-01 12:32 - 04078544 _____ (iMobie Inc. ) C:\Users\Hendrik\Downloads\phonerescue-setup.exe
2014-10-30 22:34 - 2014-10-30 22:36 - 00000000 ____D () C:\Users\Hendrik\Downloads\pictures (21)
2014-10-29 15:01 - 2014-10-29 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-29 14:06 - 2014-10-29 14:06 - 00002192 _____ () C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-10-29 14:05 - 2014-10-29 14:05 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-10-27 17:43 - 2014-10-27 17:43 - 00002170 _____ () C:\Users\Hendrik\.recently-used.xbel
2014-10-27 00:15 - 2014-10-27 00:16 - 118253116 _____ () C:\Users\Hendrik\Documents\clip0917.avi
2014-10-26 23:50 - 2014-10-26 23:52 - 195895978 _____ () C:\Users\Hendrik\Documents\clip0916.avi
2014-10-25 23:09 - 2014-10-25 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-10-24 23:21 - 2014-10-24 23:21 - 25336014 _____ () C:\Users\Hendrik\Documents\clip0915.avi
2014-10-24 23:13 - 2014-10-24 23:13 - 06658282 _____ () C:\Users\Hendrik\Documents\clip0914.avi
2014-10-21 15:36 - 2014-10-21 15:36 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-21 15:36 - 2014-10-21 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-21 15:35 - 2014-10-21 15:36 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-21 15:35 - 2014-10-21 15:36 - 00000000 ____D () C:\Program Files\iTunes
2014-10-21 15:35 - 2014-10-21 15:36 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-21 15:35 - 2014-10-21 15:35 - 00000000 ____D () C:\Program Files\iPod
2014-10-21 13:47 - 2014-10-21 13:47 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\pdfforge
2014-10-20 11:42 - 2014-10-20 11:42 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Oracle
2014-10-20 11:24 - 2014-10-20 11:23 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-20 11:23 - 2014-10-20 11:23 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-20 11:23 - 2014-10-20 11:23 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-20 11:23 - 2014-10-20 11:23 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-20 11:23 - 2014-10-20 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-20 00:40 - 2014-10-20 01:10 - 2638644386 _____ () C:\Users\Hendrik\Documents\clip0913.avi
2014-10-19 18:19 - 2014-10-19 18:19 - 00613203 _____ () C:\Users\Hendrik\Downloads\Plain Cloud_1.0(1).zip
2014-10-19 17:50 - 2014-10-19 17:50 - 00613203 _____ () C:\Users\Hendrik\Downloads\Plain Cloud_1.0.zip
2014-10-19 17:18 - 2014-10-19 17:18 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Python
2014-10-19 17:18 - 2014-10-19 17:18 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\ActiveState
2014-10-19 17:10 - 2014-10-19 18:05 - 00000000 ____D () C:\Users\Hendrik\Downloads\Whatsapp_Xtract_V2.2_2012-11-17
2014-10-19 15:38 - 2014-11-04 23:21 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\Apple Inc
2014-10-15 21:36 - 2014-10-15 21:36 - 00144627 _____ () C:\Users\Hendrik\Downloads\NB SB.aac
2014-10-15 10:55 - 2014-10-15 10:55 - 00000000 ____H () C:\Users\Hendrik\Desktop\~WRL0254.tmp
2014-10-15 10:53 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 10:53 - 2014-07-07 03:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 10:53 - 2014-07-07 03:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 10:53 - 2014-07-07 03:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 10:53 - 2014-07-07 03:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 10:53 - 2014-07-07 03:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 10:53 - 2014-07-07 03:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 10:53 - 2014-07-07 03:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 10:53 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 10:53 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 10:53 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 10:53 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 10:53 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 10:53 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 10:53 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 10:53 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 10:53 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 10:53 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 10:53 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 10:53 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 10:53 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 10:52 - 2014-08-19 04:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 10:52 - 2014-08-19 04:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 10:52 - 2014-08-19 04:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 10:52 - 2014-08-19 04:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 10:52 - 2014-08-19 04:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 10:52 - 2014-08-19 04:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 10:52 - 2014-08-19 04:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 10:52 - 2014-08-19 04:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 10:52 - 2014-08-19 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 10:52 - 2014-08-19 04:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 10:52 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 10:52 - 2014-08-19 03:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 10:52 - 2014-08-19 03:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 10:52 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 10:52 - 2014-07-07 03:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 10:52 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 10:52 - 2014-07-07 03:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 10:52 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 10:52 - 2014-07-07 03:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 10:52 - 2014-07-07 03:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 10:52 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 10:52 - 2014-07-07 02:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 10:52 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 10:52 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 10:52 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 10:52 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 10:52 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 10:52 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 10:52 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 10:52 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 10:52 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 10:52 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 10:52 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 10:52 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 10:52 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 10:52 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 10:52 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 10:52 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 10:52 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 10:52 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 10:52 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 10:52 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 10:52 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 10:52 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 10:52 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 10:52 - 2014-06-28 01:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 10:52 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 10:51 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 10:51 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 10:50 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 10:50 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 10:50 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 10:50 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 10:50 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 10:50 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 10:50 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 10:50 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 10:50 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 10:50 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 10:50 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 10:50 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 10:50 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 10:50 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 10:50 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 10:50 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 10:50 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 10:50 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 10:50 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 10:50 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 10:50 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 10:50 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 10:50 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 10:50 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 10:50 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 10:50 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 10:50 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 10:50 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 10:50 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 10:50 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 10:50 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 10:50 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 10:50 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 10:50 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 10:50 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 10:50 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 10:50 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 10:50 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 10:50 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 10:50 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 10:50 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 10:50 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 10:50 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 10:50 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 10:50 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 10:50 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 10:50 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 10:50 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 10:50 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 10:50 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 10:50 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 10:50 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 10:50 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 10:50 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 10:50 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 10:50 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 10:50 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 10:49 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 10:49 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 10:48 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 10:48 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 10:48 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 10:48 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 10:48 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 10:48 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 10:48 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 10:48 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 10:48 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 10:48 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 10:48 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 10:48 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 10:48 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 10:48 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 10:46 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 10:46 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 10:46 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 10:46 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll


==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 09:54 - 2009-07-14 05:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-11 09:54 - 2009-07-14 05:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-11 09:51 - 2012-02-20 09:59 - 00000000 ___HD () C:\ASUS.DAT
2014-11-11 09:51 - 2011-11-18 22:11 - 01081600 _____ () C:\Windows\WindowsUpdate.log
2014-11-11 09:50 - 2012-04-12 17:11 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-11 09:50 - 2012-04-12 17:11 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-11 09:45 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-11 09:44 - 2014-01-03 20:01 - 00040939 _____ () C:\Windows\setupact.log
2014-11-11 07:08 - 2013-10-16 10:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-10 21:05 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-10 21:03 - 2014-02-15 20:18 - 00299502 _____ () C:\Windows\PFRO.log
2014-11-10 20:44 - 2011-11-18 22:28 - 00000000 ____D () C:\ProgramData\Temp
2014-11-10 19:51 - 2012-05-02 16:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-10 19:49 - 2013-01-12 14:29 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-10 19:21 - 2013-01-28 17:23 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{40B698CB-62BD-4EE1-A271-0656D24B8F85}
2014-11-07 15:03 - 2013-12-08 21:30 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2014-11-06 21:56 - 2013-10-19 22:00 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\vlc
2014-11-06 20:11 - 2011-11-18 22:28 - 00001860 _____ () C:\Windows\system32\ServiceFilter.ini
2014-11-06 18:28 - 2012-02-20 09:58 - 00000000 ____D () C:\Users\Hendrik
2014-11-06 15:38 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-11-06 15:31 - 2014-08-15 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2014-11-06 15:31 - 2014-08-15 16:39 - 00000000 ____D () C:\Program Files (x86)\iMobie
2014-11-05 15:55 - 2012-02-20 10:27 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Apple Computer
2014-11-04 17:58 - 2014-01-28 14:11 - 00000000 ____D () C:\Users\Hendrik\Desktop\sortieren
2014-11-04 17:07 - 2012-02-20 10:15 - 00000000 ____D () C:\Users\Hendrik\Desktop\Programme
2014-11-04 10:10 - 2013-03-18 12:04 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\uTorrent
2014-11-03 14:08 - 2012-02-20 09:59 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2014-11-02 11:26 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-01 12:33 - 2014-08-15 16:39 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\iMobie
2014-11-01 12:33 - 2014-08-15 16:39 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\iMobie_Inc
2014-10-30 12:25 - 2012-04-27 08:56 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 18:46 - 2014-10-06 11:03 - 00000000 ____D () C:\Users\Hendrik\Desktop\Bewerbungen Verena
2014-10-29 15:13 - 2012-02-20 11:41 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Skype
2014-10-29 15:02 - 2012-02-20 11:41 - 00000000 ____D () C:\ProgramData\Skype
2014-10-29 15:01 - 2014-08-11 20:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-29 13:48 - 2014-08-20 17:26 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\Adobe
2014-10-29 13:47 - 2013-10-16 10:01 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-29 13:47 - 2013-10-16 10:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-29 13:47 - 2013-10-16 10:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-27 17:46 - 2012-04-12 15:48 - 00000000 ____D () C:\Users\Hendrik\.gimp-2.6
2014-10-27 12:07 - 2011-02-19 10:08 - 00745910 _____ () C:\Windows\system32\perfh007.dat
2014-10-27 12:07 - 2011-02-19 10:08 - 00162816 _____ () C:\Windows\system32\perfc007.dat
2014-10-27 12:07 - 2009-07-14 06:13 - 01732678 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-25 23:11 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-25 23:09 - 2012-03-14 13:46 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-24 11:45 - 2012-04-12 17:11 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-24 11:45 - 2012-04-12 17:11 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-22 11:07 - 2014-06-10 18:44 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\7-PDFSplitMerge
2014-10-22 08:02 - 2012-11-20 10:20 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-10-22 07:59 - 2013-11-20 16:47 - 00000000 ____D () C:\ProgramData\MAGIX
2014-10-21 19:03 - 2012-02-20 10:27 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\Apple Computer
2014-10-21 15:35 - 2014-09-10 23:19 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-20 11:24 - 2013-10-19 11:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-20 11:23 - 2012-02-22 16:25 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-20 10:54 - 2009-07-14 05:45 - 00518968 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-19 17:25 - 2012-02-20 09:59 - 00160264 _____ () C:\Users\Hendrik\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-19 15:56 - 2013-12-17 15:19 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\C24C21DE-B653-4E21-81BE-22AF552FB2ED.aplzod
2014-10-19 15:53 - 2012-03-17 13:25 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\Microsoft Help
2014-10-17 17:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 00:16 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-15 22:29 - 2013-01-09 22:52 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-10-15 22:29 - 2012-02-22 13:47 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\DVDVideoSoft
2014-10-15 22:27 - 2012-02-22 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-10-15 17:33 - 2014-05-06 23:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 17:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 17:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 17:01 - 2012-03-17 13:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 16:47 - 2013-08-19 02:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 16:38 - 2012-10-20 09:57 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\Windows Live
2014-10-15 16:19 - 2012-02-21 18:34 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-06 14:23

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014 01
Ran by Hendrik at 2014-11-11 10:01:27
Running from C:\Users\Hendrik\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1724138799-3868663929-1243099489-1000\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-PDF Split & Merge Version 2.1.0 (Build 128) (HKLM-x32\...\7-PDF Split & Merge_is1) (Version: 7-PDF Split & Merge - Version 2.1.0 (Build 128) - 7-PDF, Germany - Thorsten Hodes)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
ANNO 1503 GOLD (HKLM-x32\...\{DB833EF9-A198-49BE-970A-BD46F30BFBB4}) (Version: 1.05.00 - )
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo StartUp Tuner 2.00 (HKLM-x32\...\Ashampoo StartUp Tuner 2_is1) (Version: 2.0.0 - ashampoo GmbH & Co. KG)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.14 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.22 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.0.6 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{33B98264-A889-4913-A0CA-C364A75032B3}) (Version: 1.1.45 - ASUS)
ASUS Secure Delete (HKLM\...\{761C6783-D3BC-48AB-8E7C-61CE918A8436}) (Version: 1.00.0007 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0033 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
Asus_PSeries_Screensaver (HKLM-x32\...\Asus_PSeries_Screensaver) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0010 - ASUS)
Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)
Audiodope 0.24 (HKLM-x32\...\Audiodope_is1) (Version:  - Audiodope Team)
AVI Splitter (HKLM-x32\...\AVI Splitter_is1) (Version:  - )
Benutzerhandbuch - Grundlagen EPSON XP-302 303 305 306 Series (HKLM-x32\...\EPSON XP-302 303 305 306 Series Bog) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5067 - CDBurnerXP)
Cinergy T USB XE V6.11.23.01 (HKLM-x32\...\Cinergy T USB XE) (Version: 6.11.23.01 - )
Cinergy T-Stick V8.08.18.01 (HKLM-x32\...\Cinergy T-Stick) (Version: 8.08.18.01 - )
ClipGrab 3.4.7 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.6.1622 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.6.1622 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version:  - NCH Software)
Diercke Globus Online (HKLM-x32\...\Diercke Globus Online) (Version: 3.1.0 - Imagon GmbH)
Dropbox (HKU\S-1-5-21-1724138799-3868663929-1243099489-1000\...\Dropbox) (Version: 2.10.29 - Dropbox, Inc.)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{30E01116-5666-4807-8EF1-D80E9FF16717}) (Version: 2.3.2.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-302 303 305 306 Series Printer Uninstall (HKLM\...\EPSON XP-302 303 305 306 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ETDWare PS/2-X64 8.0.5.3_WHQL (HKLM\...\Elantech) (Version: 8.0.5.3 - ELAN Microelectronic Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS)
Filedrop version 1.1.4 (HKLM-x32\...\{3A309583-1B4A-4C90-85EA-124EB8DB331A}_is1) (Version: 1.1.4 - Filedrop)
Folienviewer2 (HKLM-x32\...\Folienviewer2) (Version: 1.01 - Imagon GmbH)
FormatFactory 3.2.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.2.1.0 - Free Time)
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free YouTube to iPod Converter version 3.10.37.1212 (HKLM-x32\...\Free YouTube to iPod Converter_is1) (Version: 3.10.37.1212 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
HyperCam 2 (HKLM\...\HyperCam 2) (Version: 2.25.01 - Hyperionics Technology LLC)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
iExplorer 2.2.1.3 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant, LLC)
iFunbox (v2.7.2386.747), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.7.2386.747 - )
Image Resizer for Windows (64 bit) (Version: 3.0.4442.6002 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{9dfff2f7-5cd7-4fd4-9b75-7d53b042d94b}) (Version: 3.0.4442.6002 - Brice Lambson)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}) (Version: 1.1.0.0157 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JDownloader 2 (HKLM-x32\...\0630-0716-3135-7887) (Version: 2 - AppWork GmbH)
Join Air (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.31 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
ManyCam 3.0.80 (remove only) (HKLM-x32\...\ManyCam) (Version: 3.0.80 - ManyCam LLC)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1724138799-3868663929-1243099489-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Netzwerkhandbuch EPSON XP-302 303 305 306 Series (HKLM-x32\...\EPSON XP-302 303 305 306 Series Netg) (Version:  - )
Notebook Interactive Viewer (HKLM-x32\...\{24BA79B5-53F9-475C-9D49-EC4BDE8B09CF}) (Version: 9.5.126.5 - SMART Technologies Inc.)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
Opera Stable 18.0.1284.63 (HKLM-x32\...\Opera 18.0.1284.63) (Version: 18.0.1284.63 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.0.11.77 - Electronic Arts, Inc.)
PC-WELT-TuneUpSuite 1.0 (HKLM-x32\...\{36B01464-5050-4492-BAA3-46E62551EEAB}_is1) (Version:  - IDG Magazine Media GmbH)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
Politik transparent (HKLM-x32\...\{B8591E60-8A0E-43F9-A82D-7EAE368A8BBC}) (Version: 1.00.0000 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6373 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.8 - ASUS)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{A3B308B9-BE96-4334-816F-3D82B19A7DE2}) (Version: 4.1.7 - SEIKO EPSON CORPORATION)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.14 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.4.0.1 - Splashtop Inc.)
Spotify (HKU\S-1-5-21-1724138799-3868663929-1243099489-1000\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
Spyware Terminator 2012 (HKLM-x32\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.82 - Crawler.com)
StreamTransport version: 1.0.2.2171 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24482 - TeamViewer)
Torrent Stream 1.0.6 (HKU\S-1-5-21-1724138799-3868663929-1243099489-1000\...\TorrentStream) (Version: 1.0.6 - Torrent Stream)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Veetle TV (HKLM-x32\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.1 - ASUS)
Wireless Console 3 (HKLM-x32\...\{8150221C-8F7E-4997-AD4E-AFDEE7F4B410}) (Version: 3.0.21 - ASUS)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1724138799-3868663929-1243099489-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Hendrik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1724138799-3868663929-1243099489-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Hendrik\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1724138799-3868663929-1243099489-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Hendrik\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1724138799-3868663929-1243099489-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Hendrik\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1724138799-3868663929-1243099489-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Hendrik\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1724138799-3868663929-1243099489-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Hendrik\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1724138799-3868663929-1243099489-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hendrik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1724138799-3868663929-1243099489-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hendrik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1724138799-3868663929-1243099489-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hendrik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1724138799-3868663929-1243099489-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hendrik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1724138799-3868663929-1243099489-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hendrik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1724138799-3868663929-1243099489-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hendrik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1724138799-3868663929-1243099489-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hendrik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1724138799-3868663929-1243099489-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hendrik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

10-11-2014 21:28:57 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-11-10 21:05 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0DCC669E-305D-4490-A22A-DACF8ACDA332} - System32\Tasks\{2538AA23-41A8-46F9-A9B8-1600A487A194} => E:\Launch.exe
Task: {175D2B5D-9282-4DAB-AFE5-11C45F41FFB4} - System32\Tasks\Security Center Update - 1783181859 => C:\Users\Hendrik\AppData\Roaming\Gyxyewlu\useruw.exe <==== ATTENTION
Task: {3B213F98-6641-44F4-8CB8-1F4564F105BF} - System32\Tasks\Security Center Update - 279616795 => C:\Users\Hendrik\AppData\Roaming\Baexkir\ybibeq.exe <==== ATTENTION
Task: {43C8FC67-FE7A-400D-B176-A7BA5670AAC8} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe
Task: {4BD9B6A0-BF11-446B-8759-2ED56E4BF34D} - System32\Tasks\{86C211C5-1FA9-4FB3-AC24-7E9E7FB67409} => E:\Install.exe
Task: {4FEAFF65-7EAC-4AB6-B595-81CE32212A34} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-12] (Google Inc.)
Task: {5379F8D5-FD26-45BD-9BA2-807F743E5F9D} - \Security Center Update - 2964684536 No Task File <==== ATTENTION
Task: {5BCFBD93-1AF7-436D-A7B4-93DA8DB9ACE8} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2011-06-01] (ASUS)
Task: {607DF730-0AA8-4FC8-B700-0BA42F63D2F0} - System32\Tasks\Security Center Update - 3634134863 => C:\Users\Hendrik\AppData\Roaming\Vyyhxe\xunoik.exe <==== ATTENTION
Task: {74A6AE27-5B37-403C-90E2-F82BD52EFD7C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {823355DA-B080-4C2E-8E9F-D7DF9F5AE4EF} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {845121B3-024E-43FD-9DDA-813E16664F90} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {88A197AC-BAAA-491A-BB7B-74B5901A114B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-29] (Adobe Systems Incorporated)
Task: {A117D9B8-4DD6-41F5-8DF6-9B965A73444A} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2011-08-31] (ASUSTeK Computer Inc.)
Task: {B55C227F-8780-44C4-A6F6-D10F1B3D2A77} - System32\Tasks\ASUS Secure Delete => C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe [2011-01-24] ()
Task: {C1376A8C-6329-4AB1-A91F-09D10534B1E5} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {C5263A43-5637-4F45-A703-1D997E5E657A} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-05-30] (ASUS)
Task: {C86F9397-3A3B-42CA-8E8D-09C4EC4F269B} - System32\Tasks\{5E595A7B-3F2A-4C14-AE3D-C733F9915D0E} => E:\Launch.exe
Task: {DDEE7187-E174-496B-9B6A-6A10147BE6C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-12] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-05-02 22:41 - 2011-05-02 22:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-03-11 15:29 - 2009-08-31 10:43 - 00241664 _____ () C:\Program Files (x86)\Join Air\AssistantServices.exe
2010-07-15 01:11 - 2010-07-15 01:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2011-01-24 19:55 - 2011-01-24 19:55 - 00541696 _____ () C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
2011-05-02 22:41 - 2011-05-02 22:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-09-06 04:29 - 2011-05-24 01:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-03-11 15:29 - 2009-08-31 10:43 - 00132608 _____ () C:\Program Files (x86)\Join Air\UIExec.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-31 15:33 - 2011-08-31 15:33 - 00208384 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
2011-05-30 22:48 - 2011-05-30 22:48 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2009-11-02 23:20 - 2009-11-02 23:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 23:23 - 2009-11-02 23:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2011-06-10 19:49 - 2011-06-10 19:49 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2014-11-10 18:59 - 2014-11-10 19:00 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:3E7393FC
AlternateDataStreams: C:\ProgramData\Temp:D20FFA63

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Hendrik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: UIExec => "C:\Program Files (x86)\Join Air\UIExec.exe"
MSCONFIG\startupreg: Wisdom-soft AutoScreenRecorder 3.1 Free => 0

========================= Accounts: ==========================

Administrator (S-1-5-21-1724138799-3868663929-1243099489-500 - Administrator - Disabled)
Gast (S-1-5-21-1724138799-3868663929-1243099489-501 - Limited - Disabled)
Hendrik (S-1-5-21-1724138799-3868663929-1243099489-1000 - Administrator - Enabled) => C:\Users\Hendrik
HomeGroupUser$ (S-1-5-21-1724138799-3868663929-1243099489-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/10/2014 09:49:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x1dd8
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (11/10/2014 09:16:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc000000d
Fehleroffset: 0x00000000000731cb
ID des fehlerhaften Prozesses: 0x1a90
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (11/10/2014 08:15:21 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\wbem\wmiprvse.exe; Beschreibung = ComboFix created restore point; Fehler = 0x80042306).

Error: (11/10/2014 08:15:15 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{f1f23644-1228-11e1-9c08-806e6f6e6963} - 0000000000000144,0x0053c06c,00000000002503D0,0,000000000013ED60,4096,[0])". hr = 0x8007045d, Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
.


Vorgang:
  Ein Vergleichsbereichvolume wird automatisch ausgewählt
  EndPrepareSnapshots wird verarbeitet

Kontext:
  Ausführungskontext: System Provider

Error: (11/10/2014 08:15:01 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{f1f23644-1228-11e1-9c08-806e6f6e6963} - 0000000000000104,0x0053c06c,000000000013E570,0,000000000013D560,4096,[0])". hr = 0x8007045d, Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
.


Vorgang:
  Ein Vergleichsbereichvolume wird automatisch ausgewählt
  EndPrepareSnapshots wird verarbeitet

Kontext:
  Ausführungskontext: System Provider

Error: (11/10/2014 08:14:47 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{f1f23644-1228-11e1-9c08-806e6f6e6963} - 0000000000000184,0x0053c06c,000000000013E570,0,000000000013D560,4096,[0])". hr = 0x8007045d, Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
.


Vorgang:
  Ein Vergleichsbereichvolume wird automatisch ausgewählt
  EndPrepareSnapshots wird verarbeitet

Kontext:
  Ausführungskontext: System Provider

Error: (11/10/2014 08:14:31 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{f1f23644-1228-11e1-9c08-806e6f6e6963} - 000000000000018C,0x0053c06c,000000000013E570,0,000000000013D560,4096,[0])". hr = 0x8007045d, Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
.


Vorgang:
  Ein Vergleichsbereichvolume wird automatisch ausgewählt
  EndPrepareSnapshots wird verarbeitet

Kontext:
  Ausführungskontext: System Provider

Error: (11/10/2014 08:14:18 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{f1f23644-1228-11e1-9c08-806e6f6e6963} - 0000000000000144,0x0053c06c,000000000013DD70,0,000000000013CD60,4096,[0])". hr = 0x8007045d, Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
.


Vorgang:
  Ein Vergleichsbereichvolume wird automatisch ausgewählt
  EndPrepareSnapshots wird verarbeitet

Kontext:
  Ausführungskontext: System Provider

Error: (11/10/2014 07:27:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385, Zeitstempel: 0x4a5bd026
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004847e
ID des fehlerhaften Prozesses: 0x27d0
Startzeit der fehlerhaften Anwendung: 0xwmpnscfg.exe0
Pfad der fehlerhaften Anwendung: wmpnscfg.exe1
Pfad des fehlerhaften Moduls: wmpnscfg.exe2
Berichtskennung: wmpnscfg.exe3

Error: (11/10/2014 07:27:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385, Zeitstempel: 0x4a5bd026
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004847e
ID des fehlerhaften Prozesses: 0x210c
Startzeit der fehlerhaften Anwendung: 0xwmpnscfg.exe0
Pfad der fehlerhaften Anwendung: wmpnscfg.exe1
Pfad des fehlerhaften Moduls: wmpnscfg.exe2
Berichtskennung: wmpnscfg.exe3


System errors:
=============
Error: (11/11/2014 09:45:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WebcamMax, WDM Video Capture" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058

Error: (11/11/2014 09:45:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lxdu_device" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (11/10/2014 10:23:09 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Intel(R) Management and Security Application User Notification Service" wurde nicht richtig gestartet.

Error: (11/10/2014 10:21:09 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (11/10/2014 10:15:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WebcamMax, WDM Video Capture" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058

Error: (11/10/2014 10:14:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lxdu_device" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (11/10/2014 10:11:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Intel(R) Management and Security Application User Notification Service" wurde nicht richtig gestartet.

Error: (11/10/2014 10:09:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (11/10/2014 10:03:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WebcamMax, WDM Video Capture" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058

Error: (11/10/2014 10:02:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lxdu_device" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2


Microsoft Office Sessions:
=========================
Error: (08/26/2014 04:52:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1784 seconds with 960 seconds of active time.  This session ended with a crash.

Error: (04/06/2014 05:25:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 45 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/18/2014 07:27:55 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 64 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (05/16/2013 04:00:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1650 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/25/2012 03:45:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 904 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-11-10 20:52:24.253
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-10 20:52:24.211
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-26 10:55:36.047
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-26 10:55:35.965
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 47%
Total physical RAM: 4008.17 MB
Available physical RAM: 2101.68 MB
Total Pagefile: 8014.52 MB
Available Pagefile: 6003.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:11.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:153.85 GB) (Free:22.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 496B9619)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=119.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=153.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

deeprybka 11.11.2014 12:22
Hi...Wie gehts, wie stehts? ;)

Wie läuft der Rechner nach den folgenden Schritten:

Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...st/frstfix.png

Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
CloseProcesses:
HKU\S-1-5-21-1724138799-3868663929-1243099489-1000\...\Run: [Wiuhyfreyquwh] => "C:\Users\Hendrik\AppData\Roaming\Urmytiyf\ywwego.exe"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1724138799-3868663929-1243099489-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
S1 brdzkxcp; \??\C:\Windows\system32\drivers\brdzkxcp.sys [X]
S1 gucgznbc; \??\C:\Windows\system32\drivers\gucgznbc.sys [X]
S1 inqltdso; \??\C:\Windows\system32\drivers\inqltdso.sys [X]
S1 laaolckg; \??\C:\Windows\system32\drivers\laaolckg.sys [X]
S1 lxukkwfx; \??\C:\Windows\system32\drivers\lxukkwfx.sys [X]
S1 vngoazpn; \??\C:\Windows\system32\drivers\vngoazpn.sys [X]
2014-11-08 11:48 - 2014-11-08 13:38 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Gyxyewlu
2014-11-08 11:48 - 2014-11-08 13:38 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Baexkir
2014-11-08 11:48 - 2014-11-08 11:48 - 00003834 _____ () C:\Windows\System32\Tasks\Security Center Update - 1783181859
2014-11-08 11:48 - 2014-11-08 11:48 - 00003830 _____ () C:\Windows\System32\Tasks\Security Center Update - 279616795
2014-11-08 11:48 - 2014-11-08 11:48 - 00003826 _____ () C:\Windows\System32\Tasks\Security Center Update - 3634134863
2014-11-08 11:47 - 2014-11-08 13:38 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Vyyhxe
2014-11-04 22:47 - 2014-11-05 15:52 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Urmytiyf
2014-11-04 21:50 - 2014-11-06 13:44 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
File: C:\Windows\SysWOW64\acovcnt.exe
Task: {175D2B5D-9282-4DAB-AFE5-11C45F41FFB4} - System32\Tasks\Security Center Update - 1783181859 => C:\Users\Hendrik\AppData\Roaming\Gyxyewlu\useruw.exe <==== ATTENTION
Task: {3B213F98-6641-44F4-8CB8-1F4564F105BF} - System32\Tasks\Security Center Update - 279616795 => C:\Users\Hendrik\AppData\Roaming\Baexkir\ybibeq.exe <==== ATTENTION
Task: {5379F8D5-FD26-45BD-9BA2-807F743E5F9D} - \Security Center Update - 2964684536 No Task File <==== ATTENTION
Task: {607DF730-0AA8-4FC8-B700-0BA42F63D2F0} - System32\Tasks\Security Center Update - 3634134863 => C:\Users\Hendrik\AppData\Roaming\Vyyhxe\xunoik.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:3E7393FC
AlternateDataStreams: C:\ProgramData\Temp:D20FFA63
EmptyTemp:
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.

Schritt 2


Downloade Dir HitmanProhttp://deeprybka.trojaner-board.de/b.../hitmanpro.pngauf Deinen Desktop:

HitmanPro-32 Bit Version
HitmanPro-64 Bit Version
Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 4
Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.




Schritt 5

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, markiere auch die checkbox http://deeprybka.trojaner-board.de/b...t/addition.pngund drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Anchovi 11.11.2014 14:21
Hi!

Der Rechner läuft wieder sehr gut, auch mein Microsoft Security Essential meldet nach einem Schnellscan keinerlei Schadprogramme mehr. Habe aber jetzt dennoch Schritt 1 gestartet. Sollte ich die von dir beschriebenen Schritte dennoch durchführen?

LG Anchovi

Schritt 1:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014 01
Ran by Hendrik at 2014-11-11 13:56:38 Run:1
Running from C:\Users\Hendrik\Desktop\FRST
Loaded Profiles: Hendrik & DefaultAppPool (Available profiles: Hendrik & DefaultAppPool)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKU\S-1-5-21-1724138799-3868663929-1243099489-1000\...\Run: [Wiuhyfreyquwh] => "C:\Users\Hendrik\AppData\Roaming\Urmytiyf\ywwego.exe"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1724138799-3868663929-1243099489-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
S1 brdzkxcp; \??\C:\Windows\system32\drivers\brdzkxcp.sys [X]
S1 gucgznbc; \??\C:\Windows\system32\drivers\gucgznbc.sys [X]
S1 inqltdso; \??\C:\Windows\system32\drivers\inqltdso.sys [X]
S1 laaolckg; \??\C:\Windows\system32\drivers\laaolckg.sys [X]
S1 lxukkwfx; \??\C:\Windows\system32\drivers\lxukkwfx.sys [X]
S1 vngoazpn; \??\C:\Windows\system32\drivers\vngoazpn.sys [X]
2014-11-08 11:48 - 2014-11-08 13:38 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Gyxyewlu
2014-11-08 11:48 - 2014-11-08 13:38 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Baexkir
2014-11-08 11:48 - 2014-11-08 11:48 - 00003834 _____ () C:\Windows\System32\Tasks\Security Center Update - 1783181859
2014-11-08 11:48 - 2014-11-08 11:48 - 00003830 _____ () C:\Windows\System32\Tasks\Security Center Update - 279616795
2014-11-08 11:48 - 2014-11-08 11:48 - 00003826 _____ () C:\Windows\System32\Tasks\Security Center Update - 3634134863
2014-11-08 11:47 - 2014-11-08 13:38 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Vyyhxe
2014-11-04 22:47 - 2014-11-05 15:52 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Urmytiyf
2014-11-04 21:50 - 2014-11-06 13:44 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
File: C:\Windows\SysWOW64\acovcnt.exe
Task: {175D2B5D-9282-4DAB-AFE5-11C45F41FFB4} - System32\Tasks\Security Center Update - 1783181859 => C:\Users\Hendrik\AppData\Roaming\Gyxyewlu\useruw.exe <==== ATTENTION
Task: {3B213F98-6641-44F4-8CB8-1F4564F105BF} - System32\Tasks\Security Center Update - 279616795 => C:\Users\Hendrik\AppData\Roaming\Baexkir\ybibeq.exe <==== ATTENTION
Task: {5379F8D5-FD26-45BD-9BA2-807F743E5F9D} - \Security Center Update - 2964684536 No Task File <==== ATTENTION
Task: {607DF730-0AA8-4FC8-B700-0BA42F63D2F0} - System32\Tasks\Security Center Update - 3634134863 => C:\Users\Hendrik\AppData\Roaming\Vyyhxe\xunoik.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:3E7393FC
AlternateDataStreams: C:\ProgramData\Temp:D20FFA63
EmptyTemp:
*****************

Processes closed successfully.
HKU\S-1-5-21-1724138799-3868663929-1243099489-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Wiuhyfreyquwh => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1724138799-3868663929-1243099489-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
brdzkxcp => Service deleted successfully.
gucgznbc => Service deleted successfully.
inqltdso => Service deleted successfully.
laaolckg => Service deleted successfully.
lxukkwfx => Service deleted successfully.
vngoazpn => Service deleted successfully.
C:\Users\Hendrik\AppData\Roaming\Gyxyewlu => Moved successfully.
C:\Users\Hendrik\AppData\Roaming\Baexkir => Moved successfully.
C:\Windows\System32\Tasks\Security Center Update - 1783181859 => Moved successfully.
C:\Windows\System32\Tasks\Security Center Update - 279616795 => Moved successfully.
C:\Windows\System32\Tasks\Security Center Update - 3634134863 => Moved successfully.
C:\Users\Hendrik\AppData\Roaming\Vyyhxe => Moved successfully.
C:\Users\Hendrik\AppData\Roaming\Urmytiyf => Moved successfully.
C:\ProgramData\Windows Genuine Advantage => Moved successfully.

========================= File: C:\Windows\SysWOW64\acovcnt.exe ========================

MD5: 6BCAF46E2B7FA9ACE92B4D39F3037C5C
Creation and modification date: 2012-02-20 09:59 - 2014-11-03 14:08
Size: 0045056
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product Name:
Description:
File Version:
Product Version:
Copyright:

====== End Of File: ======

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{175D2B5D-9282-4DAB-AFE5-11C45F41FFB4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{175D2B5D-9282-4DAB-AFE5-11C45F41FFB4}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1783181859 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1783181859" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B213F98-6641-44F4-8CB8-1F4564F105BF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B213F98-6641-44F4-8CB8-1F4564F105BF}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 279616795 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 279616795" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5379F8D5-FD26-45BD-9BA2-807F743E5F9D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5379F8D5-FD26-45BD-9BA2-807F743E5F9D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2964684536" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{607DF730-0AA8-4FC8-B700-0BA42F63D2F0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{607DF730-0AA8-4FC8-B700-0BA42F63D2F0}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 3634134863 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3634134863" => Key deleted successfully.
C:\ProgramData\Temp => ":3E7393FC" ADS removed successfully.
C:\ProgramData\Temp => ":D20FFA63" ADS removed successfully.
EmptyTemp: => Removed 2.3 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====
Schritt 1:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014 01
Ran by Hendrik at 2014-11-11 13:56:38 Run:1
Running from C:\Users\Hendrik\Desktop\FRST
Loaded Profiles: Hendrik & DefaultAppPool (Available profiles: Hendrik & DefaultAppPool)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKU\S-1-5-21-1724138799-3868663929-1243099489-1000\...\Run: [Wiuhyfreyquwh] => "C:\Users\Hendrik\AppData\Roaming\Urmytiyf\ywwego.exe"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1724138799-3868663929-1243099489-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
S1 brdzkxcp; \??\C:\Windows\system32\drivers\brdzkxcp.sys [X]
S1 gucgznbc; \??\C:\Windows\system32\drivers\gucgznbc.sys [X]
S1 inqltdso; \??\C:\Windows\system32\drivers\inqltdso.sys [X]
S1 laaolckg; \??\C:\Windows\system32\drivers\laaolckg.sys [X]
S1 lxukkwfx; \??\C:\Windows\system32\drivers\lxukkwfx.sys [X]
S1 vngoazpn; \??\C:\Windows\system32\drivers\vngoazpn.sys [X]
2014-11-08 11:48 - 2014-11-08 13:38 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Gyxyewlu
2014-11-08 11:48 - 2014-11-08 13:38 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Baexkir
2014-11-08 11:48 - 2014-11-08 11:48 - 00003834 _____ () C:\Windows\System32\Tasks\Security Center Update - 1783181859
2014-11-08 11:48 - 2014-11-08 11:48 - 00003830 _____ () C:\Windows\System32\Tasks\Security Center Update - 279616795
2014-11-08 11:48 - 2014-11-08 11:48 - 00003826 _____ () C:\Windows\System32\Tasks\Security Center Update - 3634134863
2014-11-08 11:47 - 2014-11-08 13:38 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Vyyhxe
2014-11-04 22:47 - 2014-11-05 15:52 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Urmytiyf
2014-11-04 21:50 - 2014-11-06 13:44 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
File: C:\Windows\SysWOW64\acovcnt.exe
Task: {175D2B5D-9282-4DAB-AFE5-11C45F41FFB4} - System32\Tasks\Security Center Update - 1783181859 => C:\Users\Hendrik\AppData\Roaming\Gyxyewlu\useruw.exe <==== ATTENTION
Task: {3B213F98-6641-44F4-8CB8-1F4564F105BF} - System32\Tasks\Security Center Update - 279616795 => C:\Users\Hendrik\AppData\Roaming\Baexkir\ybibeq.exe <==== ATTENTION
Task: {5379F8D5-FD26-45BD-9BA2-807F743E5F9D} - \Security Center Update - 2964684536 No Task File <==== ATTENTION
Task: {607DF730-0AA8-4FC8-B700-0BA42F63D2F0} - System32\Tasks\Security Center Update - 3634134863 => C:\Users\Hendrik\AppData\Roaming\Vyyhxe\xunoik.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:3E7393FC
AlternateDataStreams: C:\ProgramData\Temp:D20FFA63
EmptyTemp:
*****************

Processes closed successfully.
HKU\S-1-5-21-1724138799-3868663929-1243099489-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Wiuhyfreyquwh => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1724138799-3868663929-1243099489-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
brdzkxcp => Service deleted successfully.
gucgznbc => Service deleted successfully.
inqltdso => Service deleted successfully.
laaolckg => Service deleted successfully.
lxukkwfx => Service deleted successfully.
vngoazpn => Service deleted successfully.
C:\Users\Hendrik\AppData\Roaming\Gyxyewlu => Moved successfully.
C:\Users\Hendrik\AppData\Roaming\Baexkir => Moved successfully.
C:\Windows\System32\Tasks\Security Center Update - 1783181859 => Moved successfully.
C:\Windows\System32\Tasks\Security Center Update - 279616795 => Moved successfully.
C:\Windows\System32\Tasks\Security Center Update - 3634134863 => Moved successfully.
C:\Users\Hendrik\AppData\Roaming\Vyyhxe => Moved successfully.
C:\Users\Hendrik\AppData\Roaming\Urmytiyf => Moved successfully.
C:\ProgramData\Windows Genuine Advantage => Moved successfully.

========================= File: C:\Windows\SysWOW64\acovcnt.exe ========================

MD5: 6BCAF46E2B7FA9ACE92B4D39F3037C5C
Creation and modification date: 2012-02-20 09:59 - 2014-11-03 14:08
Size: 0045056
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product Name:
Description:
File Version:
Product Version:
Copyright:

====== End Of File: ======

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{175D2B5D-9282-4DAB-AFE5-11C45F41FFB4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{175D2B5D-9282-4DAB-AFE5-11C45F41FFB4}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1783181859 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1783181859" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B213F98-6641-44F4-8CB8-1F4564F105BF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B213F98-6641-44F4-8CB8-1F4564F105BF}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 279616795 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 279616795" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5379F8D5-FD26-45BD-9BA2-807F743E5F9D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5379F8D5-FD26-45BD-9BA2-807F743E5F9D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2964684536" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{607DF730-0AA8-4FC8-B700-0BA42F63D2F0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{607DF730-0AA8-4FC8-B700-0BA42F63D2F0}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 3634134863 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3634134863" => Key deleted successfully.
C:\ProgramData\Temp => ":3E7393FC" ADS removed successfully.
C:\ProgramData\Temp => ":D20FFA63" ADS removed successfully.
EmptyTemp: => Removed 2.3 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

deeprybka 11.11.2014 14:43
Ja... Bitte alle Schritte, die sind wichtig.

Anchovi 11.11.2014 16:12
Alles klar, wird gemacht. ESET hat in den vorläufigen Suchergebnissen einen "Win32/TrojanDownloader.Wauchos.AK" Trojaner gefunden, das nur vorab, Ich lasse den Scan weiter durchlaufen und poste dann die gewünschten logs.

deeprybka 11.11.2014 16:28
Vor ESET kommt doch aber HitmanPro oder? ;)

Anchovi 11.11.2014 16:34
Ja, stimmt ;) Hab ich auch gemacht, aber wollte alle logs auf einmal posten.

Hier schonmal das log von Hitman Pro:

Code:

       
Code:

       
HitmanPro 3.7.9.232
www.hitmanpro.com

   Computer name . . . . : HENDRIK-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Hendrik-PC\Hendrik
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2014-11-11 14:23:20
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 20m 20s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 75

   Objects scanned . . . : 2.567.218
   Files scanned . . . . : 245.080
   Remnants scanned  . . : 955.306 files / 1.366.832 keys

Suspicious files ____________________________________________________________

   C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
      Size . . . . . . . : 2.116.096 bytes
      Age  . . . . . . . : 0.7 days (2014-11-10 21:33:35)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 9D17E46B4EAEC0509800C43B23765D00810EA2CEF362301BFB2E0B174DFE5AFD
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe
          0.0s C:\Users\Hendrik\Desktop\FRST\FRST64(1).exe

   C:\Users\Hendrik\Downloads\FRST64.exe
      Size . . . . . . . : 2.114.560 bytes
      Age  . . . . . . . : 4.8 days (2014-11-06 18:30:29)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 9A92493668D313771DB011C6FD2BF7B894B97281BC5E3C3DEE5C104372A33DCA
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
          0.0s C:\Users\Hendrik\Downloads\FRST64.exe
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{72C03BE5-A5FC-445A-821A-B38ECCCCE00C}
         18.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\76\2AB4A391E48B40F0.dat
         18.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\76\2AB4A391E48B40F0.dat
         18.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\76\2AB4A391E48B40F0.dat
         18.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\76\2AB4A391E48B40F0.dat
         18.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\76\2AB4A391E48B40F0.dat
         18.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\76\2AB4A391E48B40F0.dat
         18.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\76\2AB4A391E48B40F0.dat
         18.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\76\2AB4A391E48B40F0.dat
         18.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\76\2AB4A391E48B40F0.dat
         18.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\76\2AB4A391E48B40F0.dat
         18.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\76\2AB4A391E48B40F0.dat
         25.5s C:\FRST\
         25.5s C:\FRST\
         25.5s C:\FRST\Logs\
         25.5s C:\FRST\Logs\
         25.5s C:\FRST\Logs\
         25.5s C:\FRST\Logs\
         25.5s C:\FRST\Logs\
         25.5s C:\FRST\Logs\
         25.5s C:\FRST\Logs\
         25.5s C:\FRST\Logs\
         25.5s C:\FRST\Logs\
         25.5s C:\FRST\Logs\
         25.5s C:\FRST\Logs\
         25.5s C:\FRST\Logs\
         25.5s C:\FRST\Logs\
         25.5s C:\FRST\Logs\
         25.5s C:\FRST\Logs\
         25.5s C:\FRST\Logs\
         25.5s C:\FRST\Quarantine\
         25.5s C:\FRST\Quarantine\
         25.5s C:\FRST\Quarantine\
         25.5s C:\FRST\Quarantine\
         25.5s C:\FRST\Quarantine\
         25.5s C:\FRST\Quarantine\
         25.5s C:\FRST\Quarantine\
         25.5s C:\FRST\Quarantine\
         25.5s C:\FRST\Quarantine\
         25.5s C:\FRST\Quarantine\
         25.5s C:\FRST\Quarantine\
         25.5s C:\FRST\Hives\
         28.9s C:\FRST\Hives\ERDNT.INF
         28.9s C:\FRST\Hives\ERDNT.INF
         28.9s C:\FRST\Hives\ERDNT.INF
         28.9s C:\FRST\Hives\ERDNT.INF
         28.9s C:\FRST\Hives\ERDNT.INF
         28.9s C:\FRST\Hives\ERDNT.INF
         28.9s C:\FRST\Hives\ERDNT.INF
         28.9s C:\FRST\Hives\ERDNT.INF
         28.9s C:\FRST\Hives\ERDNT.INF
         28.9s C:\FRST\Hives\ERDNT.INF
         28.9s C:\FRST\Hives\ERDNT.INF
         28.9s C:\FRST\Hives\ERDNT.INF
         28.9s C:\FRST\Hives\ERDNT.INF
         28.9s C:\FRST\Hives\ERDNT.INF
         28.9s C:\FRST\Hives\ERDNT.CON
         28.9s C:\FRST\Hives\BCD
         28.9s C:\FRST\Hives\BCD
         28.9s C:\FRST\Hives\BCD
         28.9s C:\FRST\Hives\BCD
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         28.9s C:\FRST\Hives\software
         36.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26CD843E-7839-48D4-9584-C904EBDB71B8}
         36.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26CD843E-7839-48D4-9584-C904EBDB71B8}
         36.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26CD843E-7839-48D4-9584-C904EBDB71B8}
         36.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26CD843E-7839-48D4-9584-C904EBDB71B8}
         36.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26CD843E-7839-48D4-9584-C904EBDB71B8}
         36.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26CD843E-7839-48D4-9584-C904EBDB71B8}
         36.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26CD843E-7839-48D4-9584-C904EBDB71B8}
         36.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26CD843E-7839-48D4-9584-C904EBDB71B8}
         36.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26CD843E-7839-48D4-9584-C904EBDB71B8}
         36.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26CD843E-7839-48D4-9584-C904EBDB71B8}
         36.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26CD843E-7839-48D4-9584-C904EBDB71B8}
         36.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26CD843E-7839-48D4-9584-C904EBDB71B8}
         36.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26CD843E-7839-48D4-9584-C904EBDB71B8}
         36.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26CD843E-7839-48D4-9584-C904EBDB71B8}
         36.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26CD843E-7839-48D4-9584-C904EBDB71B8}
         36.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26CD843E-7839-48D4-9584-C904EBDB71B8}
         36.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26CD843E-7839-48D4-9584-C904EBDB71B8}
         36.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26CD843E-7839-48D4-9584-C904EBDB71B8}
         36.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26CD843E-7839-48D4-9584-C904EBDB71B8}
         36.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26CD843E-7839-48D4-9584-C904EBDB71B8}
         36.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26CD843E-7839-48D4-9584-C904EBDB71B8}
         36.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26CD843E-7839-48D4-9584-C904EBDB71B8}
         36.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26CD843E-7839-48D4-9584-C904EBDB71B8}
         36.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26CD843E-7839-48D4-9584-C904EBDB71B8}
         36.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{26CD843E-7839-48D4-9584-C904EBDB71B8}
         39.7s C:\FRST\Hives\system
         39.7s C:\FRST\Hives\system
         39.7s C:\FRST\Hives\system
         39.7s C:\FRST\Hives\system
         43.1s C:\FRST\Hives\default
         43.1s C:\FRST\Hives\default
         43.1s C:\FRST\Hives\default
         43.1s C:\FRST\Hives\default
         43.1s C:\FRST\Hives\default
         43.1s C:\FRST\Hives\default
         44.2s C:\FRST\Hives\security
         44.2s C:\FRST\Hives\sam
         44.2s C:\FRST\Hives\sam
         44.2s C:\FRST\Hives\sam
         44.2s C:\FRST\Hives\sam
         44.3s C:\FRST\Hives\Users\
         44.3s C:\FRST\Hives\Users\
         44.3s C:\FRST\Hives\Users\
         44.3s C:\FRST\Hives\Users\
         44.3s C:\FRST\Hives\Users\
         44.3s C:\FRST\Hives\Users\
         44.3s C:\FRST\Hives\Users\
         44.3s C:\FRST\Hives\Users\
         44.3s C:\FRST\Hives\Users\
         44.3s C:\FRST\Hives\Users\
         44.3s C:\FRST\Hives\Users\
         44.3s C:\FRST\Hives\Users\
         44.3s C:\FRST\Hives\Users\
         44.3s C:\FRST\Hives\Users\
         44.3s C:\FRST\Hives\Users\
         44.3s C:\FRST\Hives\Users\00000001\
         44.3s C:\FRST\Hives\Users\00000001\
         44.3s C:\FRST\Hives\Users\00000001\
         44.3s C:\FRST\Hives\Users\00000001\
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         44.3s C:\FRST\Hives\Users\00000001\ntuser.dat
         45.0s C:\FRST\Hives\Users\00000002\
         45.0s C:\FRST\Hives\Users\00000002\UsrClass.dat
         45.0s C:\FRST\Hives\Users\00000002\UsrClass.dat
         45.0s C:\FRST\Hives\Users\00000002\UsrClass.dat
         45.0s C:\FRST\Hives\Users\00000002\UsrClass.dat
         45.0s C:\FRST\Hives\Users\00000002\UsrClass.dat
         45.0s C:\FRST\Hives\Users\00000002\UsrClass.dat
         45.4s C:\FRST\Hives\ERDNT.EXE
         45.4s C:\FRST\Hives\ERDNT.EXE
         45.4s C:\FRST\Hives\ERDNT.EXE
         45.4s C:\FRST\Hives\ERDNT.EXE
         45.4s C:\FRST\Hives\ERDNT.EXE
         45.4s C:\FRST\Hives\ERDNT.EXE
         45.4s C:\FRST\Hives\ERDNT.EXE
         45.4s C:\FRST\Hives\ERDNT.EXE
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTWIN.LOC
         45.7s C:\FRST\Hives\ERDNTDOS.LOC
         45.7s C:\FRST\Hives\ERDNTDOS.LOC
         45.7s C:\FRST\Hives\ERDNTDOS.LOC
         45.7s C:\FRST\Hives\ERDNTDOS.LOC
         45.7s C:\FRST\Hives\ERDNTDOS.LOC
         45.7s C:\FRST\Hives\ERDNTDOS.LOC
         45.7s C:\FRST\Hives\ERDNTDOS.LOC
         45.7s C:\FRST\Hives\ERDNTDOS.LOC
         45.7s C:\FRST\Hives\ERDNTDOS.LOC
         45.8s C:\Users\Hendrik\Downloads\FRST.txt


Potential Unwanted Programs _________________________________________________

   C:\ProgramData\EmailNotifier\ (MyStart)
   C:\ProgramData\EmailNotifier\AOL.lnk (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\ (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\0\ (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\0\config.xml (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\0\confignologin.xml (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\0\configpin.xml (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\0\splash_icon.gif (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\0\splash_icon.png (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\0\tb_icon.ico (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\0\tb_icon.png (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\1\ (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\1\config.xml (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\1\confignologin.xml (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\1\configpin.xml (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\1\splash_icon.gif (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\1\splash_icon.png (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\1\tb_icon.ico (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\1\tb_icon.png (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\2\ (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\2\config.xml (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\2\confignologin.xml (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\2\configpin.xml (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\2\splash_icon.gif (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\2\splash_icon.png (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\2\tb_icon.ico (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\2\tb_icon.png (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\7\ (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\7\config.xml (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\7\confignologin.xml (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\7\configpin.xml (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\7\splash_icon.gif (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\7\splash_icon.png (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\7\tb_icon.ico (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\7\tb_icon.png (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\8\ (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\8\config.xml (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\8\confignologin.xml (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\8\configpin.xml (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\8\splash_icon.gif (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\8\splash_icon.png (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\8\tb_icon.ico (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\8\tb_icon.png (MyStart)
   C:\ProgramData\EmailNotifier\dtuser\dtUser.exe (MyStart)
      Size . . . . . . . : 338.016 bytes
      Age  . . . . . . . : 358.9 days (2013-11-17 16:07:24)
      Entropy  . . . . . : 6.9
      SHA-256  . . . . . : 4C4A4215BD2BE8FD6DC4988EB103CFEFE49FA1860DF441128C78FEC388F77B68
      Publisher  . . . . : Visicom Media Inc.
      Description  . . . : DtUser(Email)
      Version  . . . . . : 1.0.0.109
      Copyright  . . . . : © 2010-2013 Visicom Media Inc.
      RSA Key Size . . . : 2048
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 20.0
      References
         C:\ProgramData\EmailNotifier\AOL.lnk
         C:\ProgramData\EmailNotifier\Gmail.lnk
         C:\ProgramData\EmailNotifier\Hotmail.lnk
         C:\ProgramData\EmailNotifier\RRTimeWarner.lnk
         C:\ProgramData\EmailNotifier\Yahoo.lnk

   C:\ProgramData\EmailNotifier\EmailNotifier.exe (MyStart)
      Size . . . . . . . : 1.240.672 bytes
      Age  . . . . . . . : 358.9 days (2013-11-17 16:07:20)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 57A1A4AB0793689F587816A30F1E51A97C4BF0230998985854933C4349DF102F
      Product  . . . . . : Email Notifier (TimeWarner Edition)
      Publisher
      Description  . . . : Email Notifier User Interface
      Version  . . . . . : 1.0.1.22
      RSA Key Size . . . : 2048
      LanguageID . . . . : 4105
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -4.0

   C:\ProgramData\EmailNotifier\EmailNotifier.xml (MyStart)
   C:\ProgramData\EmailNotifier\EmailNotifierAPI.dll (MyStart)
      Size . . . . . . . : 858.584 bytes
      Age  . . . . . . . : 358.9 days (2013-11-17 16:07:20)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : F41783CDE97511F0DE13485FCCCB8B75A6C2EA9053ECF96D84A28EDD911E42A2
      Product  . . . . . : Email Notifier
      Publisher
      Description  . . . : Email Notifier API
      Version  . . . . . : 1.0.0.58
      RSA Key Size . . . : 2048
      LanguageID . . . . : 4105
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -4.0

   C:\ProgramData\EmailNotifier\EmailNotifierEN.lng (MyStart)
   C:\ProgramData\EmailNotifier\EmailNotifierFR.lng (MyStart)
   C:\ProgramData\EmailNotifier\EmailNotifierHI.lng (MyStart)
   C:\ProgramData\EmailNotifier\EmailNotifierPOL.lng (MyStart)
   C:\ProgramData\EmailNotifier\EmailNotifierRO.lng (MyStart)
   C:\ProgramData\EmailNotifier\EmailNotifierRU.lng (MyStart)
   C:\ProgramData\EmailNotifier\EmailNotifierTHAI.lng (MyStart)
   C:\ProgramData\EmailNotifier\EmailNotifierTUR.lng (MyStart)
   C:\ProgramData\EmailNotifier\Gmail.lnk (MyStart)
   C:\ProgramData\EmailNotifier\Hotmail.lnk (MyStart)
   C:\ProgramData\EmailNotifier\RRTimeWarner.lnk (MyStart)
   C:\ProgramData\EmailNotifier\Yahoo.lnk (MyStart)
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0C5365B7-358F-402d-A440-F1270AEF1175}\ (MyStart)
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2159D33-3CE2-401B-8967-1B270628A311}\ (MyStart)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (Iminent)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0C5365B7-358F-402d-A440-F1270AEF1175}\ (MyStart)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2159D33-3CE2-401B-8967-1B270628A311}\ (MyStart)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TBNotifier_RASAPI32\ (AskBar)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TBNotifier_RASMANCS\ (AskBar)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} (Iminent)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (Iminent)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (Iminent)
   HKU\.DEFAULT\Software\AskPartnerNetwork\ (AskBar)
   HKU\S-1-5-18\Software\AskPartnerNetwork\ (AskBar)

deeprybka 11.11.2014 16:54
:daumenhoc

Anchovi 11.11.2014 18:38
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=0767c4726381b144832d7f0389457c9a
# engine=21038
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-11 05:34:09
# local_time=2014-11-11 06:34:09 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 5378788 38707642 0 0
# scanned=455591
# found=16
# cleaned=0
# scan_time=13477
sh=6DB3990112C0F858B0E7C606166CB69B97A550AB ft=1 fh=474d3ef3e9ceed58 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mystarttb\dtuser.exe.vir"
sh=356CA08ADDEC8B345F2854C3082C3F952658CA8E ft=1 fh=af6067b861516f68 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mystarttb\mystarttb.dll.vir"
sh=06DCCB89C6121AFA797A02DA65FA95A1E4381429 ft=1 fh=74e150ef83d24130 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Debut\debut.exe.vir"
sh=EE9DCE7BBF010B312AFFA06B992E3CF8761B69A9 ft=1 fh=1029c1ef39627f0d vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Debut\debutsetup163_v1.63.exe.vir"
sh=54CA39AE404E7F38EB94E03E503E83AE2048381A ft=1 fh=8edf142583d24130 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Debut\uninst.exe.vir"
sh=31CE21FE36C11E107A6E315EFE1875743809B4CC ft=1 fh=48abcfa6ce4a4014 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Hendrik\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=6DB3990112C0F858B0E7C606166CB69B97A550AB ft=1 fh=474d3ef3e9ceed58 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\njlvxj07.default\Extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\dtuser.exe.vir"
sh=24EACADAF8910146B00A3B6146FAD19E11BFF03B ft=1 fh=5e1dc8d93e2d8e01 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst-egypt.exe"
sh=34D77A23AA7C7648948E4BFAB31F33F517A785DC ft=1 fh=11cdaad78b073df2 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst-japan.exe"
sh=E5A3C100D2D0FD94482783AF2B2FF94CDFC9923F ft=1 fh=a0ddd0619a504a2e vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst.exe"
sh=278EE35195AE43C347F49D0CA496433998E23DD4 ft=1 fh=212c5df74415422e vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\EmailNotifier\dtuser\dtUser.exe"
sh=F726A0A47B2E762D52866C371E72CB73BF22E7B1 ft=1 fh=0ab92e385352f7f8 vn="Win32/TrojanDownloader.Wauchos.AK Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\mslojpbc.exe.vir"
sh=278EE35195AE43C347F49D0CA496433998E23DD4 ft=1 fh=212c5df74415422e vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\EmailNotifier\dtuser\dtUser.exe"
sh=9B6954E1E6B36E385F81FCBC7ED3A5AB88E1865B ft=1 fh=48d725e0853640bd vn="Variante von Win32/Kryptik.CPUR Trojaner" ac=I fn="C:\Windows\Installer\{64C21AC0-8CE4-49AF-8376-1A7A72D1819D}\api-ms-win-system-wmdrmnet-l1-1-0.dll"
sh=692B8806576717A2FD740368C21F2CBFA47A034D ft=1 fh=2914790e3b2a93d5 vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="D:\Eigene Dokumente\Schule\Schuljahr 2013_14\Q1 SW\EZB-Material\EZB\PPP & Video-Dateien\FLVPlayer30Upgrade.exe"
sh=692B8806576717A2FD740368C21F2CBFA47A034D ft=1 fh=2914790e3b2a93d5 vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="D:\Eigene Dokumente\Schule\Sowi_Politik\Themen 1\Wirtschaft\Wirtschaftspolitik\EZB\PPP & Video-Dateien\FLVPlayer30Upgrade.exe"

deeprybka 11.11.2014 19:05
Bitte lasse die Datei aus der Code-Box bei
http://deeprybka.trojaner-board.de/b...virustotal.png überprüfen.
  • Klicke auf Wählen Sie eine
  • Kopiere nun folgendes in die Suchleiste
    Code:
    C:\Windows\Installer\{64C21AC0-8CE4-49AF-8376-1A7A72D1819D}\api-ms-win-system-wmdrmnet-l1-1-0.dll
  • und klicke auf Öffnen.
  • Klicke auf Scannen!.
  • Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen
    Zitat:
    Diese Datei wurde bereits von VirusTotal analysiert...
    klicke auf Neu analysieren.
  • Warte bis dir das Analysedatum angezeigt wird und der Scan abgeschlossen ist.
  • Kopiere den Link aus deiner Adresszeile und poste ihn hier.

Anchovi 11.11.2014 19:52
Farbar Service Scanner Version: 21-07-2014
Ran by Hendrik (administrator) on 11-11-2014 at 19:38:38
Running from "C:\Users\Hendrik\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by Hendrik (administrator) on HENDRIK-PC on 11-11-2014 19:40:54
Running from C:\Users\Hendrik\Desktop
Loaded Profile: Hendrik (Available profiles: Hendrik & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Join Air\AssistantServices.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Program Files (x86)\Join Air\UIExec.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Farbar) C:\Users\Hendrik\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-05-17] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-04-03] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-09] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\Join Air\UIExec.exe [132608 2009-08-31] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1724138799-3868663929-1243099489-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-1724138799-3868663929-1243099489-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-1724138799-3868663929-1243099489-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\0j0h3k4m.default-1413030961018
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Hendrik\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Webmail Ad Blocker - C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\0j0h3k4m.default-1413030961018\Extensions\gmailnoads@mywebber.com.xpi [2014-10-11]
FF Extension: Adblock Plus - C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\0j0h3k4m.default-1413030961018\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-11]

Chrome:
=======
CHR HomePage: Default -> chrome://newtab
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Users\Hendrik\AppData\Roaming\Mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.670.1) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U67) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Torrent Stream P2P Multimedia Plug-in) - C:\Users\Hendrik\AppData\Roaming\TorrentStream\player\npts.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll No File
CHR Profile: C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-16]
CHR Extension: (Google Drive) - C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-16]
CHR Extension: (Google-Suche) - C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-16]
CHR Extension: (Google Wallet) - C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-16]
CHR Extension: (Google Mail) - C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-14] (Microsoft Corporation)
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-04-03] (Crawler.com)
R2 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [241664 2009-08-31] () [File not signed]
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S2 lxdu_device; C:\Windows\system32\lxducoms.exe -service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 assd; C:\Windows\System32\Drivers\assd.sys [27264 2010-04-28] (ASUS Corporation)
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-11-10] (Emsisoft GmbH)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [34304 2012-01-11] (ManyCam LLC)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2012-02-22] (ManyCam LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-12-08] (Windows (R) Win 7 DDK provider)
S2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam64.sys [1071032 2012-04-15] (Windows (R) Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 19:40 - 2014-11-11 19:41 - 00024071 _____ () C:\Users\Hendrik\Desktop\FRST.txt
2014-11-11 19:38 - 2014-11-11 19:38 - 00002761 _____ () C:\Users\Hendrik\Desktop\FSS.txt
2014-11-11 15:02 - 2014-11-11 15:02 - 00415232 _____ (Farbar) C:\Users\Hendrik\Desktop\FSS.exe
2014-11-11 14:45 - 2014-11-11 14:46 - 02347384 _____ (ESET) C:\Users\Hendrik\Desktop\esetsmartinstaller_deu.exe
2014-11-11 14:43 - 2014-11-11 14:43 - 00078850 _____ () C:\Users\Hendrik\Desktop\HitmanPro_20141111_1443.log
2014-11-11 14:22 - 2014-11-11 14:44 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-11 14:00 - 2014-11-11 14:00 - 11222744 _____ (SurfRight B.V.) C:\Users\Hendrik\Desktop\HitmanPro_x64.exe
2014-11-11 13:55 - 2014-11-11 15:01 - 00000000 ____D () C:\Users\Hendrik\Desktop\FRST
2014-11-11 12:40 - 2014-11-11 12:40 - 00000000 ____D () C:\Users\Hendrik\Downloads\pictures (28)
2014-11-11 12:11 - 2014-11-11 14:21 - 00003856 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1381916617
2014-11-11 12:06 - 2014-11-11 12:06 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-11-11 12:06 - 2014-11-11 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-11 12:06 - 2014-11-11 12:06 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-11-11 11:54 - 2014-11-11 12:11 - 00001431 _____ () C:\Windows\SecuniaPackage.log
2014-11-11 11:36 - 2014-11-11 11:37 - 71648048 _____ (Apple Inc.) C:\Users\Hendrik\Downloads\iCloudSetup.exe
2014-11-11 11:31 - 2014-11-11 11:31 - 00001075 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-11-11 11:02 - 2014-11-11 13:55 - 00000000 ____D () C:\Users\Hendrik\Desktop\Neuer Ordner
2014-11-11 10:15 - 2014-11-11 10:15 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\Secunia PSI
2014-11-11 10:15 - 2014-11-11 10:15 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-11-10 23:15 - 2014-11-10 23:17 - 00000000 ____D () C:\EEK
2014-11-10 21:58 - 2014-11-10 22:19 - 00170280 _____ (ESET) C:\Windows\system32\Drivers\ESETCleanersDriver.sys
2014-11-10 21:58 - 2014-11-10 21:59 - 00007370 _____ () C:\Users\Hendrik\Downloads\ESETRovnixCleaner.exe_20141110.215848.8388.log
2014-11-10 21:58 - 2014-11-10 21:58 - 00064500 _____ () C:\Users\Hendrik\Downloads\ESETRovnixCleaner.exe_20141110.215848.8388.zip
2014-11-10 21:33 - 2014-11-10 21:35 - 02116096 _____ (Farbar) C:\Users\Hendrik\Desktop\FRST64(1).exe
2014-11-10 20:13 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-10 20:13 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-10 20:13 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-10 20:13 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-10 20:13 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-10 20:13 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-10 20:13 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-10 20:13 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-10 20:12 - 2014-11-10 21:29 - 00000000 ____D () C:\ComboFix
2014-11-10 20:10 - 2014-11-10 20:12 - 00000000 ____D () C:\Qoobox
2014-11-10 20:06 - 2014-11-10 21:18 - 00000000 ____D () C:\Windows\erdnt
2014-11-10 19:47 - 2014-11-10 19:47 - 00000000 ____D () C:\OETemp
2014-11-10 19:41 - 2014-11-10 19:41 - 05598341 _____ (Swearware) C:\Users\Hendrik\Downloads\ComboFix(1).exe
2014-11-10 19:40 - 2014-11-10 19:41 - 05598341 _____ (Swearware) C:\Users\Hendrik\Downloads\ComboFix.exe
2014-11-10 18:58 - 2014-11-10 19:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-08 11:21 - 2014-11-08 11:21 - 00000000 ____D () C:\Users\Hendrik\Downloads\pictures (15)
2014-11-08 10:45 - 2014-11-08 10:50 - 710442486 _____ () C:\Users\Hendrik\Documents\clip0919.avi
2014-11-07 16:38 - 2014-11-10 19:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-11-06 21:29 - 2014-11-06 21:43 - 00000000 ____D () C:\Users\Hendrik\Downloads\pictures (78)
2014-11-06 19:00 - 2014-11-10 19:51 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-06 18:59 - 2014-11-06 18:59 - 04583464 _____ (Avira Operations GmbH & Co. KG) C:\Users\Hendrik\Downloads\avira_de_av___ws.exe
2014-11-06 18:34 - 2014-11-06 18:36 - 00041719 _____ () C:\Users\Hendrik\Downloads\Addition.txt
2014-11-06 18:31 - 2014-11-10 21:47 - 00063412 _____ () C:\Users\Hendrik\Downloads\FRST.txt
2014-11-06 18:30 - 2014-11-11 19:41 - 00000000 ____D () C:\FRST
2014-11-06 18:30 - 2014-11-06 18:30 - 02114560 _____ (Farbar) C:\Users\Hendrik\Downloads\FRST64.exe
2014-11-06 18:28 - 2014-11-06 18:29 - 00000476 _____ () C:\Users\Hendrik\Downloads\defogger_disable.log
2014-11-06 18:28 - 2014-11-06 18:28 - 00000000 _____ () C:\Users\Hendrik\defogger_reenable
2014-11-06 18:27 - 2014-11-06 18:27 - 00050477 _____ () C:\Users\Hendrik\Downloads\Defogger.exe
2014-11-06 16:25 - 2014-11-06 18:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-06 16:19 - 2014-11-06 16:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-06 16:18 - 2014-11-06 16:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-06 16:18 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-06 16:18 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-06 16:18 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-06 16:16 - 2014-11-06 16:17 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Hendrik\Downloads\mbam-setup-2.0.3.1025(2).exe
2014-11-06 16:00 - 2014-11-06 16:00 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Hendrik\Downloads\mbam-setup-2.0.3.1025(1).exe
2014-11-06 15:43 - 2014-11-06 15:43 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Hendrik\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-06 12:02 - 2014-11-06 12:06 - 121435896 _____ (Microsoft Corporation) C:\Users\Hendrik\Downloads\msert(2).exe
2014-11-05 17:18 - 2014-11-05 17:18 - 01125200 _____ () C:\Users\Hendrik\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-11-05 16:42 - 2014-11-05 16:42 - 00896504 _____ (Microsoft Corporation) C:\Users\Hendrik\Downloads\mssstool64.exe
2014-11-04 17:44 - 2014-11-06 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2014-11-04 17:44 - 2014-11-06 15:30 - 00000000 ____D () C:\Program Files\Wondershare
2014-11-04 17:44 - 2014-11-04 17:44 - 00000000 ___HD () C:\Program Files (x86)\Dr.Fone_Temp
2014-11-04 17:44 - 2014-11-04 17:44 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\Wondershare
2014-11-04 17:44 - 2014-11-04 17:44 - 00000000 ____D () C:\ProgramData\Wondershare
2014-11-04 17:43 - 2014-11-04 17:43 - 00000000 ____D () C:\Users\Public\Documents\Wondershare
2014-11-04 17:16 - 2014-11-04 17:16 - 00000000 ____D () C:\Users\Hendrik\Desktop\Media
2014-11-04 17:07 - 2014-11-05 16:09 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincubate
2014-11-04 10:42 - 2014-11-04 10:47 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\WindSolutions
2014-11-04 10:42 - 2014-11-04 10:46 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-11-04 00:08 - 2014-11-04 00:08 - 00000000 ____D () C:\Users\Hendrik\.android
2014-11-03 23:53 - 2014-11-04 00:05 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-11-03 19:47 - 2014-11-03 19:47 - 09035819 _____ () C:\Users\Hendrik\Downloads\Video de maestra -Lucita Sandoval- teniendo sexo con su alumno.FLV
2014-11-03 19:46 - 2014-11-03 19:46 - 20630713 _____ () C:\Users\Hendrik\Downloads\Video de maestra -Lucita Sandoval- teniendo sexo con su alumno_3.FLV
2014-11-03 19:46 - 2014-11-03 19:46 - 20373249 _____ () C:\Users\Hendrik\Downloads\Video de maestra -Lucita Sandoval- teniendo sexo con su alumno_2.FLV
2014-11-02 00:42 - 2014-11-02 00:43 - 107254738 _____ () C:\Users\Hendrik\Documents\clip0918.avi
2014-11-01 12:32 - 2014-11-01 12:32 - 04078544 _____ (iMobie Inc. ) C:\Users\Hendrik\Downloads\phonerescue-setup.exe
2014-10-30 22:34 - 2014-10-30 22:36 - 00000000 ____D () C:\Users\Hendrik\Downloads\pictures (21)
2014-10-29 15:01 - 2014-10-29 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-29 14:06 - 2014-10-29 14:06 - 00002192 _____ () C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-10-29 14:05 - 2014-10-29 14:05 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-10-27 17:43 - 2014-10-27 17:43 - 00002170 _____ () C:\Users\Hendrik\.recently-used.xbel
2014-10-27 00:15 - 2014-10-27 00:16 - 118253116 _____ () C:\Users\Hendrik\Documents\clip0917.avi
2014-10-26 23:50 - 2014-10-26 23:52 - 195895978 _____ () C:\Users\Hendrik\Documents\clip0916.avi
2014-10-25 23:09 - 2014-10-25 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-10-24 23:21 - 2014-10-24 23:21 - 25336014 _____ () C:\Users\Hendrik\Documents\clip0915.avi
2014-10-24 23:13 - 2014-10-24 23:13 - 06658282 _____ () C:\Users\Hendrik\Documents\clip0914.avi
2014-10-21 15:36 - 2014-10-21 15:36 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-21 15:36 - 2014-10-21 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-21 15:35 - 2014-10-21 15:36 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-21 15:35 - 2014-10-21 15:36 - 00000000 ____D () C:\Program Files\iTunes
2014-10-21 15:35 - 2014-10-21 15:36 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-21 15:35 - 2014-10-21 15:35 - 00000000 ____D () C:\Program Files\iPod
2014-10-21 13:47 - 2014-10-21 13:47 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\pdfforge
2014-10-20 11:42 - 2014-10-20 11:42 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Oracle
2014-10-20 11:24 - 2014-10-20 11:23 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-20 11:23 - 2014-10-20 11:23 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-20 11:23 - 2014-10-20 11:23 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-20 11:23 - 2014-10-20 11:23 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-20 11:23 - 2014-10-20 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-20 00:40 - 2014-10-20 01:10 - 2638644386 _____ () C:\Users\Hendrik\Documents\clip0913.avi
2014-10-19 18:19 - 2014-10-19 18:19 - 00613203 _____ () C:\Users\Hendrik\Downloads\Plain Cloud_1.0(1).zip
2014-10-19 17:50 - 2014-10-19 17:50 - 00613203 _____ () C:\Users\Hendrik\Downloads\Plain Cloud_1.0.zip
2014-10-19 17:18 - 2014-10-19 17:18 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Python
2014-10-19 17:18 - 2014-10-19 17:18 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\ActiveState
2014-10-19 17:10 - 2014-10-19 18:05 - 00000000 ____D () C:\Users\Hendrik\Downloads\Whatsapp_Xtract_V2.2_2012-11-17
2014-10-19 15:38 - 2014-11-11 12:00 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\Apple Inc
2014-10-15 21:36 - 2014-10-15 21:36 - 00144627 _____ () C:\Users\Hendrik\Downloads\NB SB.aac
2014-10-15 10:55 - 2014-10-15 10:55 - 00000000 ____H () C:\Users\Hendrik\Desktop\~WRL0254.tmp
2014-10-15 10:53 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 10:53 - 2014-07-07 03:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 10:53 - 2014-07-07 03:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 10:53 - 2014-07-07 03:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 10:53 - 2014-07-07 03:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 10:53 - 2014-07-07 03:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 10:53 - 2014-07-07 03:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 10:53 - 2014-07-07 03:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 10:53 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 10:53 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 10:53 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 10:53 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 10:53 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 10:53 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 10:53 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 10:53 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 10:53 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 10:53 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 10:53 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 10:53 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 10:53 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 10:52 - 2014-08-19 04:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 10:52 - 2014-08-19 04:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 10:52 - 2014-08-19 04:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 10:52 - 2014-08-19 04:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 10:52 - 2014-08-19 04:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 10:52 - 2014-08-19 04:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 10:52 - 2014-08-19 04:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 10:52 - 2014-08-19 04:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 10:52 - 2014-08-19 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 10:52 - 2014-08-19 04:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 10:52 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 10:52 - 2014-08-19 03:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 10:52 - 2014-08-19 03:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 10:52 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 10:52 - 2014-07-07 03:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 10:52 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 10:52 - 2014-07-07 03:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 10:52 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 10:52 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 10:52 - 2014-07-07 03:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 10:52 - 2014-07-07 03:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 10:52 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 10:52 - 2014-07-07 02:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 10:52 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 10:52 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 10:52 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 10:52 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 10:52 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 10:52 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 10:52 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 10:52 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 10:52 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 10:52 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 10:52 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 10:52 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 10:52 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 10:52 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 10:52 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 10:52 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 10:52 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 10:52 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 10:52 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 10:52 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 10:52 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 10:52 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 10:52 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 10:52 - 2014-06-28 01:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 10:52 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 10:51 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 10:51 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 10:50 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 10:50 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 10:50 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 10:50 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 10:50 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 10:50 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 10:50 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 10:50 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 10:50 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 10:50 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 10:50 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 10:50 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 10:50 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 10:50 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 10:50 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 10:50 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 10:50 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 10:50 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 10:50 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 10:50 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 10:50 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 10:50 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 10:50 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 10:50 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 10:50 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 10:50 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 10:50 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 10:50 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 10:50 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 10:50 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 10:50 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 10:50 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 10:50 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 10:50 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 10:50 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 10:50 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 10:50 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 10:50 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 10:50 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 10:50 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 10:50 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 10:50 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 10:50 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 10:50 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 10:50 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 10:50 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 10:50 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 10:50 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 10:50 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 10:50 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 10:50 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 10:50 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 10:50 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 10:50 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 10:50 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 10:50 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 10:50 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 10:49 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 10:49 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 10:48 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 10:48 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 10:48 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 10:48 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 10:48 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 10:48 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 10:48 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 10:48 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 10:48 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 10:48 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 10:48 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 10:48 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 10:48 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 10:48 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 10:46 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 10:46 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 10:46 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 10:46 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 19:35 - 2009-07-14 05:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-11 19:35 - 2009-07-14 05:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-11 19:34 - 2013-12-08 21:30 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2014-11-11 19:34 - 2012-02-20 09:59 - 00000000 ___HD () C:\ASUS.DAT
2014-11-11 19:33 - 2012-04-12 17:11 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-11 19:32 - 2011-11-18 22:11 - 01147301 _____ () C:\Windows\WindowsUpdate.log
2014-11-11 19:32 - 2011-02-19 10:08 - 00745910 _____ () C:\Windows\system32\perfh007.dat
2014-11-11 19:32 - 2011-02-19 10:08 - 00162816 _____ () C:\Windows\system32\perfc007.dat
2014-11-11 19:32 - 2009-07-14 06:13 - 01732678 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-11 19:27 - 2014-02-15 20:18 - 00300926 _____ () C:\Windows\PFRO.log
2014-11-11 19:27 - 2014-01-03 20:01 - 00041051 _____ () C:\Windows\setupact.log
2014-11-11 19:27 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-11 18:09 - 2013-10-16 10:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-11 17:50 - 2012-04-12 17:11 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-11 14:21 - 2013-10-16 10:43 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-11-11 14:14 - 2011-11-18 22:28 - 00001899 _____ () C:\Windows\system32\ServiceFilter.ini
2014-11-11 12:00 - 2012-02-20 09:58 - 00000000 ____D () C:\Users\Hendrik
2014-11-11 11:55 - 2013-10-16 10:01 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-11 11:55 - 2013-10-16 10:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-11 11:55 - 2013-10-16 10:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-11 11:42 - 2012-02-20 10:27 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Apple Computer
2014-11-11 10:57 - 2014-04-26 17:15 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\.Torrent Stream
2014-11-11 10:57 - 2014-04-26 17:14 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\TorrentStream
2014-11-10 21:05 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-10 20:44 - 2011-11-18 22:28 - 00000000 ____D () C:\ProgramData\Temp
2014-11-10 19:51 - 2012-05-02 16:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-10 19:49 - 2013-01-12 14:29 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-10 19:21 - 2013-01-28 17:23 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{40B698CB-62BD-4EE1-A271-0656D24B8F85}
2014-11-06 21:56 - 2013-10-19 22:00 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\vlc
2014-11-06 15:38 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-11-06 15:31 - 2014-08-15 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2014-11-06 15:31 - 2014-08-15 16:39 - 00000000 ____D () C:\Program Files (x86)\iMobie
2014-11-04 17:58 - 2014-01-28 14:11 - 00000000 ____D () C:\Users\Hendrik\Desktop\sortieren
2014-11-04 17:07 - 2012-02-20 10:15 - 00000000 ____D () C:\Users\Hendrik\Desktop\Programme
2014-11-04 10:10 - 2013-03-18 12:04 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\uTorrent
2014-11-03 14:08 - 2012-02-20 09:59 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2014-11-02 11:26 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-01 12:33 - 2014-08-15 16:39 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\iMobie
2014-11-01 12:33 - 2014-08-15 16:39 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\iMobie_Inc
2014-10-30 12:25 - 2012-04-27 08:56 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 18:46 - 2014-10-06 11:03 - 00000000 ____D () C:\Users\Hendrik\Desktop\Bewerbungen Verena
2014-10-29 15:13 - 2012-02-20 11:41 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Skype
2014-10-29 15:02 - 2012-02-20 11:41 - 00000000 ____D () C:\ProgramData\Skype
2014-10-29 15:01 - 2014-08-11 20:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-29 13:48 - 2014-08-20 17:26 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\Adobe
2014-10-27 17:46 - 2012-04-12 15:48 - 00000000 ____D () C:\Users\Hendrik\.gimp-2.6
2014-10-25 23:11 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-25 23:09 - 2012-03-14 13:46 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-24 11:45 - 2012-04-12 17:11 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-24 11:45 - 2012-04-12 17:11 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-22 11:07 - 2014-06-10 18:44 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\7-PDFSplitMerge
2014-10-22 08:02 - 2012-11-20 10:20 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-10-22 07:59 - 2013-11-20 16:47 - 00000000 ____D () C:\ProgramData\MAGIX
2014-10-21 19:03 - 2012-02-20 10:27 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\Apple Computer
2014-10-21 15:35 - 2014-09-10 23:19 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-20 11:24 - 2013-10-19 11:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-20 11:23 - 2012-02-22 16:25 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-20 10:54 - 2009-07-14 05:45 - 00518968 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-19 17:25 - 2012-02-20 09:59 - 00160264 _____ () C:\Users\Hendrik\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-19 15:56 - 2013-12-17 15:19 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\C24C21DE-B653-4E21-81BE-22AF552FB2ED.aplzod
2014-10-19 15:53 - 2012-03-17 13:25 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\Microsoft Help
2014-10-17 17:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 00:16 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-15 22:29 - 2013-01-09 22:52 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-10-15 22:29 - 2012-02-22 13:47 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\DVDVideoSoft
2014-10-15 22:27 - 2012-02-22 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-10-15 17:33 - 2014-05-06 23:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 17:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 17:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 17:01 - 2012-03-17 13:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 16:47 - 2013-08-19 02:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 16:38 - 2012-10-20 09:57 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\Windows Live
2014-10-15 16:19 - 2012-02-21 18:34 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-06 14:23

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014 01
Ran by Hendrik at 2014-11-11 19:43:20
Running from C:\Users\Hendrik\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1724138799-3868663929-1243099489-1000\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-PDF Split & Merge Version 2.1.0 (Build 128) (HKLM-x32\...\7-PDF Split & Merge_is1) (Version: 7-PDF Split & Merge - Version 2.1.0 (Build 128) - 7-PDF, Germany - Thorsten Hodes)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\{BC8AC77D-6A6F-491F-BEED-2958F09C6CAE}) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
ANNO 1503 GOLD (HKLM-x32\...\{DB833EF9-A198-49BE-970A-BD46F30BFBB4}) (Version: 1.05.00 - )
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo StartUp Tuner 2.00 (HKLM-x32\...\Ashampoo StartUp Tuner 2_is1) (Version: 2.0.0 - ashampoo GmbH & Co. KG)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.14 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.22 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.0.6 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{33B98264-A889-4913-A0CA-C364A75032B3}) (Version: 1.1.45 - ASUS)
ASUS Secure Delete (HKLM\...\{761C6783-D3BC-48AB-8E7C-61CE918A8436}) (Version: 1.00.0007 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0033 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
Asus_PSeries_Screensaver (HKLM-x32\...\Asus_PSeries_Screensaver) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0010 - ASUS)
Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)
Audiodope 0.24 (HKLM-x32\...\Audiodope_is1) (Version:  - Audiodope Team)
AVI Splitter (HKLM-x32\...\AVI Splitter_is1) (Version:  - )
Benutzerhandbuch - Grundlagen EPSON XP-302 303 305 306 Series (HKLM-x32\...\EPSON XP-302 303 305 306 Series Bog) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5067 - CDBurnerXP)
Cinergy T USB XE V6.11.23.01 (HKLM-x32\...\Cinergy T USB XE) (Version: 6.11.23.01 - )
Cinergy T-Stick V8.08.18.01 (HKLM-x32\...\Cinergy T-Stick) (Version: 8.08.18.01 - )
ClipGrab 3.4.7 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.6.1622 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.6.1622 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version:  - NCH Software)
Diercke Globus Online (HKLM-x32\...\Diercke Globus Online) (Version: 3.1.0 - Imagon GmbH)
Dropbox (HKU\S-1-5-21-1724138799-3868663929-1243099489-1000\...\Dropbox) (Version: 2.10.29 - Dropbox, Inc.)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{30E01116-5666-4807-8EF1-D80E9FF16717}) (Version: 2.3.2.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-302 303 305 306 Series Printer Uninstall (HKLM\...\EPSON XP-302 303 305 306 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ETDWare PS/2-X64 8.0.5.3_WHQL (HKLM\...\Elantech) (Version: 8.0.5.3 - ELAN Microelectronic Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS)
Filedrop version 1.1.4 (HKLM-x32\...\{3A309583-1B4A-4C90-85EA-124EB8DB331A}_is1) (Version: 1.1.4 - Filedrop)
Folienviewer2 (HKLM-x32\...\Folienviewer2) (Version: 1.01 - Imagon GmbH)
FormatFactory 3.2.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.2.1.0 - Free Time)
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free YouTube to iPod Converter version 3.10.37.1212 (HKLM-x32\...\Free YouTube to iPod Converter_is1) (Version: 3.10.37.1212 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
HyperCam 2 (HKLM\...\HyperCam 2) (Version: 2.25.01 - Hyperionics Technology LLC)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
iExplorer 2.2.1.3 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant, LLC)
iFunbox (v2.7.2386.747), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.7.2386.747 - )
Image Resizer for Windows (64 bit) (Version: 3.0.4442.6002 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{9dfff2f7-5cd7-4fd4-9b75-7d53b042d94b}) (Version: 3.0.4442.6002 - Brice Lambson)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}) (Version: 1.1.0.0157 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JDownloader 2 (HKLM-x32\...\0630-0716-3135-7887) (Version: 2 - AppWork GmbH)
Join Air (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.31 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
ManyCam 3.0.80 (remove only) (HKLM-x32\...\ManyCam) (Version: 3.0.80 - ManyCam LLC)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1724138799-3868663929-1243099489-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Netzwerkhandbuch EPSON XP-302 303 305 306 Series (HKLM-x32\...\EPSON XP-302 303 305 306 Series Netg) (Version:  - )
Notebook Interactive Viewer (HKLM-x32\...\{24BA79B5-53F9-475C-9D49-EC4BDE8B09CF}) (Version: 9.5.126.5 - SMART Technologies Inc.)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
Opera Stable 25.0.1614.68 (HKLM-x32\...\Opera 25.0.1614.68) (Version: 25.0.1614.68 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.0.11.77 - Electronic Arts, Inc.)
PC-WELT-TuneUpSuite 1.0 (HKLM-x32\...\{36B01464-5050-4492-BAA3-46E62551EEAB}_is1) (Version:  - IDG Magazine Media GmbH)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
Politik transparent (HKLM-x32\...\{B8591E60-8A0E-43F9-A82D-7EAE368A8BBC}) (Version: 1.00.0000 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6373 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.8 - ASUS)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{A3B308B9-BE96-4334-816F-3D82B19A7DE2}) (Version: 4.1.7 - SEIKO EPSON CORPORATION)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.14 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.4.0.1 - Splashtop Inc.)
Spotify (HKU\S-1-5-21-1724138799-3868663929-1243099489-1000\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
Spyware Terminator 2012 (HKLM-x32\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.82 - Crawler.com)
StreamTransport version: 1.0.2.2171 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24482 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Veetle TV (HKLM-x32\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.1 - ASUS)
Wireless Console 3 (HKLM-x32\...\{8150221C-8F7E-4997-AD4E-AFDEE7F4B410}) (Version: 3.0.21 - ASUS)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1724138799-3868663929-1243099489-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Hendrik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1724138799-3868663929-1243099489-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Hendrik\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1724138799-3868663929-1243099489-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Hendrik\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1724138799-3868663929-1243099489-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Hendrik\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1724138799-3868663929-1243099489-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Hendrik\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1724138799-3868663929-1243099489-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Hendrik\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1724138799-3868663929-1243099489-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hendrik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1724138799-3868663929-1243099489-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hendrik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1724138799-3868663929-1243099489-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hendrik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1724138799-3868663929-1243099489-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hendrik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1724138799-3868663929-1243099489-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hendrik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1724138799-3868663929-1243099489-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hendrik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1724138799-3868663929-1243099489-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hendrik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1724138799-3868663929-1243099489-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hendrik\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-11-10 21:05 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0DCC669E-305D-4490-A22A-DACF8ACDA332} - System32\Tasks\{2538AA23-41A8-46F9-A9B8-1600A487A194} => E:\Launch.exe
Task: {43C8FC67-FE7A-400D-B176-A7BA5670AAC8} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe
Task: {4B1D4A33-E673-4903-9028-073F28635356} - System32\Tasks\Opera scheduled Autoupdate 1381916617 => C:\Program Files (x86)\Opera\launcher.exe [2014-10-29] (Opera Software)
Task: {4BD9B6A0-BF11-446B-8759-2ED56E4BF34D} - System32\Tasks\{86C211C5-1FA9-4FB3-AC24-7E9E7FB67409} => E:\Install.exe
Task: {4FEAFF65-7EAC-4AB6-B595-81CE32212A34} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-12] (Google Inc.)
Task: {5BCFBD93-1AF7-436D-A7B4-93DA8DB9ACE8} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2011-06-01] (ASUS)
Task: {74A6AE27-5B37-403C-90E2-F82BD52EFD7C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {823355DA-B080-4C2E-8E9F-D7DF9F5AE4EF} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {845121B3-024E-43FD-9DDA-813E16664F90} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {88A197AC-BAAA-491A-BB7B-74B5901A114B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)
Task: {A117D9B8-4DD6-41F5-8DF6-9B965A73444A} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2011-08-31] (ASUSTeK Computer Inc.)
Task: {B55C227F-8780-44C4-A6F6-D10F1B3D2A77} - System32\Tasks\ASUS Secure Delete => C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe [2011-01-24] ()
Task: {C1376A8C-6329-4AB1-A91F-09D10534B1E5} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {C5263A43-5637-4F45-A703-1D997E5E657A} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-05-30] (ASUS)
Task: {C86F9397-3A3B-42CA-8E8D-09C4EC4F269B} - System32\Tasks\{5E595A7B-3F2A-4C14-AE3D-C733F9915D0E} => E:\Launch.exe
Task: {DDEE7187-E174-496B-9B6A-6A10147BE6C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-12] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-05-02 22:41 - 2011-05-02 22:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-03-11 15:29 - 2009-08-31 10:43 - 00241664 _____ () C:\Program Files (x86)\Join Air\AssistantServices.exe
2010-07-15 01:11 - 2010-07-15 01:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2011-01-24 19:55 - 2011-01-24 19:55 - 00541696 _____ () C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
2011-05-02 22:41 - 2011-05-02 22:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-09-06 04:29 - 2011-05-24 01:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-03-11 15:29 - 2009-08-31 10:43 - 00132608 _____ () C:\PROGRAM FILES (X86)\JOIN AIR\UIEXEC.EXE
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-31 15:33 - 2011-08-31 15:33 - 00208384 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
2011-05-30 22:48 - 2011-05-30 22:48 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2009-11-02 23:20 - 2009-11-02 23:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 23:23 - 2009-11-02 23:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2011-06-10 19:49 - 2011-06-10 19:49 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2014-03-11 15:29 - 2009-08-31 10:43 - 00132608 _____ () C:\Program Files (x86)\Join Air\UIExec.exe
2014-11-10 18:59 - 2014-11-10 19:00 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Hendrik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: UIExec => "C:\Program Files (x86)\Join Air\UIExec.exe"
MSCONFIG\startupreg: Wisdom-soft AutoScreenRecorder 3.1 Free => 0

========================= Accounts: ==========================

Administrator (S-1-5-21-1724138799-3868663929-1243099489-500 - Administrator - Disabled)
Gast (S-1-5-21-1724138799-3868663929-1243099489-501 - Limited - Disabled)
Hendrik (S-1-5-21-1724138799-3868663929-1243099489-1000 - Administrator - Enabled) => C:\Users\Hendrik
HomeGroupUser$ (S-1-5-21-1724138799-3868663929-1243099489-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/11/2014 03:53:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/11/2014 02:46:50 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/11/2014 02:46:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/11/2014 02:46:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/11/2014 00:04:47 PM) (Source: MsiInstaller) (EventID: 1002) (User: Hendrik-PC)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageName", Wert: "") für Schlüssel "HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList".

Error: (11/11/2014 00:04:15 PM) (Source: MsiInstaller) (EventID: 1002) (User: Hendrik-PC)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageName", Wert: "") für Schlüssel "HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList".

Error: (11/11/2014 00:03:34 PM) (Source: MsiInstaller) (EventID: 1002) (User: Hendrik-PC)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageName", Wert: "") für Schlüssel "HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList".

Error: (11/11/2014 11:44:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ApplePhotoStreams.exe, Version: 7.15.7.3, Zeitstempel: 0x53d97094
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000ce753
ID des fehlerhaften Prozesses: 0x910
Startzeit der fehlerhaften Anwendung: 0xApplePhotoStreams.exe0
Pfad der fehlerhaften Anwendung: ApplePhotoStreams.exe1
Pfad des fehlerhaften Moduls: ApplePhotoStreams.exe2
Berichtskennung: ApplePhotoStreams.exe3

Error: (11/11/2014 10:34:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.9016, Zeitstempel: 0x52a1d50f
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000332b0
ID des fehlerhaften Prozesses: 0x15a8
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3

Error: (11/10/2014 09:49:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x1dd8
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3


System errors:
=============
Error: (11/11/2014 07:28:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WebcamMax, WDM Video Capture" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058

Error: (11/11/2014 07:28:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lxdu_device" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (11/11/2014 04:06:29 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (11/11/2014 02:23:27 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (11/11/2014 02:19:32 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (11/11/2014 02:14:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WebcamMax, WDM Video Capture" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058

Error: (11/11/2014 02:13:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lxdu_device" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (11/11/2014 02:11:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (11/11/2014 02:11:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (11/11/2014 02:11:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll


Microsoft Office Sessions:
=========================
Error: (08/26/2014 04:52:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1784 seconds with 960 seconds of active time.  This session ended with a crash.

Error: (04/06/2014 05:25:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 45 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/18/2014 07:27:55 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 64 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (05/16/2013 04:00:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1650 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/25/2012 03:45:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 904 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-11-10 20:52:24.253
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-10 20:52:24.211
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-26 10:55:36.047
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-26 10:55:35.965
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 45%
Total physical RAM: 4008.17 MB
Available physical RAM: 2197.08 MB
Total Pagefile: 8014.52 MB
Available Pagefile: 6156.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:14.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:153.85 GB) (Free:22.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 496B9619)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=119.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=153.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:28 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131