Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: CPU ständig bei 100% (svchost.exe?) (https://www.trojaner-board.de/167412-windows-7-cpu-staendig-100-svchost-exe.html)

smacko 30.05.2015 20:17
Windows 7: CPU ständig bei 100% (svchost.exe?)
 
Hallo zusammen,
ich habe das Problem dass meine CPU Leistung seit ca. 2 Wochen bei der Nutzung von Firefox und sehr merklich beim Abspielen von YouTube Videos durchgehend auf 100% läuft.

Ab und zu hilft das Beenden des cpu-lastigsten svchost.exe Prozesses als Notlösung wenn gar nichts mehr geht. Das bringt aber natürlich Probleme mit sich.

Würd mich sehr über eure Hilfe freuen.
Danke im Voraus.

LG,
smacko



defogger:
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:51 on 30/05/2015 (mack)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by mack (administrator) on MACKTRON on 30-05-2015 19:58:40
Running from C:\Users\mack\Downloads
Loaded Profiles: mack (Available Profiles: mack)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(syncables, LLC) C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Akamai Technologies, Inc.) C:\Users\mack\AppData\Local\Akamai\netsession_win.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Sun Microsystems, Inc.) C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Akamai Technologies, Inc.) C:\Users\mack\AppData\Local\Akamai\netsession_win.exe
(Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
() C:\Program Files (x86)\dcmsvc\dcmsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
() C:\Program Files (x86)\Multimedia Mouse Driver\V5\MouseDrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Digital Dynamic\Advanced Backup Manager\backupsvc5.exe
() C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
() C:\Program Files (x86)\3DataManager\WTGService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\ipmgui.exe
(Sysinternals - www.sysinternals.com) C:\Users\mack\Downloads\ProcessExplorer_16.5\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\mack\AppData\Local\Temp\procexp64.exe
(Trend Micro Inc.) C:\Users\mack\Downloads\HijackThis(1).exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ISW] => C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-22] (Check Point Software Technologies)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-08-17] ()
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6937216 2009-10-09] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-20] (ASUS)
HKLM-x32\...\Run: [WireLessMouse] => C:\Program Files (x86)\Multimedia Mouse Driver\V5\StartAutorun.exe MouseDrv.exe
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-03-27] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [dcmsvc] => C:\Program Files (x86)\dcmsvc\dcmsvc.exe [30440 2009-04-07] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.OE.Systray.exe [128760 2015-05-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [728312 2015-04-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\Run: [Syncables] => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-04-05] (syncables, LLC)
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\Run: [Power2GoExpress] => [X]
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\Run: [Akamai NetSession Interface] => C:\Users\mack\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-15] (SUPERAntiSpyware)
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe [927920 2015-04-22] (Adobe Systems Incorporated)
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\MountPoints2: {8e832868-11af-11e0-acf0-001fcf408320} - F:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\MountPoints2: {c8880572-fd18-11df-ad6f-20cf3033e58b} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\MountPoints2: {d8947aa0-10d3-11e0-a920-001fcf408320} - F:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\MountPoints2: {eb39ce17-b349-11e1-bfa4-001fcf408320} - H:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\MountPoints2: {eb39ce47-b349-11e1-bfa4-20cf3033e58b} - F:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\MountPoints2: {eb39cea8-b349-11e1-bfa4-20cf3033e58b} - F:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\MountPoints2: {f4cd0703-de88-11df-99bd-20cf3033e58b} - F:\AutoRun.exe
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\MountPoints2: {f4cd0706-de88-11df-99bd-20cf3033e58b} - F:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2010-08-17]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2010-08-17]
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-3116657491-1295945133-2050658187-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3116657491-1295945133-2050658187-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3116657491-1295945133-2050658187-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-3116657491-1295945133-2050658187-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-24] (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-11-22] (Check Point Software Technologies)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-24] (Oracle Corporation)
BHO-x32: No Name -> {000123B4-9B42-4900-B3F7-F4B073EFC214} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27] (Oracle Corporation)
BHO-x32: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-11-22] (Check Point Software Technologies)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2011-12-28] ()
BHO-x32: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} ->  No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27] (Oracle Corporation)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-11-22] (Check Point Software Technologies)
Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-11-22] (Check Point Software Technologies)
Toolbar: HKU\S-1-5-21-3116657491-1295945133-2050658187-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-3116657491-1295945133-2050658187-1001 -> ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-11-22] (Check Point Software Technologies)
Toolbar: HKU\S-1-5-21-3116657491-1295945133-2050658187-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-09-24] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-09-24] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-09-24] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-09-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-22] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-22] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll [2012-11-22] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nosltd.com/getPlus+(R),version=1.6.2.90 -> C:\Program Files (x86)\NOS\bin\np_gp.dll [2010-08-13] (NOS Microsystems Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-06-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-06-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-06-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-06-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-06-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll [2010-08-13] (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\searchplugins\google-images.xml [2014-11-28]
FF SearchPlugin: C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\searchplugins\google-maps.xml [2014-11-28]
FF SearchPlugin: C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\searchplugins\google-sterreich.xml [2013-12-07]
FF SearchPlugin: C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\searchplugins\wolframalpha.xml [2010-11-03]
FF Extension: Avira Browser Safety - C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\Extensions\abs@avira.com [2015-05-24]
FF Extension: Logitech Device Detection - C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\Extensions\DeviceDetection@logitech.com [2012-04-28]
FF Extension: Free Download Manager plugin - C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\Extensions\fdm_ffext@freedownloadmanager.org [2012-11-22]
FF Extension: FoxyProxy Standard - C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\Extensions\foxyproxy@eric.h.jung [2014-09-23]
FF Extension: TinEye Reverse Image Search - C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\Extensions\tineye@ideeinc.com [2011-03-30]
FF Extension: Personas Plus - C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\Extensions\personas@christopher.beard.xpi [2013-05-18]
FF Extension: Tab Auto Reload - C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\Extensions\TabAutoReload@schuzak.jp.xpi [2014-03-28]
FF Extension: Video DownloadHelper - C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: Adblock Plus - C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-08-16]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2015-05-17]
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011-11-23]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013-05-26]
FF HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\mack\AppData\Roaming\11001
FF Extension: Java String Helper - C:\Users\mack\AppData\Roaming\11001 [2012-03-18]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Profile: C:\Users\mack\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ask Toolbar) - C:\Users\mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaamnjcfigiihfpfilaaiifgdgfogcg [2013-03-09]
CHR Extension: (Google Drive) - C:\Users\mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-30]
CHR Extension: (YouTube) - C:\Users\mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-30]
CHR Extension: (Google Search) - C:\Users\mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-30]
CHR Extension: (Gmail) - C:\Users\mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-30]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaamnjcfigiihfpfilaaiifgdgfogcg] - C:\Users\mack\AppData\Local\APN\GoogleCRXs\aaaamnjcfigiihfpfilaaiifgdgfogcg_7.17.2.0.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-13] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [827640 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1185584 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [206584 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 backupsvc5; C:\Program Files (x86)\Digital Dynamic\Advanced Backup Manager\backupsvc5.exe [1404928 2015-04-29] () [File not signed]
R2 BlueSoleil Hid Service; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe [166520 2007-12-27] ()
S2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [231936 2009-02-17] () [File not signed]
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies)
S2 libusbd; C:\Windows\SysWOW64\libusbd-nt.exe [18944 2005-03-09] (hxxp://libusb-win32.sourceforge.net) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [66112 2010-08-13] (NOS Microsystems Ltd.)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Start BT in service; C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [51816 2007-12-27] ()
S3 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [1249064 2011-07-29] ()
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-03-27] (Check Point Software Technologies LTD)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTGService; C:\Program Files (x86)\3DataManager\WTGService.exe [312784 2009-10-12] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-04-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-04-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-04-16] (Avira Operations GmbH & Co. KG)
R3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [37896 2007-06-24] (IVT Corporation.)
R3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [37896 2007-06-24] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [37384 2007-06-24] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\SysWOW64\DRIVERS\BlueletSCOAudio.sys [37384 2007-06-24] (IVT Corporation.)
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [25360 2007-03-05] (IVT Corporation.)
R3 BT; C:\Windows\SysWOW64\DRIVERS\btnetdrv.sys [25360 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47368 2007-06-24] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\SysWOW64\Drivers\btcusb.sys [47368 2007-06-24] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [24976 2007-03-05] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\SysWOW64\Drivers\vbtenum.sys [24976 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [49680 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\SysWOW64\Drivers\BTHidMgr.sys [49680 2007-03-05] (IVT Corporation.)
S3 ewusbnet; C:\Windows\SysWOW64\DRIVERS\ewusbnet.sys [216576 2010-12-27] (Huawei Technologies Co., Ltd.) [File not signed]
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [117248 2009-09-10] (Huawei Technologies Co., Ltd.) [File not signed]
S3 hwusbdev; C:\Windows\SysWOW64\DRIVERS\ewusbdev.sys [114560 2010-12-27] (Huawei Technologies Co., Ltd.) [File not signed]
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies)
S3 jlink; C:\Windows\System32\DRIVERS\jlinkx64.sys [32376 2014-07-31] (SEGGER Microcontroller Systeme GmbH)
S3 JLinkCDC_x64; C:\Windows\System32\DRIVERS\JLinkCDC_x64.sys [263928 2015-03-26] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [33792 2005-03-09] () [File not signed]
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-07-17] ()
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [47120 2007-03-05] (IVT Corporation.)
R3 VComm; C:\Windows\SysWOW64\DRIVERS\VComm.sys [47120 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [63248 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\SysWOW64\Drivers\VcommMgr.sys [63248 2007-03-05] (IVT Corporation.)
S3 VHidMinidrv; C:\Windows\System32\drivers\VHIDMini.sys [23184 2007-03-05] (IVT Corporation.)
S3 VHidMinidrv; C:\Windows\SysWOW64\drivers\VHIDMini.sys [23184 2007-03-05] (IVT Corporation.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-07-21] (Cisco Systems, Inc.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD)
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-30 19:58 - 2015-05-30 19:59 - 00032093 _____ () C:\Users\mack\Downloads\FRST.txt
2015-05-30 19:58 - 2015-05-30 19:58 - 02108928 _____ (Farbar) C:\Users\mack\Downloads\FRST64.exe
2015-05-30 19:58 - 2015-05-30 19:58 - 00000000 ____D () C:\FRST
2015-05-30 19:33 - 2015-05-30 19:33 - 00003128 _____ () C:\Windows\System32\Tasks\{AA605E1C-0221-47B8-86ED-F66D07642371}
2015-05-30 19:32 - 2015-05-30 19:32 - 00388608 _____ (Trend Micro Inc.) C:\Users\mack\Downloads\HijackThis(1).exe
2015-05-30 19:29 - 2015-05-30 19:29 - 00015320 _____ () C:\Users\mack\Downloads\hijackthis.xml
2015-05-30 19:28 - 2015-05-30 19:28 - 00015519 _____ () C:\Users\mack\Downloads\hijackthis.txt
2015-05-30 19:18 - 2015-05-30 19:18 - 00003122 _____ () C:\Windows\System32\Tasks\{06D451D2-AFBF-4929-BAD0-E01B27682368}
2015-05-28 19:09 - 2015-05-28 19:09 - 00022693 _____ () C:\Users\mack\AppData\Local\recently-used.xbel
2015-05-27 20:01 - 2015-05-27 20:01 - 00000000 _____ () C:\Users\mack\AppData\Local\{4DA5B918-4694-4E02-B4AA-CCBEF9D0FB65}
2015-05-24 13:00 - 2015-04-16 15:23 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-24 13:00 - 2015-04-16 15:23 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-24 13:00 - 2015-04-16 15:23 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-05-24 13:00 - 2015-04-16 15:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-05-24 12:54 - 2015-05-24 13:00 - 00000000 ____D () C:\ProgramData\Avira
2015-05-24 12:54 - 2015-05-24 13:00 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-05-24 12:54 - 2015-05-24 12:54 - 00001213 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-05-23 20:16 - 2015-05-23 20:16 - 00047279 _____ () C:\Users\mack\Downloads\Hot_Fuzz_2007.x264-SEPTiC.en.zip
2015-05-23 20:11 - 2015-05-23 20:11 - 00046085 _____ () C:\Users\mack\Downloads\Hot_Fuzz_2007.DVDRip.eng-RETAIL.en.zip
2015-05-23 20:10 - 2015-05-23 20:11 - 00049410 _____ () C:\Users\mack\Downloads\Hot_Fuzz_2007.DVDRip.HI.en.zip
2015-05-23 19:48 - 2015-05-23 19:49 - 00045517 _____ () C:\Users\mack\Downloads\Hot_Fuzz_2007.aXXo.en.zip
2015-05-22 20:28 - 2015-05-22 20:38 - 00000000 ____D () C:\Users\mack\Downloads\XMC_Tutorial_Movinglight_(PWM,_DMX)
2015-05-22 20:26 - 2015-05-22 20:26 - 00010413 ____R () C:\Users\mack\Downloads\XMC_Tutorial_Movinglight_(PWM,_DMX).zip
2015-05-22 09:14 - 2015-05-22 13:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-05-17 11:53 - 2015-05-17 11:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-14 09:14 - 2015-05-14 11:03 - 00000000 ____D () C:\Users\mack\AppData\Roaming\FreeCAD
2015-05-14 09:14 - 2015-05-14 09:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCAD 0.15
2015-05-14 09:11 - 2015-05-24 15:07 - 00000000 ____D () C:\Program Files (x86)\FreeCAD 0.15
2015-05-14 08:46 - 2015-05-15 07:53 - 00000000 ____D () C:\Users\mack\Documents\R@D@
2015-05-13 17:42 - 2015-05-15 14:30 - 00000000 ____D () C:\Users\mack\WBStool8
2015-05-13 17:42 - 2015-05-13 17:42 - 00000842 _____ () C:\Users\mack\Desktop\WBStool8.lnk
2015-05-13 17:24 - 2015-05-13 17:24 - 01005568 _____ (Microsoft Corporation) C:\Users\mack\Downloads\dotNetFx45_Full_setup.exe
2015-05-13 17:22 - 2015-05-13 17:24 - 00020950 _____ () C:\Users\mack\Downloads\Start.zip
2015-05-13 17:22 - 2015-05-13 17:24 - 00000000 ____D () C:\Users\mack\Downloads\Start
2015-05-13 07:00 - 2015-05-13 07:00 - 00000000 _____ () C:\Users\mack\AppData\Local\{BC2E3E8D-AA4D-457E-8C78-FB09BEEA2E2A}
2015-05-12 21:38 - 2015-05-12 21:38 - 00000000 ____D () C:\Users\mack\Documents\ASUS
2015-05-12 21:37 - 2015-05-12 21:37 - 00000000 ____D () C:\Users\mack\AppData\Local\ASUS
2015-05-12 21:37 - 2015-05-12 21:37 - 00000000 ____D () C:\ProgramData\ASUS
2015-05-12 13:07 - 2015-05-12 13:07 - 00000000 ____D () C:\Users\mack\Downloads\Weatherstation_2013_FIXED
2015-05-12 13:06 - 2015-05-12 13:06 - 00015591 _____ () C:\Users\mack\Downloads\Weatherstation_2013_FIXED.zip
2015-05-11 20:49 - 2015-05-11 20:49 - 00036815 _____ () C:\Users\mack\Downloads\at.the.circus.(1939).eng.1cd.(3277437).zip
2015-05-02 10:24 - 2015-05-02 10:24 - 00000000 ____D () C:\Users\mack\Downloads\r2poster_final
2015-05-02 09:56 - 2015-05-02 10:16 - 39503040 _____ () C:\Users\mack\Downloads\r2poster_final.zip
2015-04-30 22:24 - 2015-04-30 22:57 - 00000000 ____D () C:\Users\mack\AppData\Roaming\MusicBee
2015-04-30 22:23 - 2015-04-30 22:23 - 00000000 ____D () C:\Users\mack\Downloads\MusicBeeSetup_2_4
2015-04-30 22:23 - 2015-04-30 22:23 - 00000000 ____D () C:\Users\mack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MusicBee
2015-04-30 22:23 - 2015-04-30 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBee
2015-04-30 22:23 - 2015-04-30 22:23 - 00000000 ____D () C:\Program Files (x86)\MusicBee
2015-04-30 21:49 - 2015-04-30 22:08 - 15481103 _____ () C:\Users\mack\Downloads\MusicBeeSetup_2_4.zip
2015-04-30 06:34 - 2015-04-30 06:34 - 00000000 ____D () C:\Backups

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-30 19:36 - 2015-04-10 15:18 - 00015323 _____ () C:\Users\mack\Downloads\hijackthis.log
2015-05-30 19:32 - 2011-01-06 00:10 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-30 19:11 - 2010-10-16 14:53 - 00000000 ____D () C:\Users\mack\AppData\Roaming\vlc
2015-05-30 19:06 - 2011-01-06 00:10 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-30 19:00 - 2012-11-15 01:30 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-29 07:42 - 2009-08-04 11:51 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2015-05-29 07:42 - 2009-08-04 11:51 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2015-05-29 07:42 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-28 19:14 - 2012-05-25 22:28 - 00000000 ____D () C:\Users\mack\.gimp-2.8
2015-05-28 17:58 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-28 17:57 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-28 17:47 - 2010-08-17 04:11 - 01314423 _____ () C:\Windows\WindowsUpdate.log
2015-05-28 17:28 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-28 17:28 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-28 08:35 - 2015-03-14 14:54 - 00007175 _____ () C:\Windows\setupact.log
2015-05-27 20:52 - 2010-10-16 11:53 - 00000000 ___HD () C:\ASUS.DAT
2015-05-27 19:55 - 2012-04-28 18:30 - 00007604 _____ () C:\Users\mack\AppData\Local\resmon.resmoncfg
2015-05-27 16:52 - 2010-10-16 11:52 - 00000000 ____D () C:\Users\mack
2015-05-25 08:55 - 2010-08-17 04:49 - 00001476 _____ () C:\Windows\system32\ServiceFilter.ini
2015-05-25 08:54 - 2015-03-30 08:27 - 00447506 _____ () C:\Windows\PFRO.log
2015-05-24 13:04 - 2015-04-12 14:16 - 00000000 ____D () C:\Users\mack\AppData\Roaming\Avira
2015-05-24 13:02 - 2015-04-12 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-24 12:55 - 2015-04-12 14:02 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-24 12:54 - 2015-04-10 15:40 - 04737144 _____ (Avira Operations GmbH & Co. KG) C:\Users\mack\Downloads\avira_de_av_5527d27f8a46b__ws.exe
2015-05-23 13:09 - 2010-11-11 09:23 - 00000000 ____D () C:\Users\mack\AppData\Local\PokerStars.EU
2015-05-22 19:13 - 2012-05-03 10:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-21 09:17 - 2013-05-25 22:01 - 00452096 ___SH () C:\Users\mack\Desktop\Thumbs.db
2015-05-18 16:51 - 2012-02-08 11:56 - 00000000 ____D () C:\Users\mack\AppData\Local\Eclipse
2015-05-18 16:11 - 2010-10-17 19:12 - 00000000 ____D () C:\Users\mack\AppData\Local\FreePDF_XP
2015-05-18 16:10 - 2010-10-17 19:12 - 00013020 _____ () C:\fpRedmon.log
2015-05-17 10:27 - 2011-01-06 00:10 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 10:27 - 2011-01-06 00:10 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 11:10 - 2012-03-13 23:45 - 00000000 ____D () C:\Users\mack\workspace
2015-05-15 16:52 - 2010-12-07 14:54 - 00000000 ____D () C:\Users\mack\AppData\Roaming\inkscape
2015-05-13 17:37 - 2010-10-17 19:49 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-13 00:39 - 2014-03-19 19:19 - 00000000 ____D () C:\Users\mack\AppData\Roaming\CodeBlocks
2015-05-10 17:36 - 2014-12-11 15:11 - 00000000 ____D () C:\Users\mack\AppData\Roaming\Notepad++
2015-05-04 21:40 - 2010-11-11 09:21 - 00000000 ____D () C:\Program Files (x86)\PokerStars
2015-04-30 13:07 - 2015-04-15 06:46 - 00000000 ____D () C:\Users\mack\AppData\Local\JDownloader 2.0

==================== Files in the root of some directories =======

2014-11-26 17:37 - 2014-11-26 17:42 - 352321536 _____ () C:\Program Files (x86)\pmagic_2013_08_01.iso
2015-04-12 08:30 - 2015-04-12 08:30 - 1125626 _____ () C:\Program Files (x86)\ProcessExplorer_16.5.zip
2012-03-16 00:49 - 2012-03-19 12:32 - 0000065 _____ () C:\Users\mack\AppData\Roaming\AcroIEHelpe.txt
2011-01-06 09:01 - 2011-01-06 09:01 - 4182178 _____ (The Public) C:\Users\mack\AppData\Roaming\Avisynth.exe
2011-01-06 09:01 - 2011-01-06 09:01 - 5243208 _____ (                                                            ) C:\Users\mack\AppData\Roaming\AvsP.exe
2011-01-06 09:01 - 2011-01-06 09:01 - 4284535 _____ (ffdshow                                                    ) C:\Users\mack\AppData\Roaming\ffdshow.exe
2011-01-06 09:01 - 2011-01-06 09:01 - 2169915 _____ (LIGHTNING UK!) C:\Users\mack\AppData\Roaming\Imgburn.exe
2011-01-06 09:01 - 2011-01-06 09:02 - 7760687 _____ (Boraxsoft) C:\Users\mack\AppData\Roaming\SetupGFD.exe
2012-03-16 00:49 - 2012-03-16 00:49 - 0000136 _____ () C:\Users\mack\AppData\Roaming\srvblck2.tmp
2012-03-16 16:15 - 2012-03-16 16:15 - 0000014 _____ () C:\Users\mack\AppData\Roaming\urhtps.dat
2010-10-20 12:13 - 2015-02-05 14:29 - 0000600 _____ () C:\Users\mack\AppData\Roaming\winscp.rnd
2011-01-06 09:01 - 2011-01-06 09:01 - 0642685 _____ (Xvid team                                                  ) C:\Users\mack\AppData\Roaming\xvid.exe
2012-11-17 00:21 - 2012-11-17 00:21 - 0003584 _____ () C:\Users\mack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-12-21 09:23 - 2010-12-21 09:23 - 0000092 _____ () C:\Users\mack\AppData\Local\fusioncache.dat
2015-05-28 19:09 - 2015-05-28 19:09 - 0022693 _____ () C:\Users\mack\AppData\Local\recently-used.xbel
2012-04-28 18:30 - 2015-05-27 19:55 - 0007604 _____ () C:\Users\mack\AppData\Local\resmon.resmoncfg
2015-05-27 20:01 - 2015-05-27 20:01 - 0000000 _____ () C:\Users\mack\AppData\Local\{4DA5B918-4694-4E02-B4AA-CCBEF9D0FB65}
2014-06-17 18:54 - 2014-06-17 18:54 - 0000000 _____ () C:\Users\mack\AppData\Local\{AD4E2A5B-8F1C-4261-A7B2-3DB6F2A5ED60}
2015-05-13 07:00 - 2015-05-13 07:00 - 0000000 _____ () C:\Users\mack\AppData\Local\{BC2E3E8D-AA4D-457E-8C78-FB09BEEA2E2A}
2011-05-11 11:33 - 2011-05-11 11:33 - 0000000 _____ () C:\Users\mack\AppData\Local\{D448B147-BA49-49DE-82A6-A8D0AA808360}
2011-05-21 16:27 - 2011-05-21 16:27 - 0000000 _____ () C:\Users\mack\AppData\Local\{E700C3C4-2E00-4AE3-B562-67FDE080E09B}
2010-10-16 20:10 - 2010-10-16 20:10 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-08-17 04:32 - 2009-12-24 14:38 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-10-16 21:23 - 2010-10-17 13:39 - 0009627 _____ () C:\ProgramData\hpzinstall.log
2010-08-17 04:28 - 2010-08-17 04:28 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-08-17 04:27 - 2010-08-17 04:28 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Files to move or delete:
====================
C:\Users\Public\dcmsvcsetup.exe
C:\Users\Public\invokesi.exe


Some files in TEMP:
====================
C:\Users\mack\AppData\Local\Temp\avgnt.exe
C:\Users\mack\AppData\Local\Temp\procexp64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 10:55

==================== End of log ============================

Addition:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by mack at 2015-05-30 20:00:51
Running from C:\Users\mack\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3116657491-1295945133-2050658187-500 - Administrator - Disabled)
Gast (S-1-5-21-3116657491-1295945133-2050658187-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3116657491-1295945133-2050658187-1005 - Limited - Enabled)
mack (S-1-5-21-3116657491-1295945133-2050658187-1001 - Administrator - Enabled) => C:\Users\mack

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29677 - BitTorrent Inc.)
3DataManager (HKLM-x32\...\3DataManager) (Version: 2.2 - 3DataManager)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.90 - NOS Microsystems Ltd.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Advanced Backup Manager 4.4.15108.883 (HKLM\...\Advanced Backup Manager) (Version: 4.4.15108.883 - Digital Dynamic)
AFPL Ghostscript 8.53 (HKLM\...\AFPL Ghostscript 8.53) (Version:  - )
AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version:  - )
Akamai NetSession Interface (HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
Any Video Converter 5.7.6 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.17.7.0 - Ask.com) <==== ATTENTION
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.29 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ASUS_UL_Series_Screensaver (HKLM-x32\...\ASUS_UL_Series_Screensaver) (Version:  - )
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0053 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0007 - ASUS)
Audacity 1.3.12 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Autodesk Design Review 2011 (HKLM-x32\...\Autodesk Design Review 2011) (Version: 11.0.0.86 - Autodesk, Inc.)
Autodesk Design Review 2011 (x32 Version: 11.0.0.86 - Autodesk, Inc.) Hidden
Avira (HKLM-x32\...\{022ef99f-0db2-4efc-964d-5dd2da3151f6}) (Version: 1.1.37.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.37.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
AvsP (HKLM-x32\...\AvsP_is1) (Version:  - )
Bluesoleil2.7.0.13 VoIP Release 071227 (HKLM-x32\...\{8F85CC2C-4B26-4CF6-B835-DC59BCEDD287}) (Version: 2.7.0.13 VoIP Release 071227 - IVT Corporation)
Boingo Wi-Fi (HKLM-x32\...\{B653A2EC-D816-4498-A4FD-651047AB9DC9}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{F3586612-687E-4F67-B070-CB511E18B5B3}) (Version: 0.9.13 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05178 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05178 - Cisco Systems, Inc.) Hidden
CodeBlocks (HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAS (HKLM-x32\...\DAS) (Version: 4.6.0 - Infineon Technologies AG)
DAS (x32 Version: 4.6.0 - Infineon Technologies AG) Hidden
dcmsvc 1.0 (HKLM-x32\...\dcmsvc_is1) (Version:  - )
DirectVobSub 2.41.6609 (HKLM-x32\...\vsfilter_is1) (Version: 2.41.6609 - MPC-HC Team)
Driver Sweeper Version 3.2.0 (HKLM-x32\...\{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1) (Version: 3.2.0 - Phyxion.net)
DVD slideshow GUI 0.9.4.0 (HKLM-x32\...\BE37E547-62DF-43C8-AE6A-D03E82BC67A2_is1) (Version: DVD slideshow GUI 0.9.4.0 - Tin2tin)
Emu64 V4.30 (HKLM-x32\...\{FB1EBA58-4829-4AE5-A9C8-7170E7BA7005}) (Version: 4.3.0003 - ALFSOFT)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version:  - )
Express Gate (HKLM-x32\...\{B5A5627C-0173-4DB2-ADA8-740479370F67}) (Version: 1.2.13.40 - DeviceVM, Inc.)
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
FLAC 1.2.1b (remove only) (HKLM-x32\...\FLAC) (Version: 1.2.1b - Xiph.org)
foobar2000 v1.1.9 (HKLM-x32\...\foobar2000) (Version: 1.1.9 - Peter Pawlowski)
FOTO AT Fotowelt (HKLM-x32\...\FOTO AT Fotowelt) (Version:  - )
Foto-Mosaik-Edda Standard V5.8.0 (HKLM-x32\...\{BF962E1B-D17A-4713-A100-6531A132D83D}_is1) (Version:  - Steffen Schirmer)
Free Alarm Clock 2.7.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 2.7 - Comfort Software Group)
Free Download Manager 3.8 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
FreeCAD 0.15 - A free open source CAD system (HKLM-x32\...\FreeCAD 0.15) (Version: 0.15.4671 - Juergen Riegel)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
Game Park Console (HKLM-x32\...\{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1) (Version: 6.2.0.2 - Oberon Media, Inc.)
gedit 2.30.1 (HKLM-x32\...\gedit_is1) (Version: 2.30.1 - GNOME)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
GnuPG For Windows (HKLM-x32\...\GPG4Win) (Version: 1.1.4 - The Gpg4win Project)
GonVisor 1.74 (HKLM-x32\...\GonVisor_is1) (Version:  - G.A.A.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version:  - )
Graphviz (HKLM-x32\...\{884CF059-9A11-4DF7-A2A7-17EFE90B9278}) (Version: 2.38 - AT&T Research Labs.)
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
GUI for dvdauthor 1.07 (HKLM-x32\...\GUI for dvdauthor) (Version: 1.07 - Boraxsoft)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HFSExplorer 0.22.1 (HKLM-x32\...\HFSExplorer) (Version: 0.22.1 - Catacombae Software)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.0.0 - LIGHTNING UK!)
Inkscape 0.48.0 (HKLM-x32\...\Inkscape) (Version: 0.48.0 - )
inSSIDer (HKLM-x32\...\{05479D03-9112-4AEC-A7E7-AA878B078187}) (Version: 2.1.1 - MetaGeek)
iTunes (HKLM\...\{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}) (Version: 11.0.0.163 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.14 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
J-Link ARM V4.84f (HKLM-x32\...\J-Link ARM V4.84f) (Version: V4.84f - SEGGER Microcontroller Systeme GmbH)
J-Link V4.98a (HKLM-x32\...\J-Link V4.98a) (Version: V4.98a - SEGGER Microcontroller Systeme GmbH)
Keil µVision4 (HKLM-x32\...\Keil µVision4) (Version: 5.14.0.0 - ARM Ltd)
LibUSB-Win32-0.1.10.1 (HKLM-x32\...\LibUSB-Win32_is1) (Version: 0.1.10.1 - LibUSB-Win32)
MacDisk version 7.6 (HKLM-x32\...\LSD-MacDisk_is1) (Version: 7.6.0 - Logiciels & Services Duhem)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
ManyCam 3.1.43 (HKLM-x32\...\ManyCam) (Version: 3.1.43 - ManyCam LLC)
Matroska Pack (HKLM-x32\...\Matroska Pack) (Version:  - )
MatroskaProp (remove only) (HKLM-x32\...\MatroskaProp) (Version:  - )
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Application Virtualization Desktop Client (HKLM-x32\...\{1650E31F-23B8-40B5-A60A-C5934F557E3B}) (Version: 4.6.0.20200 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version:  - Microsoft)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 13.001.07.01.22 - Huawei Technologies Co.,Ltd)
MotioninJoy DS3 driver version 0.6.0004 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.6.0004 - www.motioninjoy.com)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MP3 M4R Converter v3.0 build 716 (HKLM-x32\...\{4279F631-E2C1-4201-BA3C-C806C1927866}_is1) (Version:  - Hoo Technologies)
MP3-Check (v1.0.35.0) (HKLM-x32\...\MP3-Check_is1) (Version: 1.0.35.0 - AudioMoves)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Multimedia Mouse Driver (HKLM-x32\...\InstallShield_{1863AFFE-90C1-406C-A60B-61F7BCF9D71C}) (Version: 3.0 - Ihr Firmenname)
Multimedia Mouse Driver (x32 Version: 3.0 - Ihr Firmenname) Hidden
MusicBee 2.4 (HKLM-x32\...\MusicBee) (Version: 2.4 - Steven Mayall)
Network Stumbler 0.4.0 (remove only) (HKLM-x32\...\Network Stumbler) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.7 - Notepad++ Team)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.81.0 - PS3 Media Server)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RarZilla Free Unrar (HKLM-x32\...\RarZilla Free Unrar) (Version: 5.10 - Philipp Winterberg)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5958 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
RetroShare (HKLM-x32\...\RetroShare) (Version:  - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.1500.0 - SAMSUNG Electronics Co., Ltd.)
ScummVM 1.2.1 (HKLM-x32\...\ScummVM_is1) (Version:  - )
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Simple Port Forwarding (HKLM-x32\...\Simple Port Forwarding) (Version: 3.5.0 - PcWinTech.com)
SoulSeek 157 NS 13e (HKLM-x32\...\Soulseek2) (Version:  - )
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.1700 - SRS Labs, Inc.)
Subtitle Edit v3.2.2 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.2.2 - Nikse)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
syncables desktop SE (HKLM-x32\...\{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}) (Version: 5.5.615.9518 - syncables)
TransMac version 11.1 (HKLM-x32\...\TransMac_is1) (Version: 11.1 - Acute Systems)
TVersity Codec Pack 1.7 (HKLM-x32\...\TVersity Codec Pack) (Version: 1.7 - TVersity Inc.)
TVersity Media Server 1.9.7 (HKLM-x32\...\TVersity Media Server) (Version: 1.9.7 - TVersity)
USB 2.0 UVC 0.3M WebCam (HKLM\...\USB 2.0 UVC 0.3M WebCam) (Version:  - )
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VJamm3 3.1.14.0 (HKLM-x32\...\VJamm 3_is1) (Version: 3.1.14.0 - Camart Ltd.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Wave Editor 3.2.0.8 (HKLM-x32\...\Wave Editor_is1) (Version: 3.2.0.8 - AbyssMedia.com)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Driver Package - Arduino LLC (www.arduino.cc) (usbser) Ports  (11/15/2007 5.1.2600.0) (HKLM\...\C6DAD6F60E5B4302F05C32F11473618CAE57F679) (Version: 11/15/2007 5.1.2600.0 - Arduino LLC (www.arduino.cc))
Windows Driver Package - FTDI CDM Driver Package (03/30/2010 2.06.02) (HKLM\...\240DFA8B9DBB2BEFF5AE826BA90E033A7C417BCB) (Version: 03/30/2010 2.06.02 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (03/30/2010 2.06.02) (HKLM\...\C133949232A5809A75DC9D5EEAAC7AFA8EE7064A) (Version: 03/30/2010 2.06.02 - FTDI)
Windows Driver Package - MakerBot Industries (usbser) Ports  (11/15/2007 5.1.2600.0) (HKLM\...\3054382FA4E9AC823A08FDF371158D3AEE161266) (Version: 11/15/2007 5.1.2600.0 - MakerBot Industries)
Windows Driver Package - MakerBot Industries (usbser) Ports  (11/15/2007 5.1.2600.0) (HKLM\...\A2CC78D4F6D86A9038A407CC68A23DABC2EC8A42) (Version: 11/15/2007 5.1.2600.0 - MakerBot Industries)
Windows Driver Package - MakerBot Industries (usbser) Ports  (11/15/2007 5.1.2600.0) (HKLM\...\D02BFA1D18A534511E58A5C30EF636268A9B227C) (Version: 11/15/2007 5.1.2600.0 - MakerBot Industries)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows-Treiberpaket - KEIL - Tools By ARM (WinUSB) USB  (08/29/2013 1.0.0.3) (HKLM\...\C96E78AFEDFD4529DF572369E6FD81679F49E548) (Version: 08/29/2013 1.0.0.3 - KEIL - Tools By ARM)
Windows-Treiberpaket - NVIDIA Display  (11/05/2009 6.14.11.8787) (HKLM\...\F13DBDE9ECDF9E5B733247B7CD7B13A77631CFEB) (Version: 11/05/2009 6.14.11.8787 - NVIDIA)
Windows-Treiberpaket - Segger (jlink) USB  (04/11/2012 2.6.8.2) (HKLM\...\419546AE8E4244C647A348987F769803F43B9C4F) (Version: 04/11/2012 2.6.8.2 - Segger)
Windows-Treiberpaket - SEGGER (JLinkCDC_x64) Ports  (08/28/2014 6.0.2601.5) (HKLM\...\ED80E3D3A350D18BFD3D3D8DAED8E2B19105763A) (Version: 08/28/2014 6.0.2601.5 - SEGGER)
Windows-Treiberpaket - SEGGER (usbser) Ports  (01/25/2012 6.0.2600.4) (HKLM\...\BD6BF8BBF7BE0D0091163F649A1A423B7EB9D4F1) (Version: 01/25/2012 6.0.2600.4 - SEGGER)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
WinSCP 5.5.6 (HKLM-x32\...\winscp3_is1) (Version: 5.5.6 - Martin Prikryl)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
YTD YouTube Downloader & Converter 3.7 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version:  - GreenTree Applications SRL)
ZoneAlarm Firewall (x32 Version: 11.0.000.504 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 11.0.000.504 - Check Point)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)
ZoneAlarm Security (x32 Version: 11.0.000.504 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (x32 Version: 1.8.11.11 - Check Point Software Technologies LTD) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0190B0C7-2FCA-4E91-9B73-D102A87B34F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {0EAB8871-7E1A-4533-9358-27B6B2ADA584} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2010-10-16] (Microsoft Corporation)
Task: {153FF763-2919-48B8-9CF2-D346C28B7009} - System32\Tasks\{CA1FA97D-B322-4FED-8E41-24076C42C9E2} => pcalua.exe -a C:\Users\mack\Downloads\vjammlatestblueprintfree\Setup.exe -d C:\Users\mack\Downloads\vjammlatestblueprintfree
Task: {263931EE-CE08-4AD1-8FB5-EBCC2F66097D} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {29323A22-613E-4844-AB38-A1D71317D8DE} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-05] ()
Task: {2F2FAC55-3A58-4AF1-A489-651AD1B20BF1} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-19] (ASUS)
Task: {40F562F5-3A88-414D-988B-85EB46E652F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {41549488-74DD-425F-A7F1-4A0213F20BF4} - System32\Tasks\{0ECC246A-78E8-4A07-AE39-87C784E7ADA9} => C:\Program Files (x86)\VJamm Blueprint Free Edition\VJamm_Blueprint.exe
Task: {5774E067-0F81-485E-91E4-E69B5C9D23B1} - System32\Tasks\{06D451D2-AFBF-4929-BAD0-E01B27682368} => pcalua.exe -a C:\Users\mack\Downloads\HijackThis.exe -d C:\Users\mack\Downloads
Task: {777A25F9-D618-4CA8-93C7-51E205CD230B} - System32\Tasks\{AA605E1C-0221-47B8-86ED-F66D07642371} => pcalua.exe -a C:\Users\mack\Downloads\HijackThis(1).exe -d C:\Users\mack\Downloads
Task: {81114E4D-9BB5-4AE8-9643-324C919B2EFF} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-01-13] (ATK)
Task: {819C6479-536A-4CF6-B5DF-0A50BF31D8D3} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {81B83E1C-4838-4DD1-B572-22C21A3580FC} - System32\Tasks\{65633E0E-4BCB-4D27-8A96-3EF7B9EF7AF9} => C:\Program Files (x86)\VJamm Blueprint Free Edition\VJamm_Blueprint.exe
Task: {8C791A2F-2390-4B11-B94E-79DC36812542} - System32\Tasks\{3EB19E80-8583-4DC7-A7DF-5FE9675ABFB8} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {A3D714AB-7D4C-4AB1-AB9F-E310C868EE81} - System32\Tasks\Digital Dynamic\Advanced Backup Manager\Autorun_User_mack => C:\Program Files (x86)\Digital Dynamic\Advanced Backup Manager\backupmanager64.exe [2015-04-29] (Digital Dynamic)
Task: {BBBF0D81-34FD-42A9-A2A7-BD3688D65E3C} - System32\Tasks\{23AD55E0-F58D-4319-8730-4434FBDFA9F6} => pcalua.exe -a "C:\Program Files (x86)\FreePDF_XP\setup.exe" -d "C:\Program Files (x86)\FreePDF_XP"
Task: {CC468511-5070-4464-93D9-16FC9F817254} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {D94BE5FA-69E8-4CD0-8A56-3AAE02666E36} - System32\Tasks\{A82D3219-B2E9-444E-A9CB-550BBA14E9C9} => pcalua.exe -a C:\Users\mack\Downloads\numark_omnicontrol_win32_2.8.40_beta\Numark_OMNICONTROL_WIN32_2.8.40_Beta\Setup.exe -d C:\Users\mack\Downloads\numark_omnicontrol_win32_2.8.40_beta\Numark_OMNICONTROL_WIN32_2.8.40_Beta
Task: {FB8FA078-AE29-411E-BC96-EF0BFB8C880B} - System32\Tasks\P4G Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {FCD92107-2680-44B9-BF32-89B085FFB265} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2010-03-16 03:48 - 2010-03-16 03:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-08-17 04:31 - 2010-08-17 04:31 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2010-08-17 04:31 - 2010-08-17 04:31 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2015-04-15 22:13 - 2015-04-15 22:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2010-08-17 04:46 - 2007-08-08 09:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2010-10-16 15:20 - 2005-03-12 02:07 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2012-01-03 11:41 - 2009-04-07 14:53 - 00030440 _____ () C:\Program Files (x86)\dcmsvc\dcmsvc.exe
2008-09-18 10:25 - 2008-09-18 10:25 - 00806912 _____ () C:\Program Files (x86)\Multimedia Mouse Driver\V5\MouseDrv.exe
2015-04-29 17:38 - 2015-04-29 17:38 - 01404928 _____ () C:\Program Files (x86)\Digital Dynamic\Advanced Backup Manager\backupsvc5.exe
2007-12-27 15:39 - 2007-12-27 15:39 - 00166520 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe
2007-12-27 15:39 - 2007-12-27 15:39 - 00051816 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
2010-12-27 13:49 - 2009-10-12 11:45 - 00312784 ____N () C:\Program Files (x86)\3DataManager\WTGService.exe
2010-08-17 04:46 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2010-01-05 02:43 - 2010-01-05 02:43 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2010-01-11 19:27 - 2010-01-11 19:27 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2009-12-19 04:11 - 2009-12-19 04:11 - 00033280 _____ () C:\Program Files\P4G\OvrClk.dll
2010-08-17 04:46 - 2007-03-10 03:58 - 00124416 _____ () C:\Program Files\ATKGFNEX\AGFNEX64.dll
2009-11-24 22:45 - 2009-11-24 22:45 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2009-11-02 23:20 - 2009-11-02 23:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 23:23 - 2009-11-02 23:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2006-05-03 04:49 - 2006-05-03 04:49 - 00028672 _____ () C:\Program Files (x86)\Multimedia Mouse Driver\V5\MouseHook.dll
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-23 21:43 - 2012-09-23 21:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:2F370DA6
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\Users\mack\Documents\Carsharing_Nutzungsantrag_Kammerer_Markus.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\Carsharing_Nutzungsantrag_Kammerer_Markus.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\mack\Documents\Carsharing_Nutzungsantrag_Kammerer_Markus.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\Carsharing_Nutzungsantrag_Kammerer_Markus.jpeg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\mack\Documents\e_card.jpg.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\e_card.jpg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\mack\Documents\Führerschein_Rückseite_Kammerer_Markus.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\Führerschein_Rückseite_Kammerer_Markus.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\mack\Documents\Führerschein_Vorderseite_Kammerer_Markus.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\Führerschein_Vorderseite_Kammerer_Markus.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\mack\Documents\meldebestätigung.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\meldebestätigung.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\mack\Documents\Meldezettel_2013.jpg.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\Meldezettel_2013.jpg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\mack\Documents\Selbsterhalterstipendium_Kammerer_1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\Selbsterhalterstipendium_Kammerer_1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\mack\Documents\Selbsterhalterstipendium_Kammerer_2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\Selbsterhalterstipendium_Kammerer_2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\mack\Documents\sv_fuehrerschein.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\sv_fuehrerschein.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\mack\Documents\Wiener_Linien_Jahreskarte_Kammerer_Markus.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\Wiener_Linien_Jahreskarte_Kammerer_Markus.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\mack\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUS WebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: FreePDF Assistant => C:\Program Files (x86)\FreePDF_XP\fpassist.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DD7F081A-3B9F-45F9-AF36-70884EB85B96}] => (Allow) LPort=5353
FirewallRules: [{B9157D46-EEC7-44E7-97F5-0617706E4C78}] => (Allow) LPort=8182
FirewallRules: [{B3B9AFCF-2F21-4188-915E-9A2618A7F95E}] => (Allow) svchost.exe
FirewallRules: [{8CB53273-4A38-487E-A438-C45A98C2DADF}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{1DA196BC-F45C-40CA-A1BD-C126373F3EB8}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{E748A37C-71D5-4ED5-AF11-4BF9502A8A8F}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe
FirewallRules: [{3716E004-7719-430E-896C-B16BC0C084AB}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe
FirewallRules: [{2725F553-8B27-4B92-A18D-C6B7429C3D18}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe
FirewallRules: [{2B504C94-2E04-4563-993B-5BBA88200814}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe
FirewallRules: [{9C2AF731-4764-4F08-A4AC-D6EB2046AFB1}] => (Allow) LPort=49875
FirewallRules: [{4F967EB3-7178-4F3C-8DA5-A0A62392DCB0}] => (Allow) LPort=5000
FirewallRules: [TCP Query User{A882B0D5-F1B8-4A51-8E95-19B0CBB8A81E}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe] => (Block) C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
FirewallRules: [UDP Query User{7F8815B7-F4A0-40E7-8AA1-32ECCE20104A}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe] => (Block) C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
FirewallRules: [TCP Query User{938755C4-F1A9-41DD-84FC-E3958692A0BA}C:\users\mack\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\mack\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{861A7D2C-42B3-450A-B44B-A3DE7B7F790B}C:\users\mack\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\mack\appdata\local\akamai\netsession_win.exe
FirewallRules: [{66A6BE8F-6D38-4C43-B3A3-95445B0F7FA2}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{496805D5-EB0F-4A04-B477-2F49C9FCDEA0}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{5E67D90A-55B4-4A94-8448-6C5D29A78934}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{2EE3BCE4-448C-4F0F-9D69-B6C79B8422D1}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{F6D0F0CD-C5D4-4F8A-B4CF-FD1FCD126A3B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{21E29F8D-0AE4-46EE-B128-1BACDC6C1BDA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{980FCDA5-35CC-452C-AED0-54A35E16F45A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F7552B16-2FA4-468B-B86D-4F6F78D18416}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5F735562-B91E-4371-AFB3-12A8CEB9CC47}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A8F42600-53AF-4EAD-8366-30259A60CB10}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{1582EB63-A9EE-4E08-AF98-050AAA37807E}] => (Allow) C:\ProgramData\TVersity\Media Server\MediaServer.exe
FirewallRules: [{2E097EFB-8571-4E95-948B-7BDBB5403CE3}] => (Allow) C:\Users\mack\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0559C367-176C-4770-AD1F-35AC304D51B1}] => (Allow) C:\Users\mack\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{D4BF4FB9-2E2E-4279-B979-F18030A7C499}C:\users\mack\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\mack\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{28597034-D3B7-41A8-98AD-B8FEDE083EBE}C:\users\mack\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\mack\appdata\local\akamai\netsession_win.exe
FirewallRules: [{23E65939-64A5-4841-8E6C-DFCD431FEC8D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{72309AE0-D82D-4FF4-90CE-C877BBF9596F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DBD79CC5-D660-4FF5-ABE2-8CFF85596DF3}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_jtag_over_usb_chip\das_server_jtag_over_usb_chip.exe
FirewallRules: [{75431006-3A67-454B-BD09-463AAD27FE10}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_jtag_over_usb_chip\das_server_jtag_over_usb_chip.exe
FirewallRules: [{C7345A57-5846-41C2-99CD-6216CBFE055D}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_tantino\das_server_tantino.exe
FirewallRules: [{280C88C8-4769-429C-97CB-60F1ABDE40CD}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_tantino\das_server_tantino.exe
FirewallRules: [{8235C2C2-AF64-41F2-838E-54C5E28080D2}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_usb11_jtag_over_usb_box\das_server_usb11_jtag_over_usb_box.exe
FirewallRules: [{3C979EF7-0AD1-41E0-8B1D-F836669B77F7}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_usb11_jtag_over_usb_box\das_server_usb11_jtag_over_usb_box.exe
FirewallRules: [{51A71173-6B90-4AED-9FE9-DF7389AC3E22}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_usb11_jtag_over_usb_sscmbox\das_server_usb11_jtag_over_usb_sscmbox.exe
FirewallRules: [{006D294A-86EB-4483-9D90-0F0643E31126}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_usb11_jtag_over_usb_sscmbox\das_server_usb11_jtag_over_usb_sscmbox.exe
FirewallRules: [{581A745E-B47C-45C5-81FE-1472CCB97557}] => (Allow) C:\Program Files (x86)\DAS\servers\UDAS\UDAS.exe
FirewallRules: [{5C1DD7DC-79F1-4042-AAAE-69A661058D16}] => (Allow) C:\Program Files (x86)\DAS\servers\UDAS\UDAS.exe
FirewallRules: [{FCC5D26C-7166-4782-9204-04471D41365C}] => (Allow) C:\Program Files (x86)\DAS\dashpas\das_dashpas.exe
FirewallRules: [{5B723CB8-3879-4C0B-B9C2-E3C5849CD172}] => (Allow) C:\Program Files (x86)\DAS\dashpas\das_dashpas.exe
FirewallRules: [{D0BADDEF-39FF-423E-B13E-853AFF3D391F}] => (Allow) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
FirewallRules: [{B16A3DD0-4F1E-4588-9B05-7D407D346E39}] => (Allow) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
FirewallRules: [{C9CB2B2D-6C71-4534-ABD4-213EE02FD5EE}] => (Allow) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
FirewallRules: [{FF7599B1-53EA-43E9-A829-9454BF8A1FFF}] => (Allow) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
FirewallRules: [{AF9A32A5-E1C2-4588-A35A-7F6EFD2DED99}] => (Allow) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
FirewallRules: [{E5908A6F-675C-406E-BB11-5DFACF8E9D49}] => (Allow) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
FirewallRules: [{2D75A763-9033-480C-B6B5-7BFCF7D56018}] => (Allow) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
FirewallRules: [{C9DEA4FC-3471-4AC4-BA8B-9703E4A8B1A5}] => (Allow) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
FirewallRules: [{FD0E43A8-5D78-4B53-AD06-AA69EF8889CC}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_jtag_over_usb_chip\das_server_jtag_over_usb_chip.exe
FirewallRules: [{C2ED0F10-4259-4FAF-B1E4-F7C52F1BDD58}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_jtag_over_usb_chip\das_server_jtag_over_usb_chip.exe
FirewallRules: [{B109F85A-79C6-45A1-BBEB-F31D16FE7C44}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_tantino\das_server_tantino.exe
FirewallRules: [{936AB318-E7BE-440A-B947-DA3B9E0CCC5C}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_tantino\das_server_tantino.exe
FirewallRules: [{FADB770D-38F2-4A15-B6D6-687DCE4378E2}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_usb11_jtag_over_usb_box\das_server_usb11_jtag_over_usb_box.exe
FirewallRules: [{5BCDC60D-5E03-4772-96E3-7BB1D72FCEBA}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_usb11_jtag_over_usb_box\das_server_usb11_jtag_over_usb_box.exe
FirewallRules: [{179DBB96-7370-4321-99E3-48C07C20EB79}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_usb11_jtag_over_usb_sscmbox\das_server_usb11_jtag_over_usb_sscmbox.exe
FirewallRules: [{7118A0B5-D6D1-41EB-9414-F1D7AB03ED53}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_usb11_jtag_over_usb_sscmbox\das_server_usb11_jtag_over_usb_sscmbox.exe
FirewallRules: [{52EC9C8E-B515-448E-9413-2889B28A54D8}] => (Allow) C:\Program Files (x86)\DAS\servers\UDAS\UDAS.exe
FirewallRules: [{7203D3B1-17B0-4280-BBBD-B917DD62160E}] => (Allow) C:\Program Files (x86)\DAS\servers\UDAS\UDAS.exe
FirewallRules: [{C01C06AB-7548-44E0-8299-CF1312456F4C}] => (Allow) C:\Program Files (x86)\DAS\dashpas\das_dashpas.exe
FirewallRules: [{9FB8CD79-4729-4EB6-8BF4-27D75A25D614}] => (Allow) C:\Program Files (x86)\DAS\dashpas\das_dashpas.exe
FirewallRules: [{B91A5886-C3D9-4BD6-B84E-65B77C8A80A9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe] => Enabled:Orbit
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Orbitdownloader\orbitnet.exe] => Enabled:Orbit

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/29/2015 07:38:19 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.17929 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 4632. Meldungs-ID: [0x2509].

Error: (05/29/2015 07:37:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 34554924

Error: (05/29/2015 07:37:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 34554924

Error: (05/29/2015 07:37:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/28/2015 05:09:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18132433

Error: (05/28/2015 05:09:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18132433

Error: (05/28/2015 05:09:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/28/2015 00:07:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3588

Error: (05/28/2015 00:07:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3588

Error: (05/28/2015 00:07:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (05/28/2015 07:58:46 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (05/28/2015 06:02:17 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (05/28/2015 06:02:17 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (05/28/2015 05:59:17 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Server" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (05/28/2015 05:59:17 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Computerbrowser" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (05/28/2015 05:57:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Update" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.

Error: (05/28/2015 05:57:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/28/2015 05:57:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/28/2015 05:57:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/28/2015 05:57:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Aufgabenplanung" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office:
=========================
Error: (05/29/2015 07:38:19 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.17929 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 4632. Meldungs-ID: [0x2509].

Error: (05/29/2015 07:37:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 34554924

Error: (05/29/2015 07:37:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 34554924

Error: (05/29/2015 07:37:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/28/2015 05:09:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18132433

Error: (05/28/2015 05:09:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18132433

Error: (05/28/2015 05:09:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/28/2015 00:07:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3588

Error: (05/28/2015 00:07:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3588

Error: (05/28/2015 00:07:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2015-05-30 20:01:46.418
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-30 19:52:43.885
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-30 19:23:47.851
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-29 17:06:16.510
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-28 08:40:17.626
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-28 07:49:48.351
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-28 07:31:13.588
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-27 19:36:38.978
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-27 17:47:17.027
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-27 17:25:09.325
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Genuine Intel(R) CPU U7300 @ 1.30GHz
Percentage of memory in use: 68%
Total physical RAM: 4061.02 MB
Available physical RAM: 1266.78 MB
Total Pagefile: 8120.23 MB
Available Pagefile: 4750.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:3.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:204.03 GB) (Free:61.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=204 GB) - (Type=OF Extended)

==================== End of log ============================


GMER:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-30 20:47:08
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST932032 rev.0003 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\mack\AppData\Local\Temp\fftcypoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                fffff800039a6000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                fffff800039a602f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                    0000000075fb1465 2 bytes [FB, 75]
.text    C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  0000000075fb14bb 2 bytes [FB, 75]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                0000000075fb1465 2 bytes [FB, 75]
.text    C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155              0000000075fb14bb 2 bytes [FB, 75]
.text    ...                                                                                                                                              * 2
.text    C:\Users\mack\AppData\Local\Akamai\netsession_win.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000075fb1465 2 bytes [FB, 75]
.text    C:\Users\mack\AppData\Local\Akamai\netsession_win.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              0000000075fb14bb 2 bytes [FB, 75]
.text    ...                                                                                                                                              * 2

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fcf408320                                                                     
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fcf408320@001167f9f30c                                                          0x95 0xB1 0x05 0x4F ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fcf408320 (not active ControlSet)                                                 
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fcf408320@001167f9f30c                                                              0x95 0xB1 0x05 0x4F ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{42A2231E-B776-79A2-22B6-4A8D486D0CD7}                                 
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{42A2231E-B776-79A2-22B6-4A8D486D0CD7}@panoifpjbfhomdempbajngmdcffndnfl  0x6A 0x61 0x62 0x69 ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{42A2231E-B776-79A2-22B6-4A8D486D0CD7}@oapocikdkkcimnebgidcoeannndcnf    0x6B 0x61 0x62 0x69 ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E77FEA39-C0AB-17B9-B7F2-04FD4D2D829B}                                 
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E77FEA39-C0AB-17B9-B7F2-04FD4D2D829B}@paondfepgcijccjdkgfepbmpbnbcahhc  0x6B 0x61 0x63 0x69 ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E77FEA39-C0AB-17B9-B7F2-04FD4D2D829B}@oamnfgfjffjbbdnoigdlfhlhmfgneb    0x6B 0x61 0x6A 0x69 ...

---- EOF - GMER 2.1 ----

Machiavelli 30.05.2015 21:44
Bitte deinstallieren:
- Ask Toolbar

Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Schritt 4
Bitte starte http://filepony.de/icon/frst.pngFRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan.

Bitte poste mir die Inhalte der Logs von Adwarecleaner, MBAM, JRT und FRST hier in den Thread.

smacko 30.05.2015 23:05
Danke für die schnelle Antwort!

Leider stürzt bei der Aktion Löschen vom AdwCleaner der PC jedesmal ab, habs auch schon als Administrator probiert.
Ich poste trotzdem mal das Logfile.

Soll ich trotzdem mit der Liste fortfahren?

ps: AskToolbar lässt sich nicht deinstallieren. ("Die Funktion die sie verwenden möchten befindet sich auf einer Netzwerkressource..")


Code:
# AdwCleaner v4.205 - Bericht erstellt 30/05/2015 um 23:34:55
# Aktualisiert 21/05/2015 von Xplode
# Datenbank : 2015-05-25.3 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : mack - MACKTRON
# Gestarted von : C:\Users\mack\Downloads\AdwCleaner_4.205.exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gefunden : C:\Program Files (x86)\Check Point Software Technologies LTD
Ordner Gefunden : C:\Users\mack\AppData\Local\PackageAware
Ordner Gefunden : C:\Users\mack\AppData\Roaming\Check Point Software Technologies LTD
Ordner Gefunden : C:\Users\mack\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Ordner Gefunden : C:\Users\mack\AppData\Roaming\download Manager
Ordner Gefunden : C:\Users\mack\AppData\Roaming\ProgSense

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\Orbit
Schlüssel Gefunden : HKCU\Software\PIP
Schlüssel Gefunden : HKCU\Software\ProgSense
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : [x64] HKCU\Software\APN
Schlüssel Gefunden : [x64] HKCU\Software\APN PIP
Schlüssel Gefunden : [x64] HKCU\Software\Ask.com
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\Orbit
Schlüssel Gefunden : [x64] HKCU\Software\PIP
Schlüssel Gefunden : [x64] HKCU\Software\ProgSense
Schlüssel Gefunden : [x64] HKCU\Software\Softonic
Schlüssel Gefunden : [x64] HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\APN
Schlüssel Gefunden : HKLM\SOFTWARE\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Schlüssel Gefunden : HKLM\SOFTWARE\DeviceVM
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TransMac_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm Security Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gefunden : HKLM\SOFTWARE\Orbit
Schlüssel Gefunden : HKLM\SOFTWARE\Orbit\OpenCandy
Schlüssel Gefunden : HKLM\SOFTWARE\PIP
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\DeviceVM
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm Toolbar
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
Wert Gefunden : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]

***** [ Internetbrowser ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v38.0.1 (x86 de)


-\\ Google Chrome v43.0.2357.81


*************************

AdwCleaner[R0].txt - [14875 Bytes] - [28/11/2014 10:37:46]
AdwCleaner[R1].txt - [12820 Bytes] - [28/11/2014 10:57:37]
AdwCleaner[R2].txt - [12726 Bytes] - [28/11/2014 11:06:37]
AdwCleaner[R3].txt - [12846 Bytes] - [28/11/2014 12:03:09]
AdwCleaner[R4].txt - [12598 Bytes] - [30/05/2015 23:06:18]
AdwCleaner[R5].txt - [12658 Bytes] - [30/05/2015 23:20:39]
AdwCleaner[R6].txt - [12236 Bytes] - [30/05/2015 23:34:55]
AdwCleaner[S0].txt - [14106 Bytes] - [28/11/2014 10:47:37]
AdwCleaner[S1].txt - [12783 Bytes] - [28/11/2014 11:02:39]
AdwCleaner[S2].txt - [391 Bytes] - [28/11/2014 11:14:12]

########## EOF - C:\AdwCleaner\AdwCleaner[R6].txt - [12474 Bytes] ##########

Machiavelli 30.05.2015 23:53
Fahre mal mit Schritt 2 fort.

smacko 31.05.2015 13:11
Malwarebytes Anti-Malware
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 31.05.2015
Suchlauf-Zeit: 07:12:48
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.30.06
Rootkit Datenbank: v2015.05.24.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: mack

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 385653
Verstrichene Zeit: 52 Min, 49 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 1
PUP.Optional.APNToolBar.A, C:\Users\mack\Documents\APNSetup.exe, In Quarantäne, [0dc1a6f334565cda252d43206d95c040],

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
Junkware Removal Tool fürt zum Absturz.

Obwohl wahrscheinlich wenig passiert ist, hier noch die FRST Logs.


Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by mack (administrator) on MACKTRON on 31-05-2015 14:01:12
Running from C:\Users\mack\Downloads
Loaded Profiles: mack (Available Profiles: mack)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
(ASUS) C:\Windows\AsScrPro.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
() C:\Program Files (x86)\Digital Dynamic\Advanced Backup Manager\backupsvc5.exe
() C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
() C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
() C:\Program Files (x86)\3DataManager\WTGService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(syncables, LLC) C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
(Akamai Technologies, Inc.) C:\Users\mack\AppData\Local\Akamai\netsession_win.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Akamai Technologies, Inc.) C:\Users\mack\AppData\Local\Akamai\netsession_win.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
() C:\Program Files (x86)\dcmsvc\dcmsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\Multimedia Mouse Driver\V5\MouseDrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.OE.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ISW] => C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-22] (Check Point Software Technologies)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-08-17] ()
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6937216 2009-10-09] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-20] (ASUS)
HKLM-x32\...\Run: [WireLessMouse] => C:\Program Files (x86)\Multimedia Mouse Driver\V5\StartAutorun.exe MouseDrv.exe
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-03-27] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [dcmsvc] => C:\Program Files (x86)\dcmsvc\dcmsvc.exe [30440 2009-04-07] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.OE.Systray.exe [128760 2015-05-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [728312 2015-04-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\Run: [Syncables] => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-04-05] (syncables, LLC)
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\Run: [Power2GoExpress] => [X]
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\Run: [Akamai NetSession Interface] => C:\Users\mack\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-15] (SUPERAntiSpyware)
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\MountPoints2: {8e832868-11af-11e0-acf0-001fcf408320} - F:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\MountPoints2: {c8880572-fd18-11df-ad6f-20cf3033e58b} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\MountPoints2: {d8947aa0-10d3-11e0-a920-001fcf408320} - F:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\MountPoints2: {eb39ce17-b349-11e1-bfa4-001fcf408320} - H:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\MountPoints2: {eb39ce47-b349-11e1-bfa4-20cf3033e58b} - F:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\MountPoints2: {eb39cea8-b349-11e1-bfa4-20cf3033e58b} - F:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\MountPoints2: {f4cd0703-de88-11df-99bd-20cf3033e58b} - F:\AutoRun.exe
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\MountPoints2: {f4cd0706-de88-11df-99bd-20cf3033e58b} - F:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2010-08-17]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2010-08-17]
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-3116657491-1295945133-2050658187-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3116657491-1295945133-2050658187-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3116657491-1295945133-2050658187-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-3116657491-1295945133-2050658187-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-24] (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-11-22] (Check Point Software Technologies)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-24] (Oracle Corporation)
BHO-x32: No Name -> {000123B4-9B42-4900-B3F7-F4B073EFC214} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27] (Oracle Corporation)
BHO-x32: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-11-22] (Check Point Software Technologies)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2011-12-28] ()
BHO-x32: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} ->  No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27] (Oracle Corporation)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-11-22] (Check Point Software Technologies)
Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-11-22] (Check Point Software Technologies)
Toolbar: HKU\S-1-5-21-3116657491-1295945133-2050658187-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-3116657491-1295945133-2050658187-1001 -> ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-11-22] (Check Point Software Technologies)
Toolbar: HKU\S-1-5-21-3116657491-1295945133-2050658187-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-09-24] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-09-24] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-09-24] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-09-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-22] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-22] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll [2012-11-22] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nosltd.com/getPlus+(R),version=1.6.2.90 -> C:\Program Files (x86)\NOS\bin\np_gp.dll [2010-08-13] (NOS Microsystems Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-06-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-06-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-06-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-06-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-06-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll [2010-08-13] (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\searchplugins\google-images.xml [2014-11-28]
FF SearchPlugin: C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\searchplugins\google-maps.xml [2014-11-28]
FF SearchPlugin: C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\searchplugins\google-sterreich.xml [2013-12-07]
FF SearchPlugin: C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\searchplugins\wolframalpha.xml [2010-11-03]
FF Extension: Avira Browser Safety - C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\Extensions\abs@avira.com [2015-05-24]
FF Extension: Logitech Device Detection - C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\Extensions\DeviceDetection@logitech.com [2012-04-28]
FF Extension: Free Download Manager plugin - C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\Extensions\fdm_ffext@freedownloadmanager.org [2012-11-22]
FF Extension: FoxyProxy Standard - C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\Extensions\foxyproxy@eric.h.jung [2014-09-23]
FF Extension: TinEye Reverse Image Search - C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\Extensions\tineye@ideeinc.com [2011-03-30]
FF Extension: Personas Plus - C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\Extensions\personas@christopher.beard.xpi [2013-05-18]
FF Extension: Tab Auto Reload - C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\Extensions\TabAutoReload@schuzak.jp.xpi [2014-03-28]
FF Extension: Video DownloadHelper - C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: Adblock Plus - C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-08-16]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2015-05-17]
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011-11-23]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013-05-26]
FF HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\mack\AppData\Roaming\11001
FF Extension: Java String Helper - C:\Users\mack\AppData\Roaming\11001 [2012-03-18]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Profile: C:\Users\mack\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ask Toolbar) - C:\Users\mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaamnjcfigiihfpfilaaiifgdgfogcg [2013-03-09]
CHR Extension: (Google Drive) - C:\Users\mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-30]
CHR Extension: (YouTube) - C:\Users\mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-30]
CHR Extension: (Google Search) - C:\Users\mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-30]
CHR Extension: (Gmail) - C:\Users\mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-30]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaamnjcfigiihfpfilaaiifgdgfogcg] - C:\Users\mack\AppData\Local\APN\GoogleCRXs\aaaamnjcfigiihfpfilaaiifgdgfogcg_7.17.2.0.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-13] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [827640 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1185584 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [206584 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 backupsvc5; C:\Program Files (x86)\Digital Dynamic\Advanced Backup Manager\backupsvc5.exe [1404928 2015-04-29] () [File not signed]
R2 BlueSoleil Hid Service; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe [166520 2007-12-27] ()
S2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [231936 2009-02-17] () [File not signed]
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies)
S2 libusbd; C:\Windows\SysWOW64\libusbd-nt.exe [18944 2005-03-09] (hxxp://libusb-win32.sourceforge.net) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [66112 2010-08-13] (NOS Microsystems Ltd.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Start BT in service; C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [51816 2007-12-27] ()
S3 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [1249064 2011-07-29] ()
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-03-27] (Check Point Software Technologies LTD)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTGService; C:\Program Files (x86)\3DataManager\WTGService.exe [312784 2009-10-12] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-04-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-04-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-04-16] (Avira Operations GmbH & Co. KG)
R3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [37896 2007-06-24] (IVT Corporation.)
R3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [37896 2007-06-24] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [37384 2007-06-24] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\SysWOW64\DRIVERS\BlueletSCOAudio.sys [37384 2007-06-24] (IVT Corporation.)
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [25360 2007-03-05] (IVT Corporation.)
R3 BT; C:\Windows\SysWOW64\DRIVERS\btnetdrv.sys [25360 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47368 2007-06-24] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\SysWOW64\Drivers\btcusb.sys [47368 2007-06-24] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [24976 2007-03-05] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\SysWOW64\Drivers\vbtenum.sys [24976 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [49680 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\SysWOW64\Drivers\BTHidMgr.sys [49680 2007-03-05] (IVT Corporation.)
S3 ewusbnet; C:\Windows\SysWOW64\DRIVERS\ewusbnet.sys [216576 2010-12-27] (Huawei Technologies Co., Ltd.) [File not signed]
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [117248 2009-09-10] (Huawei Technologies Co., Ltd.) [File not signed]
S3 hwusbdev; C:\Windows\SysWOW64\DRIVERS\ewusbdev.sys [114560 2010-12-27] (Huawei Technologies Co., Ltd.) [File not signed]
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies)
S3 jlink; C:\Windows\System32\DRIVERS\jlinkx64.sys [32376 2014-07-31] (SEGGER Microcontroller Systeme GmbH)
S3 JLinkCDC_x64; C:\Windows\System32\DRIVERS\JLinkCDC_x64.sys [263928 2015-03-26] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [33792 2005-03-09] () [File not signed]
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-07-17] ()
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [47120 2007-03-05] (IVT Corporation.)
R3 VComm; C:\Windows\SysWOW64\DRIVERS\VComm.sys [47120 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [63248 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\SysWOW64\Drivers\VcommMgr.sys [63248 2007-03-05] (IVT Corporation.)
S3 VHidMinidrv; C:\Windows\System32\drivers\VHIDMini.sys [23184 2007-03-05] (IVT Corporation.)
S3 VHidMinidrv; C:\Windows\SysWOW64\drivers\VHIDMini.sys [23184 2007-03-05] (IVT Corporation.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-07-21] (Cisco Systems, Inc.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD)
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 13:52 - 2015-05-31 13:52 - 00293584 _____ () C:\Windows\Minidump\053115-65941-01.dmp
2015-05-31 13:44 - 2015-05-31 13:44 - 00293584 _____ () C:\Windows\Minidump\053115-67158-01.dmp
2015-05-31 13:43 - 2015-05-31 13:52 - 594092423 ____N () C:\Windows\MEMORY.DMP
2015-05-31 13:40 - 2015-05-31 13:40 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MACKTRON-Windows-7-Home-Premium-(64-bit).dat
2015-05-31 13:40 - 2015-05-31 13:40 - 00000000 ____D () C:\RegBackup
2015-05-31 13:35 - 2015-05-31 13:35 - 00001290 _____ () C:\Users\mack\Downloads\mbam.txt
2015-05-31 07:31 - 2015-05-31 07:31 - 02947635 _____ (Thisisu) C:\Users\mack\Downloads\JRT.exe
2015-05-30 23:40 - 2015-05-30 23:40 - 00293584 _____ () C:\Windows\Minidump\053015-58609-01.dmp
2015-05-30 23:31 - 2015-05-30 23:31 - 00293584 _____ () C:\Windows\Minidump\053015-58125-01.dmp
2015-05-30 23:13 - 2015-05-30 23:13 - 00293584 _____ () C:\Windows\Minidump\053015-79794-01.dmp
2015-05-30 23:04 - 2015-05-30 23:04 - 02222592 _____ () C:\Users\mack\Downloads\AdwCleaner_4.205.exe
2015-05-30 20:51 - 2015-05-30 20:51 - 00000470 _____ () C:\Users\mack\Downloads\defogger_disable.log
2015-05-30 20:51 - 2015-05-30 20:51 - 00000000 _____ () C:\Users\mack\defogger_reenable
2015-05-30 20:50 - 2015-05-30 20:50 - 00050477 _____ () C:\Users\mack\Downloads\Defogger.exe
2015-05-30 20:28 - 2015-05-30 20:47 - 00004210 _____ () C:\Users\mack\Downloads\Gmer.txt
2015-05-30 20:04 - 2015-05-30 20:04 - 00380416 _____ () C:\Users\mack\Downloads\Gmer-19357.exe
2015-05-30 20:00 - 2015-05-30 20:03 - 00055953 _____ () C:\Users\mack\Downloads\Addition.txt
2015-05-30 19:58 - 2015-05-31 14:03 - 00031311 _____ () C:\Users\mack\Downloads\FRST.txt
2015-05-30 19:58 - 2015-05-31 14:01 - 00000000 ____D () C:\FRST
2015-05-30 19:58 - 2015-05-30 19:58 - 02108928 _____ (Farbar) C:\Users\mack\Downloads\FRST64.exe
2015-05-30 19:33 - 2015-05-30 19:33 - 00003128 _____ () C:\Windows\System32\Tasks\{AA605E1C-0221-47B8-86ED-F66D07642371}
2015-05-30 19:32 - 2015-05-30 19:32 - 00388608 _____ (Trend Micro Inc.) C:\Users\mack\Downloads\HijackThis(1).exe
2015-05-30 19:29 - 2015-05-30 19:29 - 00015320 _____ () C:\Users\mack\Downloads\hijackthis.xml
2015-05-30 19:28 - 2015-05-30 19:28 - 00015519 _____ () C:\Users\mack\Downloads\hijackthis.txt
2015-05-30 19:18 - 2015-05-30 19:18 - 00003122 _____ () C:\Windows\System32\Tasks\{06D451D2-AFBF-4929-BAD0-E01B27682368}
2015-05-28 19:09 - 2015-05-28 19:09 - 00022693 _____ () C:\Users\mack\AppData\Local\recently-used.xbel
2015-05-27 20:01 - 2015-05-27 20:01 - 00000000 _____ () C:\Users\mack\AppData\Local\{4DA5B918-4694-4E02-B4AA-CCBEF9D0FB65}
2015-05-24 13:00 - 2015-04-16 15:23 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-24 13:00 - 2015-04-16 15:23 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-24 13:00 - 2015-04-16 15:23 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-05-24 13:00 - 2015-04-16 15:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-05-24 12:54 - 2015-05-24 13:00 - 00000000 ____D () C:\ProgramData\Avira
2015-05-24 12:54 - 2015-05-24 13:00 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-05-24 12:54 - 2015-05-24 12:54 - 00001213 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-05-23 20:16 - 2015-05-23 20:16 - 00047279 _____ () C:\Users\mack\Downloads\Hot_Fuzz_2007.x264-SEPTiC.en.zip
2015-05-23 20:11 - 2015-05-23 20:11 - 00046085 _____ () C:\Users\mack\Downloads\Hot_Fuzz_2007.DVDRip.eng-RETAIL.en.zip
2015-05-23 20:10 - 2015-05-23 20:11 - 00049410 _____ () C:\Users\mack\Downloads\Hot_Fuzz_2007.DVDRip.HI.en.zip
2015-05-23 19:48 - 2015-05-23 19:49 - 00045517 _____ () C:\Users\mack\Downloads\Hot_Fuzz_2007.aXXo.en.zip
2015-05-22 20:28 - 2015-05-22 20:38 - 00000000 ____D () C:\Users\mack\Downloads\XMC_Tutorial_Movinglight_(PWM,_DMX)
2015-05-22 20:26 - 2015-05-22 20:26 - 00010413 ____R () C:\Users\mack\Downloads\XMC_Tutorial_Movinglight_(PWM,_DMX).zip
2015-05-22 09:14 - 2015-05-22 13:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-05-17 11:53 - 2015-05-17 11:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-14 09:14 - 2015-05-14 11:03 - 00000000 ____D () C:\Users\mack\AppData\Roaming\FreeCAD
2015-05-14 09:14 - 2015-05-14 09:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCAD 0.15
2015-05-14 09:11 - 2015-05-24 15:07 - 00000000 ____D () C:\Program Files (x86)\FreeCAD 0.15
2015-05-14 08:46 - 2015-05-15 07:53 - 00000000 ____D () C:\Users\mack\Documents\R@D@
2015-05-13 17:42 - 2015-05-15 14:30 - 00000000 ____D () C:\Users\mack\WBStool8
2015-05-13 17:42 - 2015-05-13 17:42 - 00000842 _____ () C:\Users\mack\Desktop\WBStool8.lnk
2015-05-13 17:24 - 2015-05-13 17:24 - 01005568 _____ (Microsoft Corporation) C:\Users\mack\Downloads\dotNetFx45_Full_setup.exe
2015-05-13 17:22 - 2015-05-13 17:24 - 00020950 _____ () C:\Users\mack\Downloads\Start.zip
2015-05-13 17:22 - 2015-05-13 17:24 - 00000000 ____D () C:\Users\mack\Downloads\Start
2015-05-13 07:00 - 2015-05-13 07:00 - 00000000 _____ () C:\Users\mack\AppData\Local\{BC2E3E8D-AA4D-457E-8C78-FB09BEEA2E2A}
2015-05-12 21:38 - 2015-05-12 21:38 - 00000000 ____D () C:\Users\mack\Documents\ASUS
2015-05-12 21:37 - 2015-05-12 21:37 - 00000000 ____D () C:\Users\mack\AppData\Local\ASUS
2015-05-12 21:37 - 2015-05-12 21:37 - 00000000 ____D () C:\ProgramData\ASUS
2015-05-12 13:07 - 2015-05-12 13:07 - 00000000 ____D () C:\Users\mack\Downloads\Weatherstation_2013_FIXED
2015-05-12 13:06 - 2015-05-12 13:06 - 00015591 _____ () C:\Users\mack\Downloads\Weatherstation_2013_FIXED.zip
2015-05-11 20:49 - 2015-05-11 20:49 - 00036815 _____ () C:\Users\mack\Downloads\at.the.circus.(1939).eng.1cd.(3277437).zip
2015-05-02 10:24 - 2015-05-02 10:24 - 00000000 ____D () C:\Users\mack\Downloads\r2poster_final
2015-05-02 09:56 - 2015-05-02 10:16 - 39503040 _____ () C:\Users\mack\Downloads\r2poster_final.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 14:02 - 2010-08-17 04:11 - 01409518 _____ () C:\Windows\WindowsUpdate.log
2015-05-31 14:01 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-31 14:01 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-31 13:54 - 2012-11-15 01:30 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-31 13:54 - 2010-10-16 11:53 - 00000000 ___HD () C:\ASUS.DAT
2015-05-31 13:53 - 2011-01-06 00:10 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-31 13:53 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-31 13:52 - 2015-03-14 14:54 - 00007511 _____ () C:\Windows\setupact.log
2015-05-31 13:52 - 2010-10-19 23:46 - 00000000 ____D () C:\Windows\Minidump
2015-05-31 13:43 - 2015-03-30 08:27 - 00448180 _____ () C:\Windows\PFRO.log
2015-05-31 13:33 - 2015-04-10 15:16 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-31 13:32 - 2011-01-06 00:10 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-31 13:28 - 2010-10-19 21:06 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-05-30 23:50 - 2015-04-10 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-30 23:50 - 2015-04-10 15:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-30 23:37 - 2014-11-28 10:37 - 00000000 ____D () C:\AdwCleaner
2015-05-30 20:59 - 2012-05-25 22:28 - 00000000 ____D () C:\Users\mack\.gimp-2.8
2015-05-30 20:51 - 2010-10-16 11:52 - 00000000 ____D () C:\Users\mack
2015-05-30 20:07 - 2012-04-28 18:30 - 00007598 _____ () C:\Users\mack\AppData\Local\resmon.resmoncfg
2015-05-30 19:36 - 2015-04-10 15:18 - 00015323 _____ () C:\Users\mack\Downloads\hijackthis.log
2015-05-30 19:11 - 2010-10-16 14:53 - 00000000 ____D () C:\Users\mack\AppData\Roaming\vlc
2015-05-29 07:42 - 2009-08-04 11:51 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2015-05-29 07:42 - 2009-08-04 11:51 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2015-05-29 07:42 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-28 17:57 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-25 08:55 - 2010-08-17 04:49 - 00001476 _____ () C:\Windows\system32\ServiceFilter.ini
2015-05-24 13:04 - 2015-04-12 14:16 - 00000000 ____D () C:\Users\mack\AppData\Roaming\Avira
2015-05-24 13:02 - 2015-04-12 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-24 12:55 - 2015-04-12 14:02 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-24 12:54 - 2015-04-10 15:40 - 04737144 _____ (Avira Operations GmbH & Co. KG) C:\Users\mack\Downloads\avira_de_av_5527d27f8a46b__ws.exe
2015-05-23 13:09 - 2010-11-11 09:23 - 00000000 ____D () C:\Users\mack\AppData\Local\PokerStars.EU
2015-05-22 19:13 - 2012-05-03 10:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-21 09:17 - 2013-05-25 22:01 - 00452096 ___SH () C:\Users\mack\Desktop\Thumbs.db
2015-05-18 16:51 - 2012-02-08 11:56 - 00000000 ____D () C:\Users\mack\AppData\Local\Eclipse
2015-05-18 16:11 - 2010-10-17 19:12 - 00000000 ____D () C:\Users\mack\AppData\Local\FreePDF_XP
2015-05-18 16:10 - 2010-10-17 19:12 - 00013020 _____ () C:\fpRedmon.log
2015-05-17 10:27 - 2011-01-06 00:10 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 10:27 - 2011-01-06 00:10 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 11:10 - 2012-03-13 23:45 - 00000000 ____D () C:\Users\mack\workspace
2015-05-15 16:52 - 2010-12-07 14:54 - 00000000 ____D () C:\Users\mack\AppData\Roaming\inkscape
2015-05-13 17:37 - 2010-10-17 19:49 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-13 00:39 - 2014-03-19 19:19 - 00000000 ____D () C:\Users\mack\AppData\Roaming\CodeBlocks
2015-05-10 17:36 - 2014-12-11 15:11 - 00000000 ____D () C:\Users\mack\AppData\Roaming\Notepad++
2015-05-04 21:40 - 2010-11-11 09:21 - 00000000 ____D () C:\Program Files (x86)\PokerStars

==================== Files in the root of some directories =======

2014-11-26 17:37 - 2014-11-26 17:42 - 352321536 _____ () C:\Program Files (x86)\pmagic_2013_08_01.iso
2015-04-12 08:30 - 2015-04-12 08:30 - 1125626 _____ () C:\Program Files (x86)\ProcessExplorer_16.5.zip
2012-03-16 00:49 - 2012-03-19 12:32 - 0000065 _____ () C:\Users\mack\AppData\Roaming\AcroIEHelpe.txt
2011-01-06 09:01 - 2011-01-06 09:01 - 4182178 _____ (The Public) C:\Users\mack\AppData\Roaming\Avisynth.exe
2011-01-06 09:01 - 2011-01-06 09:01 - 5243208 _____ (                                                            ) C:\Users\mack\AppData\Roaming\AvsP.exe
2011-01-06 09:01 - 2011-01-06 09:01 - 4284535 _____ (ffdshow                                                    ) C:\Users\mack\AppData\Roaming\ffdshow.exe
2011-01-06 09:01 - 2011-01-06 09:01 - 2169915 _____ (LIGHTNING UK!) C:\Users\mack\AppData\Roaming\Imgburn.exe
2011-01-06 09:01 - 2011-01-06 09:02 - 7760687 _____ (Boraxsoft) C:\Users\mack\AppData\Roaming\SetupGFD.exe
2012-03-16 00:49 - 2012-03-16 00:49 - 0000136 _____ () C:\Users\mack\AppData\Roaming\srvblck2.tmp
2012-03-16 16:15 - 2012-03-16 16:15 - 0000014 _____ () C:\Users\mack\AppData\Roaming\urhtps.dat
2010-10-20 12:13 - 2015-02-05 14:29 - 0000600 _____ () C:\Users\mack\AppData\Roaming\winscp.rnd
2011-01-06 09:01 - 2011-01-06 09:01 - 0642685 _____ (Xvid team                                                  ) C:\Users\mack\AppData\Roaming\xvid.exe
2012-11-17 00:21 - 2012-11-17 00:21 - 0003584 _____ () C:\Users\mack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-12-21 09:23 - 2010-12-21 09:23 - 0000092 _____ () C:\Users\mack\AppData\Local\fusioncache.dat
2015-05-28 19:09 - 2015-05-28 19:09 - 0022693 _____ () C:\Users\mack\AppData\Local\recently-used.xbel
2012-04-28 18:30 - 2015-05-30 20:07 - 0007598 _____ () C:\Users\mack\AppData\Local\resmon.resmoncfg
2015-05-27 20:01 - 2015-05-27 20:01 - 0000000 _____ () C:\Users\mack\AppData\Local\{4DA5B918-4694-4E02-B4AA-CCBEF9D0FB65}
2014-06-17 18:54 - 2014-06-17 18:54 - 0000000 _____ () C:\Users\mack\AppData\Local\{AD4E2A5B-8F1C-4261-A7B2-3DB6F2A5ED60}
2015-05-13 07:00 - 2015-05-13 07:00 - 0000000 _____ () C:\Users\mack\AppData\Local\{BC2E3E8D-AA4D-457E-8C78-FB09BEEA2E2A}
2011-05-11 11:33 - 2011-05-11 11:33 - 0000000 _____ () C:\Users\mack\AppData\Local\{D448B147-BA49-49DE-82A6-A8D0AA808360}
2011-05-21 16:27 - 2011-05-21 16:27 - 0000000 _____ () C:\Users\mack\AppData\Local\{E700C3C4-2E00-4AE3-B562-67FDE080E09B}
2010-10-16 20:10 - 2010-10-16 20:10 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-08-17 04:32 - 2009-12-24 14:38 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-10-16 21:23 - 2010-10-17 13:39 - 0009627 _____ () C:\ProgramData\hpzinstall.log
2010-08-17 04:28 - 2010-08-17 04:28 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-08-17 04:27 - 2010-08-17 04:28 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Files to move or delete:
====================
C:\Users\Public\dcmsvcsetup.exe
C:\Users\Public\invokesi.exe


Some files in TEMP:
====================
C:\Users\mack\AppData\Local\Temp\avgnt.exe
C:\Users\mack\AppData\Local\Temp\Quarantine.exe
C:\Users\mack\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 10:55

==================== End of log ============================



Addition
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by mack at 2015-05-31 14:05:33
Running from C:\Users\mack\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3116657491-1295945133-2050658187-500 - Administrator - Disabled)
Gast (S-1-5-21-3116657491-1295945133-2050658187-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3116657491-1295945133-2050658187-1005 - Limited - Enabled)
mack (S-1-5-21-3116657491-1295945133-2050658187-1001 - Administrator - Enabled) => C:\Users\mack

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29677 - BitTorrent Inc.)
3DataManager (HKLM-x32\...\3DataManager) (Version: 2.2 - 3DataManager)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.90 - NOS Microsystems Ltd.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Advanced Backup Manager 4.4.15108.883 (HKLM\...\Advanced Backup Manager) (Version: 4.4.15108.883 - Digital Dynamic)
AFPL Ghostscript 8.53 (HKLM\...\AFPL Ghostscript 8.53) (Version:  - )
AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version:  - )
Akamai NetSession Interface (HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
Any Video Converter 5.7.6 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.17.7.0 - Ask.com) <==== ATTENTION
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.29 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ASUS_UL_Series_Screensaver (HKLM-x32\...\ASUS_UL_Series_Screensaver) (Version:  - )
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0053 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0007 - ASUS)
Audacity 1.3.12 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Autodesk Design Review 2011 (HKLM-x32\...\Autodesk Design Review 2011) (Version: 11.0.0.86 - Autodesk, Inc.)
Autodesk Design Review 2011 (x32 Version: 11.0.0.86 - Autodesk, Inc.) Hidden
Avira (HKLM-x32\...\{022ef99f-0db2-4efc-964d-5dd2da3151f6}) (Version: 1.1.37.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.37.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
AvsP (HKLM-x32\...\AvsP_is1) (Version:  - )
Bluesoleil2.7.0.13 VoIP Release 071227 (HKLM-x32\...\{8F85CC2C-4B26-4CF6-B835-DC59BCEDD287}) (Version: 2.7.0.13 VoIP Release 071227 - IVT Corporation)
Boingo Wi-Fi (HKLM-x32\...\{B653A2EC-D816-4498-A4FD-651047AB9DC9}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{F3586612-687E-4F67-B070-CB511E18B5B3}) (Version: 0.9.13 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05178 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05178 - Cisco Systems, Inc.) Hidden
CodeBlocks (HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAS (HKLM-x32\...\DAS) (Version: 4.6.0 - Infineon Technologies AG)
DAS (x32 Version: 4.6.0 - Infineon Technologies AG) Hidden
dcmsvc 1.0 (HKLM-x32\...\dcmsvc_is1) (Version:  - )
DirectVobSub 2.41.6609 (HKLM-x32\...\vsfilter_is1) (Version: 2.41.6609 - MPC-HC Team)
Driver Sweeper Version 3.2.0 (HKLM-x32\...\{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1) (Version: 3.2.0 - Phyxion.net)
DVD slideshow GUI 0.9.4.0 (HKLM-x32\...\BE37E547-62DF-43C8-AE6A-D03E82BC67A2_is1) (Version: DVD slideshow GUI 0.9.4.0 - Tin2tin)
Emu64 V4.30 (HKLM-x32\...\{FB1EBA58-4829-4AE5-A9C8-7170E7BA7005}) (Version: 4.3.0003 - ALFSOFT)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version:  - )
Express Gate (HKLM-x32\...\{B5A5627C-0173-4DB2-ADA8-740479370F67}) (Version: 1.2.13.40 - DeviceVM, Inc.)
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
FLAC 1.2.1b (remove only) (HKLM-x32\...\FLAC) (Version: 1.2.1b - Xiph.org)
foobar2000 v1.1.9 (HKLM-x32\...\foobar2000) (Version: 1.1.9 - Peter Pawlowski)
FOTO AT Fotowelt (HKLM-x32\...\FOTO AT Fotowelt) (Version:  - )
Foto-Mosaik-Edda Standard V5.8.0 (HKLM-x32\...\{BF962E1B-D17A-4713-A100-6531A132D83D}_is1) (Version:  - Steffen Schirmer)
Free Alarm Clock 2.7.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 2.7 - Comfort Software Group)
Free Download Manager 3.8 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
FreeCAD 0.15 - A free open source CAD system (HKLM-x32\...\FreeCAD 0.15) (Version: 0.15.4671 - Juergen Riegel)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
Game Park Console (HKLM-x32\...\{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1) (Version: 6.2.0.2 - Oberon Media, Inc.)
gedit 2.30.1 (HKLM-x32\...\gedit_is1) (Version: 2.30.1 - GNOME)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
GnuPG For Windows (HKLM-x32\...\GPG4Win) (Version: 1.1.4 - The Gpg4win Project)
GonVisor 1.74 (HKLM-x32\...\GonVisor_is1) (Version:  - G.A.A.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version:  - )
Graphviz (HKLM-x32\...\{884CF059-9A11-4DF7-A2A7-17EFE90B9278}) (Version: 2.38 - AT&T Research Labs.)
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
GUI for dvdauthor 1.07 (HKLM-x32\...\GUI for dvdauthor) (Version: 1.07 - Boraxsoft)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HFSExplorer 0.22.1 (HKLM-x32\...\HFSExplorer) (Version: 0.22.1 - Catacombae Software)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.0.0 - LIGHTNING UK!)
Inkscape 0.48.0 (HKLM-x32\...\Inkscape) (Version: 0.48.0 - )
inSSIDer (HKLM-x32\...\{05479D03-9112-4AEC-A7E7-AA878B078187}) (Version: 2.1.1 - MetaGeek)
iTunes (HKLM\...\{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}) (Version: 11.0.0.163 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.14 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
J-Link ARM V4.84f (HKLM-x32\...\J-Link ARM V4.84f) (Version: V4.84f - SEGGER Microcontroller Systeme GmbH)
J-Link V4.98a (HKLM-x32\...\J-Link V4.98a) (Version: V4.98a - SEGGER Microcontroller Systeme GmbH)
Keil µVision4 (HKLM-x32\...\Keil µVision4) (Version: 5.14.0.0 - ARM Ltd)
LibUSB-Win32-0.1.10.1 (HKLM-x32\...\LibUSB-Win32_is1) (Version: 0.1.10.1 - LibUSB-Win32)
MacDisk version 7.6 (HKLM-x32\...\LSD-MacDisk_is1) (Version: 7.6.0 - Logiciels & Services Duhem)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
ManyCam 3.1.43 (HKLM-x32\...\ManyCam) (Version: 3.1.43 - ManyCam LLC)
Matroska Pack (HKLM-x32\...\Matroska Pack) (Version:  - )
MatroskaProp (remove only) (HKLM-x32\...\MatroskaProp) (Version:  - )
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Application Virtualization Desktop Client (HKLM-x32\...\{1650E31F-23B8-40B5-A60A-C5934F557E3B}) (Version: 4.6.0.20200 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version:  - Microsoft)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 13.001.07.01.22 - Huawei Technologies Co.,Ltd)
MotioninJoy DS3 driver version 0.6.0004 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.6.0004 - www.motioninjoy.com)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MP3 M4R Converter v3.0 build 716 (HKLM-x32\...\{4279F631-E2C1-4201-BA3C-C806C1927866}_is1) (Version:  - Hoo Technologies)
MP3-Check (v1.0.35.0) (HKLM-x32\...\MP3-Check_is1) (Version: 1.0.35.0 - AudioMoves)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Multimedia Mouse Driver (HKLM-x32\...\InstallShield_{1863AFFE-90C1-406C-A60B-61F7BCF9D71C}) (Version: 3.0 - Ihr Firmenname)
Multimedia Mouse Driver (x32 Version: 3.0 - Ihr Firmenname) Hidden
MusicBee 2.4 (HKLM-x32\...\MusicBee) (Version: 2.4 - Steven Mayall)
Network Stumbler 0.4.0 (remove only) (HKLM-x32\...\Network Stumbler) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.7 - Notepad++ Team)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.81.0 - PS3 Media Server)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RarZilla Free Unrar (HKLM-x32\...\RarZilla Free Unrar) (Version: 5.10 - Philipp Winterberg)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5958 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
RetroShare (HKLM-x32\...\RetroShare) (Version:  - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.1500.0 - SAMSUNG Electronics Co., Ltd.)
ScummVM 1.2.1 (HKLM-x32\...\ScummVM_is1) (Version:  - )
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Simple Port Forwarding (HKLM-x32\...\Simple Port Forwarding) (Version: 3.5.0 - PcWinTech.com)
SoulSeek 157 NS 13e (HKLM-x32\...\Soulseek2) (Version:  - )
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.1700 - SRS Labs, Inc.)
Subtitle Edit v3.2.2 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.2.2 - Nikse)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
syncables desktop SE (HKLM-x32\...\{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}) (Version: 5.5.615.9518 - syncables)
TransMac version 11.1 (HKLM-x32\...\TransMac_is1) (Version: 11.1 - Acute Systems)
TVersity Codec Pack 1.7 (HKLM-x32\...\TVersity Codec Pack) (Version: 1.7 - TVersity Inc.)
TVersity Media Server 1.9.7 (HKLM-x32\...\TVersity Media Server) (Version: 1.9.7 - TVersity)
USB 2.0 UVC 0.3M WebCam (HKLM\...\USB 2.0 UVC 0.3M WebCam) (Version:  - )
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VJamm3 3.1.14.0 (HKLM-x32\...\VJamm 3_is1) (Version: 3.1.14.0 - Camart Ltd.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Wave Editor 3.2.0.8 (HKLM-x32\...\Wave Editor_is1) (Version: 3.2.0.8 - AbyssMedia.com)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Driver Package - Arduino LLC (www.arduino.cc) (usbser) Ports  (11/15/2007 5.1.2600.0) (HKLM\...\C6DAD6F60E5B4302F05C32F11473618CAE57F679) (Version: 11/15/2007 5.1.2600.0 - Arduino LLC (www.arduino.cc))
Windows Driver Package - FTDI CDM Driver Package (03/30/2010 2.06.02) (HKLM\...\240DFA8B9DBB2BEFF5AE826BA90E033A7C417BCB) (Version: 03/30/2010 2.06.02 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (03/30/2010 2.06.02) (HKLM\...\C133949232A5809A75DC9D5EEAAC7AFA8EE7064A) (Version: 03/30/2010 2.06.02 - FTDI)
Windows Driver Package - MakerBot Industries (usbser) Ports  (11/15/2007 5.1.2600.0) (HKLM\...\3054382FA4E9AC823A08FDF371158D3AEE161266) (Version: 11/15/2007 5.1.2600.0 - MakerBot Industries)
Windows Driver Package - MakerBot Industries (usbser) Ports  (11/15/2007 5.1.2600.0) (HKLM\...\A2CC78D4F6D86A9038A407CC68A23DABC2EC8A42) (Version: 11/15/2007 5.1.2600.0 - MakerBot Industries)
Windows Driver Package - MakerBot Industries (usbser) Ports  (11/15/2007 5.1.2600.0) (HKLM\...\D02BFA1D18A534511E58A5C30EF636268A9B227C) (Version: 11/15/2007 5.1.2600.0 - MakerBot Industries)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows-Treiberpaket - KEIL - Tools By ARM (WinUSB) USB  (08/29/2013 1.0.0.3) (HKLM\...\C96E78AFEDFD4529DF572369E6FD81679F49E548) (Version: 08/29/2013 1.0.0.3 - KEIL - Tools By ARM)
Windows-Treiberpaket - NVIDIA Display  (11/05/2009 6.14.11.8787) (HKLM\...\F13DBDE9ECDF9E5B733247B7CD7B13A77631CFEB) (Version: 11/05/2009 6.14.11.8787 - NVIDIA)
Windows-Treiberpaket - Segger (jlink) USB  (04/11/2012 2.6.8.2) (HKLM\...\419546AE8E4244C647A348987F769803F43B9C4F) (Version: 04/11/2012 2.6.8.2 - Segger)
Windows-Treiberpaket - SEGGER (JLinkCDC_x64) Ports  (08/28/2014 6.0.2601.5) (HKLM\...\ED80E3D3A350D18BFD3D3D8DAED8E2B19105763A) (Version: 08/28/2014 6.0.2601.5 - SEGGER)
Windows-Treiberpaket - SEGGER (usbser) Ports  (01/25/2012 6.0.2600.4) (HKLM\...\BD6BF8BBF7BE0D0091163F649A1A423B7EB9D4F1) (Version: 01/25/2012 6.0.2600.4 - SEGGER)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
WinSCP 5.5.6 (HKLM-x32\...\winscp3_is1) (Version: 5.5.6 - Martin Prikryl)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
YTD YouTube Downloader & Converter 3.7 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version:  - GreenTree Applications SRL)
ZoneAlarm Firewall (x32 Version: 11.0.000.504 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 11.0.000.504 - Check Point)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)
ZoneAlarm Security (x32 Version: 11.0.000.504 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (x32 Version: 1.8.11.11 - Check Point Software Technologies LTD) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0190B0C7-2FCA-4E91-9B73-D102A87B34F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {0EAB8871-7E1A-4533-9358-27B6B2ADA584} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2010-10-16] (Microsoft Corporation)
Task: {153FF763-2919-48B8-9CF2-D346C28B7009} - System32\Tasks\{CA1FA97D-B322-4FED-8E41-24076C42C9E2} => pcalua.exe -a C:\Users\mack\Downloads\vjammlatestblueprintfree\Setup.exe -d C:\Users\mack\Downloads\vjammlatestblueprintfree
Task: {263931EE-CE08-4AD1-8FB5-EBCC2F66097D} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {29323A22-613E-4844-AB38-A1D71317D8DE} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-05] ()
Task: {2F2FAC55-3A58-4AF1-A489-651AD1B20BF1} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-19] (ASUS)
Task: {40F562F5-3A88-414D-988B-85EB46E652F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {41549488-74DD-425F-A7F1-4A0213F20BF4} - System32\Tasks\{0ECC246A-78E8-4A07-AE39-87C784E7ADA9} => C:\Program Files (x86)\VJamm Blueprint Free Edition\VJamm_Blueprint.exe
Task: {5774E067-0F81-485E-91E4-E69B5C9D23B1} - System32\Tasks\{06D451D2-AFBF-4929-BAD0-E01B27682368} => pcalua.exe -a C:\Users\mack\Downloads\HijackThis.exe -d C:\Users\mack\Downloads
Task: {777A25F9-D618-4CA8-93C7-51E205CD230B} - System32\Tasks\{AA605E1C-0221-47B8-86ED-F66D07642371} => pcalua.exe -a C:\Users\mack\Downloads\HijackThis(1).exe -d C:\Users\mack\Downloads
Task: {81114E4D-9BB5-4AE8-9643-324C919B2EFF} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-01-13] (ATK)
Task: {819C6479-536A-4CF6-B5DF-0A50BF31D8D3} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {81B83E1C-4838-4DD1-B572-22C21A3580FC} - System32\Tasks\{65633E0E-4BCB-4D27-8A96-3EF7B9EF7AF9} => C:\Program Files (x86)\VJamm Blueprint Free Edition\VJamm_Blueprint.exe
Task: {8C791A2F-2390-4B11-B94E-79DC36812542} - System32\Tasks\{3EB19E80-8583-4DC7-A7DF-5FE9675ABFB8} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {A3D714AB-7D4C-4AB1-AB9F-E310C868EE81} - System32\Tasks\Digital Dynamic\Advanced Backup Manager\Autorun_User_mack => C:\Program Files (x86)\Digital Dynamic\Advanced Backup Manager\backupmanager64.exe [2015-04-29] (Digital Dynamic)
Task: {BBBF0D81-34FD-42A9-A2A7-BD3688D65E3C} - System32\Tasks\{23AD55E0-F58D-4319-8730-4434FBDFA9F6} => pcalua.exe -a "C:\Program Files (x86)\FreePDF_XP\setup.exe" -d "C:\Program Files (x86)\FreePDF_XP"
Task: {CC468511-5070-4464-93D9-16FC9F817254} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {D94BE5FA-69E8-4CD0-8A56-3AAE02666E36} - System32\Tasks\{A82D3219-B2E9-444E-A9CB-550BBA14E9C9} => pcalua.exe -a C:\Users\mack\Downloads\numark_omnicontrol_win32_2.8.40_beta\Numark_OMNICONTROL_WIN32_2.8.40_Beta\Setup.exe -d C:\Users\mack\Downloads\numark_omnicontrol_win32_2.8.40_beta\Numark_OMNICONTROL_WIN32_2.8.40_Beta
Task: {FB8FA078-AE29-411E-BC96-EF0BFB8C880B} - System32\Tasks\P4G Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {FCD92107-2680-44B9-BF32-89B085FFB265} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2010-03-16 03:48 - 2010-03-16 03:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-08-17 04:31 - 2010-08-17 04:31 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2010-08-17 04:31 - 2010-08-17 04:31 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-08-17 04:46 - 2007-08-08 09:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2010-10-16 15:20 - 2005-03-12 02:07 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2015-04-29 17:38 - 2015-04-29 17:38 - 01404928 _____ () C:\Program Files (x86)\Digital Dynamic\Advanced Backup Manager\backupsvc5.exe
2007-12-27 15:39 - 2007-12-27 15:39 - 00166520 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe
2010-08-17 04:46 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2010-01-05 02:43 - 2010-01-05 02:43 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2010-01-11 19:27 - 2010-01-11 19:27 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2009-12-19 04:11 - 2009-12-19 04:11 - 00033280 _____ () C:\Program Files\P4G\OvrClk.dll
2010-08-17 04:46 - 2007-03-10 03:58 - 00124416 _____ () C:\Program Files\ATKGFNEX\AGFNEX64.dll
2009-11-24 22:45 - 2009-11-24 22:45 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2007-12-27 15:39 - 2007-12-27 15:39 - 00051816 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
2010-12-27 13:49 - 2009-10-12 11:45 - 00312784 ____N () C:\Program Files (x86)\3DataManager\WTGService.exe
2012-01-03 11:41 - 2009-04-07 14:53 - 00030440 _____ () C:\Program Files (x86)\dcmsvc\dcmsvc.exe
2008-09-18 10:25 - 2008-09-18 10:25 - 00806912 _____ () C:\Program Files (x86)\Multimedia Mouse Driver\V5\MouseDrv.exe
2014-07-21 23:50 - 2014-07-21 23:50 - 00063400 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2009-11-02 23:20 - 2009-11-02 23:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 23:23 - 2009-11-02 23:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2006-05-03 04:49 - 2006-05-03 04:49 - 00028672 _____ () C:\Program Files (x86)\Multimedia Mouse Driver\V5\MouseHook.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:2F370DA6
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\Users\mack\Documents\Carsharing_Nutzungsantrag_Kammerer_Markus.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\Carsharing_Nutzungsantrag_Kammerer_Markus.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\mack\Documents\Carsharing_Nutzungsantrag_Kammerer_Markus.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\Carsharing_Nutzungsantrag_Kammerer_Markus.jpeg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\mack\Documents\e_card.jpg.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\e_card.jpg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\mack\Documents\Führerschein_Rückseite_Kammerer_Markus.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\Führerschein_Rückseite_Kammerer_Markus.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\mack\Documents\Führerschein_Vorderseite_Kammerer_Markus.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\Führerschein_Vorderseite_Kammerer_Markus.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\mack\Documents\meldebestätigung.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\meldebestätigung.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\mack\Documents\Meldezettel_2013.jpg.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\Meldezettel_2013.jpg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\mack\Documents\Selbsterhalterstipendium_Kammerer_1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\Selbsterhalterstipendium_Kammerer_1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\mack\Documents\Selbsterhalterstipendium_Kammerer_2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\Selbsterhalterstipendium_Kammerer_2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\mack\Documents\sv_fuehrerschein.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\sv_fuehrerschein.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\mack\Documents\Wiener_Linien_Jahreskarte_Kammerer_Markus.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\Wiener_Linien_Jahreskarte_Kammerer_Markus.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\mack\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUS WebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: FreePDF Assistant => C:\Program Files (x86)\FreePDF_XP\fpassist.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DD7F081A-3B9F-45F9-AF36-70884EB85B96}] => (Allow) LPort=5353
FirewallRules: [{B9157D46-EEC7-44E7-97F5-0617706E4C78}] => (Allow) LPort=8182
FirewallRules: [{B3B9AFCF-2F21-4188-915E-9A2618A7F95E}] => (Allow) svchost.exe
FirewallRules: [{8CB53273-4A38-487E-A438-C45A98C2DADF}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{1DA196BC-F45C-40CA-A1BD-C126373F3EB8}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{E748A37C-71D5-4ED5-AF11-4BF9502A8A8F}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe
FirewallRules: [{3716E004-7719-430E-896C-B16BC0C084AB}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe
FirewallRules: [{2725F553-8B27-4B92-A18D-C6B7429C3D18}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe
FirewallRules: [{2B504C94-2E04-4563-993B-5BBA88200814}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe
FirewallRules: [{9C2AF731-4764-4F08-A4AC-D6EB2046AFB1}] => (Allow) LPort=49875
FirewallRules: [{4F967EB3-7178-4F3C-8DA5-A0A62392DCB0}] => (Allow) LPort=5000
FirewallRules: [TCP Query User{A882B0D5-F1B8-4A51-8E95-19B0CBB8A81E}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe] => (Block) C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
FirewallRules: [UDP Query User{7F8815B7-F4A0-40E7-8AA1-32ECCE20104A}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe] => (Block) C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
FirewallRules: [TCP Query User{938755C4-F1A9-41DD-84FC-E3958692A0BA}C:\users\mack\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\mack\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{861A7D2C-42B3-450A-B44B-A3DE7B7F790B}C:\users\mack\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\mack\appdata\local\akamai\netsession_win.exe
FirewallRules: [{66A6BE8F-6D38-4C43-B3A3-95445B0F7FA2}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{496805D5-EB0F-4A04-B477-2F49C9FCDEA0}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{5E67D90A-55B4-4A94-8448-6C5D29A78934}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{2EE3BCE4-448C-4F0F-9D69-B6C79B8422D1}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{F6D0F0CD-C5D4-4F8A-B4CF-FD1FCD126A3B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{21E29F8D-0AE4-46EE-B128-1BACDC6C1BDA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{980FCDA5-35CC-452C-AED0-54A35E16F45A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F7552B16-2FA4-468B-B86D-4F6F78D18416}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5F735562-B91E-4371-AFB3-12A8CEB9CC47}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A8F42600-53AF-4EAD-8366-30259A60CB10}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{1582EB63-A9EE-4E08-AF98-050AAA37807E}] => (Allow) C:\ProgramData\TVersity\Media Server\MediaServer.exe
FirewallRules: [{2E097EFB-8571-4E95-948B-7BDBB5403CE3}] => (Allow) C:\Users\mack\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0559C367-176C-4770-AD1F-35AC304D51B1}] => (Allow) C:\Users\mack\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{D4BF4FB9-2E2E-4279-B979-F18030A7C499}C:\users\mack\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\mack\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{28597034-D3B7-41A8-98AD-B8FEDE083EBE}C:\users\mack\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\mack\appdata\local\akamai\netsession_win.exe
FirewallRules: [{23E65939-64A5-4841-8E6C-DFCD431FEC8D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{72309AE0-D82D-4FF4-90CE-C877BBF9596F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DBD79CC5-D660-4FF5-ABE2-8CFF85596DF3}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_jtag_over_usb_chip\das_server_jtag_over_usb_chip.exe
FirewallRules: [{75431006-3A67-454B-BD09-463AAD27FE10}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_jtag_over_usb_chip\das_server_jtag_over_usb_chip.exe
FirewallRules: [{C7345A57-5846-41C2-99CD-6216CBFE055D}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_tantino\das_server_tantino.exe
FirewallRules: [{280C88C8-4769-429C-97CB-60F1ABDE40CD}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_tantino\das_server_tantino.exe
FirewallRules: [{8235C2C2-AF64-41F2-838E-54C5E28080D2}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_usb11_jtag_over_usb_box\das_server_usb11_jtag_over_usb_box.exe
FirewallRules: [{3C979EF7-0AD1-41E0-8B1D-F836669B77F7}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_usb11_jtag_over_usb_box\das_server_usb11_jtag_over_usb_box.exe
FirewallRules: [{51A71173-6B90-4AED-9FE9-DF7389AC3E22}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_usb11_jtag_over_usb_sscmbox\das_server_usb11_jtag_over_usb_sscmbox.exe
FirewallRules: [{006D294A-86EB-4483-9D90-0F0643E31126}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_usb11_jtag_over_usb_sscmbox\das_server_usb11_jtag_over_usb_sscmbox.exe
FirewallRules: [{581A745E-B47C-45C5-81FE-1472CCB97557}] => (Allow) C:\Program Files (x86)\DAS\servers\UDAS\UDAS.exe
FirewallRules: [{5C1DD7DC-79F1-4042-AAAE-69A661058D16}] => (Allow) C:\Program Files (x86)\DAS\servers\UDAS\UDAS.exe
FirewallRules: [{FCC5D26C-7166-4782-9204-04471D41365C}] => (Allow) C:\Program Files (x86)\DAS\dashpas\das_dashpas.exe
FirewallRules: [{5B723CB8-3879-4C0B-B9C2-E3C5849CD172}] => (Allow) C:\Program Files (x86)\DAS\dashpas\das_dashpas.exe
FirewallRules: [{D0BADDEF-39FF-423E-B13E-853AFF3D391F}] => (Allow) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
FirewallRules: [{B16A3DD0-4F1E-4588-9B05-7D407D346E39}] => (Allow) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
FirewallRules: [{C9CB2B2D-6C71-4534-ABD4-213EE02FD5EE}] => (Allow) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
FirewallRules: [{FF7599B1-53EA-43E9-A829-9454BF8A1FFF}] => (Allow) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
FirewallRules: [{AF9A32A5-E1C2-4588-A35A-7F6EFD2DED99}] => (Allow) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
FirewallRules: [{E5908A6F-675C-406E-BB11-5DFACF8E9D49}] => (Allow) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
FirewallRules: [{2D75A763-9033-480C-B6B5-7BFCF7D56018}] => (Allow) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
FirewallRules: [{C9DEA4FC-3471-4AC4-BA8B-9703E4A8B1A5}] => (Allow) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
FirewallRules: [{FD0E43A8-5D78-4B53-AD06-AA69EF8889CC}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_jtag_over_usb_chip\das_server_jtag_over_usb_chip.exe
FirewallRules: [{C2ED0F10-4259-4FAF-B1E4-F7C52F1BDD58}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_jtag_over_usb_chip\das_server_jtag_over_usb_chip.exe
FirewallRules: [{B109F85A-79C6-45A1-BBEB-F31D16FE7C44}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_tantino\das_server_tantino.exe
FirewallRules: [{936AB318-E7BE-440A-B947-DA3B9E0CCC5C}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_tantino\das_server_tantino.exe
FirewallRules: [{FADB770D-38F2-4A15-B6D6-687DCE4378E2}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_usb11_jtag_over_usb_box\das_server_usb11_jtag_over_usb_box.exe
FirewallRules: [{5BCDC60D-5E03-4772-96E3-7BB1D72FCEBA}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_usb11_jtag_over_usb_box\das_server_usb11_jtag_over_usb_box.exe
FirewallRules: [{179DBB96-7370-4321-99E3-48C07C20EB79}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_usb11_jtag_over_usb_sscmbox\das_server_usb11_jtag_over_usb_sscmbox.exe
FirewallRules: [{7118A0B5-D6D1-41EB-9414-F1D7AB03ED53}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_usb11_jtag_over_usb_sscmbox\das_server_usb11_jtag_over_usb_sscmbox.exe
FirewallRules: [{52EC9C8E-B515-448E-9413-2889B28A54D8}] => (Allow) C:\Program Files (x86)\DAS\servers\UDAS\UDAS.exe
FirewallRules: [{7203D3B1-17B0-4280-BBBD-B917DD62160E}] => (Allow) C:\Program Files (x86)\DAS\servers\UDAS\UDAS.exe
FirewallRules: [{C01C06AB-7548-44E0-8299-CF1312456F4C}] => (Allow) C:\Program Files (x86)\DAS\dashpas\das_dashpas.exe
FirewallRules: [{9FB8CD79-4729-4EB6-8BF4-27D75A25D614}] => (Allow) C:\Program Files (x86)\DAS\dashpas\das_dashpas.exe
FirewallRules: [{B91A5886-C3D9-4BD6-B84E-65B77C8A80A9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe] => Enabled:Orbit
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Orbitdownloader\orbitnet.exe] => Enabled:Orbit

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/31/2015 01:42:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backupmanager64.exe, Version 4.4.15108.883 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 994

Startzeit: 01d09b94ff877453

Endzeit: 219

Anwendungspfad: C:\Program Files (x86)\Digital Dynamic\Advanced Backup Manager\backupmanager64.exe

Berichts-ID: 23158b77-0789-11e5-bc45-001fcf408320

Error: (05/31/2015 07:06:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15710

Error: (05/31/2015 07:06:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15710

Error: (05/31/2015 07:06:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/30/2015 11:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2009370

Error: (05/30/2015 11:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2009370

Error: (05/30/2015 11:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/29/2015 07:38:19 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.17929 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 4632. Meldungs-ID: [0x2509].

Error: (05/29/2015 07:37:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 34554924

Error: (05/29/2015 07:37:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 34554924


System errors:
=============
Error: (05/31/2015 01:57:18 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {B77C4C36-0154-4C52-AB49-FAA03837E47F}

Error: (05/31/2015 01:54:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "DirMngr" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/31/2015 01:53:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LibUsb-Win32 - Daemon, Version 0.1.10.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/31/2015 01:52:55 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000003b (0x00000000c0000046, 0xfffff800038ff7fc, 0xfffff880082e3090, 0x0000000000000000)C:\Windows\MEMORY.DMP053115-65941-01

Error: (05/31/2015 01:52:09 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎31.‎05.‎2015 um 13:50:29 unerwartet heruntergefahren.

Error: (05/31/2015 01:45:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "DirMngr" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/31/2015 01:44:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LibUsb-Win32 - Daemon, Version 0.1.10.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/31/2015 01:44:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst vpnagent erreicht.

Error: (05/31/2015 01:44:22 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000003b (0x00000000c0000046, 0xfffff800038b97fc, 0xfffff880091c3090, 0x0000000000000000)C:\Windows\MEMORY.DMP053115-67158-01

Error: (05/31/2015 01:43:38 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎31.‎05.‎2015 um 13:42:33 unerwartet heruntergefahren.


Microsoft Office:
=========================
Error: (05/31/2015 01:42:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backupmanager64.exe4.4.15108.88399401d09b94ff877453219C:\Program Files (x86)\Digital Dynamic\Advanced Backup Manager\backupmanager64.exe23158b77-0789-11e5-bc45-001fcf408320

Error: (05/31/2015 07:06:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15710

Error: (05/31/2015 07:06:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15710

Error: (05/31/2015 07:06:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/30/2015 11:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2009370

Error: (05/30/2015 11:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2009370

Error: (05/30/2015 11:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/29/2015 07:38:19 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.17929 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 4632. Meldungs-ID: [0x2509].

Error: (05/29/2015 07:37:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 34554924

Error: (05/29/2015 07:37:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 34554924


CodeIntegrity Errors:
===================================
  Date: 2015-05-31 10:48:35.429
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-31 07:07:44.999
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-30 22:28:28.300
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-30 20:37:28.454
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-30 20:17:55.425
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-30 20:01:46.418
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-30 19:52:43.885
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-30 19:23:47.851
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-29 17:06:16.510
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-28 08:40:17.626
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Genuine Intel(R) CPU U7300 @ 1.30GHz
Percentage of memory in use: 67%
Total physical RAM: 4061.02 MB
Available physical RAM: 1327.76 MB
Total Pagefile: 8120.23 MB
Available Pagefile: 4678.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:2.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:204.03 GB) (Free:61.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=204 GB) - (Type=OF Extended)

==================== End of log ============================

Machiavelli 31.05.2015 13:25
BlueScreen? Inwiefern abstürzen?

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

smacko 31.05.2015 14:26
Nach 1-2 Minuten krieg ich einen schwarzen Bildschirm und der Computer startet neu.
Combofix wird jetzt ausgeführt.

Code:
ComboFix 15-05-28.01 - mack 31.05.2015  14:41:14.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4061.2372 [GMT 2:00]
ausgeführt von:: c:\users\mack\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Antivirus *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\esupport\eDriver\Software\ASUS\MULTIFRAME\XP32_VISTA32_VISTA64_WIN7_32_WIN7_64_1.0.0021\DESKTOP_.INI
c:\users\mack\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\mack\AppData\Roaming\AcroIEHelpe.txt
c:\users\mack\AppData\Roaming\DRPSu
c:\users\mack\AppData\Roaming\Edenx
c:\users\mack\AppData\Roaming\Edenx\ulny.yle
c:\users\mack\AppData\Roaming\ImgBurn.exe
c:\users\mack\AppData\Roaming\srvblck2.tmp
c:\users\Public\invokesi.exe
c:\windows\msvcr71.dll
c:\windows\SysWow64\drivers\hwinterface.sys
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-04-28 bis 2015-05-31  ))))))))))))))))))))))))))))))
.
.
2015-05-31 12:59 . 2015-05-31 12:59        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-05-31 11:40 . 2015-05-31 11:40        --------        d-----w-        C:\RegBackup
2015-05-30 17:58 . 2015-05-31 12:08        --------        d-----w-        C:\FRST
2015-05-24 11:00 . 2015-04-16 13:23        44088        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2015-05-24 11:00 . 2015-04-16 13:23        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2015-05-24 11:00 . 2015-04-16 13:23        152744        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2015-05-24 11:00 . 2015-04-16 13:23        132120        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2015-05-24 10:54 . 2015-05-24 11:00        --------        d-----w-        c:\program files (x86)\Avira
2015-05-24 10:54 . 2015-05-24 11:00        --------        d-----w-        c:\programdata\Avira
2015-05-22 07:14 . 2015-05-22 11:20        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird
2015-05-14 07:14 . 2015-05-14 09:03        --------        d-----w-        c:\users\mack\AppData\Roaming\FreeCAD
2015-05-14 07:11 . 2015-05-24 13:07        --------        d-----w-        c:\program files (x86)\FreeCAD 0.15
2015-05-13 15:42 . 2015-05-15 12:30        --------        d-----w-        c:\users\mack\WBStool8
2015-05-12 19:37 . 2015-05-12 19:37        --------        d-----w-        c:\programdata\ASUS
2015-05-12 19:37 . 2015-05-12 19:37        --------        d-----w-        c:\users\mack\AppData\Local\ASUS
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-31 11:33 . 2015-04-10 13:16        136408        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-24 09:45 . 2015-03-28 11:57        111016        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll
2015-04-22 11:28 . 2012-09-29 09:18        778416        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-22 11:28 . 2011-10-09 11:09        142512        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-14 07:37 . 2015-04-10 13:14        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2015-04-14 07:37 . 2015-04-10 13:14        107736        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 07:37 . 2015-04-10 13:14        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2015-03-26 16:25 . 2015-04-06 09:36        263928        ----a-w-        c:\windows\system32\drivers\JLinkCDC_x64.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-04-05 370480]
"Akamai NetSession Interface"="c:\users\mack\AppData\Local\Akamai\netsession_win.exe" [2014-10-29 4673432]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-05-15 7799576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-08-17 2429]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-10-09 6937216]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"WireLessMouse"="c:\program files (x86)\Multimedia Mouse Driver\V5\StartAutorun.exe" [2005-11-30 94208]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-03-27 73832]
"dcmsvc"="c:\program files (x86)\dcmsvc\dcmsvc.exe" [2009-04-07 30440]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"Avira Systray"="c:\program files (x86)\Avira\Launcher\Avira.OE.Systray.exe" [2015-05-07 128760]
"avgnt"="c:\program files (x86)\Avira\Antivirus\avgnt.exe" [2015-04-16 728312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe -d [2010-8-17 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h [2010-8-17 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\Antivirus\avmailc7.exe;c:\program files (x86)\Avira\Antivirus\avmailc7.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\Antivirus\avwebg7.exe;c:\program files (x86)\Avira\Antivirus\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe;c:\windows\SYSNATIVE\libusbd-nt.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 jlink;J-Link driver;c:\windows\system32\DRIVERS\jlinkx64.sys;c:\windows\SYSNATIVE\DRIVERS\jlinkx64.sys [x]
R3 JLinkCDC_x64;JLinkCDC_x64;c:\windows\system32\DRIVERS\JLinkCDC_x64.sys;c:\windows\SYSNATIVE\DRIVERS\JLinkCDC_x64.sys [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys;c:\windows\SYSNATIVE\drivers\libusb0.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys;c:\windows\SYSNATIVE\DRIVERS\sscebus.sys [x]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys;c:\windows\SYSNATIVE\DRIVERS\sscemdfl.sys [x]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys;c:\windows\SYSNATIVE\DRIVERS\sscemdm.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\Antivirus\sched.exe;c:\program files (x86)\Avira\Antivirus\sched.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys;c:\program files\ATKGFNEX\ASMMAP64.sys [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 backupsvc5;Backup service - Advanced Backup Manager - Digital Dynamic;c:\program files (x86)\Digital Dynamic\Advanced Backup Manager\backupsvc5.exe;c:\program files (x86)\Digital Dynamic\Advanced Backup Manager\backupsvc5.exe [x]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
S2 Start BT in service;Start BT in service;c:\program files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe;c:\program files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S2 WTGService;WTGService;c:\program files (x86)\3DataManager\WTGService.exe;c:\program files (x86)\3DataManager\WTGService.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper        REG_MULTI_SZ          nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-26 06:20        986440        ----a-w-        c:\program files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-05 15:58]
.
2015-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-05 15:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49        70656        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49        70656        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-06 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-06 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-06 365592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 14829160]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://asus.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Alles mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Auswahl mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Wow6432Node-HKCU-Run-Power2GoExpress - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ISW - (no file)
AddRemove-ASUS_UL_Series_Screensaver - c:\windows\system32\ASUS_UL_Series_Screensaver.scr
AddRemove-FreeCAD 0.15 - c:\program files (x86)\FreeCAD 0.15\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3116657491-1295945133-2050658187-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{42A2231E-B776-79A2-22B6-4A8D486D0CD7}*]
@Allowed: (Read) (RestrictedCode)
"panoifpjbfhomdempbajngmdcffndnfl"=hex:6a,61,62,69,6d,67,62,66,66,6b,65,6d,64,
  69,67,67,68,66,6d,70,00,f5
"oapocikdkkcimnebgidcoeannndcnf"=hex:6b,61,62,69,6a,67,6d,67,70,67,68,64,63,70,
  70,6c,67,69,65,6f,6a,69,00,00
.
[HKEY_USERS\S-1-5-21-3116657491-1295945133-2050658187-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E77FEA39-C0AB-17B9-B7F2-04FD4D2D829B}*]
@Allowed: (Read) (RestrictedCode)
"paondfepgcijccjdkgfepbmpbnbcahhc"=hex:6b,61,63,69,63,67,70,70,70,6b,65,6f,68,
  64,66,67,6c,6f,6f,6e,67,63,00,00
"oamnfgfjffjbbdnoigdlfhlhmfgneb"=hex:6b,61,6a,69,6f,66,6a,6f,63,66,62,63,65,6b,
  67,66,64,65,6b,62,6d,68,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\Antivirus\avguard.exe
c:\program files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-05-31  15:14:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-05-31 13:14
.
Vor Suchlauf: 3.243.839.488 Bytes frei
Nach Suchlauf: 3.145.883.648 Bytes frei
.
- - End Of File - - DE89E1ADD87F863E43199D82E471427C
A36C5E4F47E84449FF07ED3517B43A31

Machiavelli 31.05.2015 16:03
Versuch jetzt nochmal JRT und AdwCleaner.

smacko 31.05.2015 16:34
Die beiden Programme führen immer noch zum selben Ergebnis:
Schwarzer Bildschirm, sofortiger Neustart.

Beim AdwareCleaner kurz nach dem drücken des Löschen Buttons.
Beim JRT während Checking Processes angezeigt wird.

Machiavelli 31.05.2015 17:14
So ne Scheisse, aber wir werden das schon schaffen

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan.

smacko 31.05.2015 17:22
Wem sagst du das..
..dank dir.

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by mack (administrator) on MACKTRON on 31-05-2015 18:17:01
Running from C:\Users\mack\Downloads
Loaded Profiles: mack (Available Profiles: mack)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
(ASUS) C:\Windows\AsScrPro.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(syncables, LLC) C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Akamai Technologies, Inc.) C:\Users\mack\AppData\Local\Akamai\netsession_win.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Sun Microsystems, Inc.) C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
(Akamai Technologies, Inc.) C:\Users\mack\AppData\Local\Akamai\netsession_win.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Digital Dynamic\Advanced Backup Manager\backupsvc5.exe
() C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
() C:\Program Files (x86)\Multimedia Mouse Driver\V5\MouseDrv.exe
() C:\Program Files (x86)\dcmsvc\dcmsvc.exe
() C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
() C:\Program Files (x86)\3DataManager\WTGService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ISW] => C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-22] (Check Point Software Technologies)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-08-17] ()
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6937216 2009-10-09] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-20] (ASUS)
HKLM-x32\...\Run: [WireLessMouse] => C:\Program Files (x86)\Multimedia Mouse Driver\V5\StartAutorun.exe MouseDrv.exe
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-03-27] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [dcmsvc] => C:\Program Files (x86)\dcmsvc\dcmsvc.exe [30440 2009-04-07] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.OE.Systray.exe [128760 2015-05-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [728312 2015-04-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\Run: [Syncables] => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-04-05] (syncables, LLC)
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\Run: [Akamai NetSession Interface] => C:\Users\mack\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-15] (SUPERAntiSpyware)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2010-08-17]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2010-08-17]
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-3116657491-1295945133-2050658187-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3116657491-1295945133-2050658187-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3116657491-1295945133-2050658187-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-3116657491-1295945133-2050658187-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-24] (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-11-22] (Check Point Software Technologies)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-24] (Oracle Corporation)
BHO-x32: No Name -> {000123B4-9B42-4900-B3F7-F4B073EFC214} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27] (Oracle Corporation)
BHO-x32: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-11-22] (Check Point Software Technologies)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2011-12-28] ()
BHO-x32: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} ->  No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27] (Oracle Corporation)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-11-22] (Check Point Software Technologies)
Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-11-22] (Check Point Software Technologies)
Toolbar: HKU\S-1-5-21-3116657491-1295945133-2050658187-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-3116657491-1295945133-2050658187-1001 -> ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-11-22] (Check Point Software Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-09-24] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-09-24] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-09-24] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-09-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-22] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-22] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll [2012-11-22] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nosltd.com/getPlus+(R),version=1.6.2.90 -> C:\Program Files (x86)\NOS\bin\np_gp.dll [2010-08-13] (NOS Microsystems Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-06-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-06-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-06-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-06-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-06-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll [2010-08-13] (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\searchplugins\google-images.xml [2014-11-28]
FF SearchPlugin: C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\searchplugins\google-maps.xml [2014-11-28]
FF SearchPlugin: C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\searchplugins\google-sterreich.xml [2013-12-07]
FF SearchPlugin: C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\searchplugins\wolframalpha.xml [2010-11-03]
FF Extension: Avira Browser Safety - C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\Extensions\abs@avira.com [2015-05-24]
FF Extension: Logitech Device Detection - C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\Extensions\DeviceDetection@logitech.com [2012-04-28]
FF Extension: Free Download Manager plugin - C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\Extensions\fdm_ffext@freedownloadmanager.org [2012-11-22]
FF Extension: FoxyProxy Standard - C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\Extensions\foxyproxy@eric.h.jung [2014-09-23]
FF Extension: TinEye Reverse Image Search - C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\Extensions\tineye@ideeinc.com [2011-03-30]
FF Extension: Personas Plus - C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\Extensions\personas@christopher.beard.xpi [2013-05-18]
FF Extension: Tab Auto Reload - C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\Extensions\TabAutoReload@schuzak.jp.xpi [2014-03-28]
FF Extension: Video DownloadHelper - C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: Adblock Plus - C:\Users\mack\AppData\Roaming\Mozilla\Firefox\Profiles\98nq4sct.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-08-16]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2015-05-17]
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011-11-23]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013-05-26]
FF HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\mack\AppData\Roaming\11001
FF Extension: Java String Helper - C:\Users\mack\AppData\Roaming\11001 [2012-03-18]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Profile: C:\Users\mack\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ask Toolbar) - C:\Users\mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaamnjcfigiihfpfilaaiifgdgfogcg [2013-03-09]
CHR Extension: (Google Drive) - C:\Users\mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-30]
CHR Extension: (YouTube) - C:\Users\mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-30]
CHR Extension: (Google Search) - C:\Users\mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-30]
CHR Extension: (Gmail) - C:\Users\mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-30]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaamnjcfigiihfpfilaaiifgdgfogcg] - C:\Users\mack\AppData\Local\APN\GoogleCRXs\aaaamnjcfigiihfpfilaaiifgdgfogcg_7.17.2.0.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-13] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [827640 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1185584 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [206584 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 backupsvc5; C:\Program Files (x86)\Digital Dynamic\Advanced Backup Manager\backupsvc5.exe [1404928 2015-04-29] () [File not signed]
R2 BlueSoleil Hid Service; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe [166520 2007-12-27] ()
S2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [231936 2009-02-17] () [File not signed]
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies)
S2 libusbd; C:\Windows\SysWOW64\libusbd-nt.exe [18944 2005-03-09] (hxxp://libusb-win32.sourceforge.net) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [66112 2010-08-13] (NOS Microsystems Ltd.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Start BT in service; C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [51816 2007-12-27] ()
S3 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [1249064 2011-07-29] ()
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-03-27] (Check Point Software Technologies LTD)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTGService; C:\Program Files (x86)\3DataManager\WTGService.exe [312784 2009-10-12] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-04-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-04-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-04-16] (Avira Operations GmbH & Co. KG)
R3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [37896 2007-06-24] (IVT Corporation.)
R3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [37896 2007-06-24] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [37384 2007-06-24] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\SysWOW64\DRIVERS\BlueletSCOAudio.sys [37384 2007-06-24] (IVT Corporation.)
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [25360 2007-03-05] (IVT Corporation.)
R3 BT; C:\Windows\SysWOW64\DRIVERS\btnetdrv.sys [25360 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47368 2007-06-24] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\SysWOW64\Drivers\btcusb.sys [47368 2007-06-24] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [24976 2007-03-05] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\SysWOW64\Drivers\vbtenum.sys [24976 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [49680 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\SysWOW64\Drivers\BTHidMgr.sys [49680 2007-03-05] (IVT Corporation.)
S3 ewusbnet; C:\Windows\SysWOW64\DRIVERS\ewusbnet.sys [216576 2010-12-27] (Huawei Technologies Co., Ltd.) [File not signed]
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [117248 2009-09-10] (Huawei Technologies Co., Ltd.) [File not signed]
S3 hwusbdev; C:\Windows\SysWOW64\DRIVERS\ewusbdev.sys [114560 2010-12-27] (Huawei Technologies Co., Ltd.) [File not signed]
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies)
S3 jlink; C:\Windows\System32\DRIVERS\jlinkx64.sys [32376 2014-07-31] (SEGGER Microcontroller Systeme GmbH)
S3 JLinkCDC_x64; C:\Windows\System32\DRIVERS\JLinkCDC_x64.sys [263928 2015-03-26] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [33792 2005-03-09] () [File not signed]
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-07-17] ()
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [47120 2007-03-05] (IVT Corporation.)
R3 VComm; C:\Windows\SysWOW64\DRIVERS\VComm.sys [47120 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [63248 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\SysWOW64\Drivers\VcommMgr.sys [63248 2007-03-05] (IVT Corporation.)
S3 VHidMinidrv; C:\Windows\System32\drivers\VHIDMini.sys [23184 2007-03-05] (IVT Corporation.)
S3 VHidMinidrv; C:\Windows\SysWOW64\drivers\VHIDMini.sys [23184 2007-03-05] (IVT Corporation.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-07-21] (Cisco Systems, Inc.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 18:07 - 2015-05-31 18:07 - 00023288 _____ () C:\Users\mack\AppData\Local\recently-used.xbel
2015-05-31 17:28 - 2015-05-31 17:28 - 00293584 _____ () C:\Windows\Minidump\053115-60341-01.dmp
2015-05-31 17:21 - 2015-05-31 17:21 - 00293584 _____ () C:\Windows\Minidump\053115-66518-01.dmp
2015-05-31 15:14 - 2015-05-31 15:14 - 00023905 _____ () C:\ComboFix.txt
2015-05-31 14:37 - 2015-05-31 15:14 - 00000000 ____D () C:\ComboFix
2015-05-31 14:34 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-31 14:34 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-31 14:34 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-31 14:34 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-31 14:34 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-31 14:34 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-31 14:34 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-31 14:34 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-31 14:33 - 2015-05-31 15:14 - 00000000 ____D () C:\Qoobox
2015-05-31 14:33 - 2015-05-31 15:08 - 00000000 ____D () C:\Windows\erdnt
2015-05-31 14:26 - 2015-05-31 14:26 - 05628678 ____R (Swearware) C:\Users\mack\Desktop\ComboFix.exe
2015-05-31 13:52 - 2015-05-31 13:52 - 00293584 _____ () C:\Windows\Minidump\053115-65941-01.dmp
2015-05-31 13:44 - 2015-05-31 13:44 - 00293584 _____ () C:\Windows\Minidump\053115-67158-01.dmp
2015-05-31 13:43 - 2015-05-31 17:27 - 590676359 ____N () C:\Windows\MEMORY.DMP
2015-05-31 13:40 - 2015-05-31 13:40 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MACKTRON-Windows-7-Home-Premium-(64-bit).dat
2015-05-31 13:40 - 2015-05-31 13:40 - 00000000 ____D () C:\RegBackup
2015-05-31 13:35 - 2015-05-31 13:35 - 00001290 _____ () C:\Users\mack\Downloads\mbam.txt
2015-05-31 07:31 - 2015-05-31 07:31 - 02947635 _____ (Thisisu) C:\Users\mack\Downloads\JRT.exe
2015-05-30 23:40 - 2015-05-30 23:40 - 00293584 _____ () C:\Windows\Minidump\053015-58609-01.dmp
2015-05-30 23:31 - 2015-05-30 23:31 - 00293584 _____ () C:\Windows\Minidump\053015-58125-01.dmp
2015-05-30 23:13 - 2015-05-30 23:13 - 00293584 _____ () C:\Windows\Minidump\053015-79794-01.dmp
2015-05-30 23:04 - 2015-05-30 23:04 - 02222592 _____ () C:\Users\mack\Downloads\AdwCleaner_4.205.exe
2015-05-30 20:51 - 2015-05-30 20:51 - 00000470 _____ () C:\Users\mack\Downloads\defogger_disable.log
2015-05-30 20:51 - 2015-05-30 20:51 - 00000000 _____ () C:\Users\mack\defogger_reenable
2015-05-30 20:50 - 2015-05-30 20:50 - 00050477 _____ () C:\Users\mack\Downloads\Defogger.exe
2015-05-30 20:28 - 2015-05-30 20:47 - 00004210 _____ () C:\Users\mack\Downloads\Gmer.txt
2015-05-30 20:04 - 2015-05-30 20:04 - 00380416 _____ () C:\Users\mack\Downloads\Gmer-19357.exe
2015-05-30 20:00 - 2015-05-31 14:08 - 00055400 _____ () C:\Users\mack\Downloads\Addition.txt
2015-05-30 19:58 - 2015-05-31 18:17 - 00030590 _____ () C:\Users\mack\Downloads\FRST.txt
2015-05-30 19:58 - 2015-05-31 18:17 - 00000000 ____D () C:\FRST
2015-05-30 19:58 - 2015-05-30 19:58 - 02108928 _____ (Farbar) C:\Users\mack\Downloads\FRST64.exe
2015-05-30 19:33 - 2015-05-30 19:33 - 00003128 _____ () C:\Windows\System32\Tasks\{AA605E1C-0221-47B8-86ED-F66D07642371}
2015-05-30 19:32 - 2015-05-30 19:32 - 00388608 _____ (Trend Micro Inc.) C:\Users\mack\Downloads\HijackThis(1).exe
2015-05-30 19:29 - 2015-05-30 19:29 - 00015320 _____ () C:\Users\mack\Downloads\hijackthis.xml
2015-05-30 19:28 - 2015-05-30 19:28 - 00015519 _____ () C:\Users\mack\Downloads\hijackthis.txt
2015-05-30 19:18 - 2015-05-30 19:18 - 00003122 _____ () C:\Windows\System32\Tasks\{06D451D2-AFBF-4929-BAD0-E01B27682368}
2015-05-27 20:01 - 2015-05-27 20:01 - 00000000 _____ () C:\Users\mack\AppData\Local\{4DA5B918-4694-4E02-B4AA-CCBEF9D0FB65}
2015-05-24 13:00 - 2015-04-16 15:23 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-24 13:00 - 2015-04-16 15:23 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-24 13:00 - 2015-04-16 15:23 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-05-24 13:00 - 2015-04-16 15:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-05-24 12:54 - 2015-05-24 13:00 - 00000000 ____D () C:\ProgramData\Avira
2015-05-24 12:54 - 2015-05-24 13:00 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-05-24 12:54 - 2015-05-24 12:54 - 00001213 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-05-23 20:16 - 2015-05-23 20:16 - 00047279 _____ () C:\Users\mack\Downloads\Hot_Fuzz_2007.x264-SEPTiC.en.zip
2015-05-23 20:11 - 2015-05-23 20:11 - 00046085 _____ () C:\Users\mack\Downloads\Hot_Fuzz_2007.DVDRip.eng-RETAIL.en.zip
2015-05-23 20:10 - 2015-05-23 20:11 - 00049410 _____ () C:\Users\mack\Downloads\Hot_Fuzz_2007.DVDRip.HI.en.zip
2015-05-23 19:48 - 2015-05-23 19:49 - 00045517 _____ () C:\Users\mack\Downloads\Hot_Fuzz_2007.aXXo.en.zip
2015-05-22 20:28 - 2015-05-22 20:38 - 00000000 ____D () C:\Users\mack\Downloads\XMC_Tutorial_Movinglight_(PWM,_DMX)
2015-05-22 20:26 - 2015-05-22 20:26 - 00010413 ____R () C:\Users\mack\Downloads\XMC_Tutorial_Movinglight_(PWM,_DMX).zip
2015-05-22 09:14 - 2015-05-22 13:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-05-17 11:53 - 2015-05-17 11:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-14 09:14 - 2015-05-14 11:03 - 00000000 ____D () C:\Users\mack\AppData\Roaming\FreeCAD
2015-05-14 09:14 - 2015-05-14 09:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCAD 0.15
2015-05-14 09:11 - 2015-05-24 15:07 - 00000000 ____D () C:\Program Files (x86)\FreeCAD 0.15
2015-05-14 08:46 - 2015-05-15 07:53 - 00000000 ____D () C:\Users\mack\Documents\R@D@
2015-05-13 17:42 - 2015-05-15 14:30 - 00000000 ____D () C:\Users\mack\WBStool8
2015-05-13 17:42 - 2015-05-13 17:42 - 00000842 _____ () C:\Users\mack\Desktop\WBStool8.lnk
2015-05-13 17:24 - 2015-05-13 17:24 - 01005568 _____ (Microsoft Corporation) C:\Users\mack\Downloads\dotNetFx45_Full_setup.exe
2015-05-13 17:22 - 2015-05-13 17:24 - 00020950 _____ () C:\Users\mack\Downloads\Start.zip
2015-05-13 17:22 - 2015-05-13 17:24 - 00000000 ____D () C:\Users\mack\Downloads\Start
2015-05-13 07:00 - 2015-05-13 07:00 - 00000000 _____ () C:\Users\mack\AppData\Local\{BC2E3E8D-AA4D-457E-8C78-FB09BEEA2E2A}
2015-05-12 21:38 - 2015-05-12 21:38 - 00000000 ____D () C:\Users\mack\Documents\ASUS
2015-05-12 21:37 - 2015-05-12 21:37 - 00000000 ____D () C:\Users\mack\AppData\Local\ASUS
2015-05-12 21:37 - 2015-05-12 21:37 - 00000000 ____D () C:\ProgramData\ASUS
2015-05-12 13:07 - 2015-05-12 13:07 - 00000000 ____D () C:\Users\mack\Downloads\Weatherstation_2013_FIXED
2015-05-12 13:06 - 2015-05-12 13:06 - 00015591 _____ () C:\Users\mack\Downloads\Weatherstation_2013_FIXED.zip
2015-05-11 20:49 - 2015-05-11 20:49 - 00036815 _____ () C:\Users\mack\Downloads\at.the.circus.(1939).eng.1cd.(3277437).zip
2015-05-02 10:24 - 2015-05-02 10:24 - 00000000 ____D () C:\Users\mack\Downloads\r2poster_final
2015-05-02 09:56 - 2015-05-02 10:16 - 39503040 _____ () C:\Users\mack\Downloads\r2poster_final.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 18:16 - 2012-05-25 22:28 - 00000000 ____D () C:\Users\mack\.gimp-2.8
2015-05-31 17:37 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-31 17:37 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-31 17:33 - 2010-08-17 04:11 - 01496896 _____ () C:\Windows\WindowsUpdate.log
2015-05-31 17:32 - 2011-01-06 00:10 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-31 17:29 - 2012-11-15 01:30 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-31 17:28 - 2011-01-06 00:10 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-31 17:28 - 2010-10-19 23:46 - 00000000 ____D () C:\Windows\Minidump
2015-05-31 17:28 - 2010-10-16 11:53 - 00000000 ___HD () C:\ASUS.DAT
2015-05-31 17:28 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-31 17:27 - 2015-03-14 14:54 - 00007791 _____ () C:\Windows\setupact.log
2015-05-31 17:08 - 2014-11-28 10:37 - 00000000 ____D () C:\AdwCleaner
2015-05-31 17:07 - 2009-08-04 11:51 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2015-05-31 17:07 - 2009-08-04 11:51 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2015-05-31 17:07 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-31 17:03 - 2010-10-16 14:53 - 00000000 ____D () C:\Users\mack\AppData\Roaming\vlc
2015-05-31 15:03 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-31 15:01 - 2015-03-30 08:27 - 00448726 _____ () C:\Windows\PFRO.log
2015-05-31 14:49 - 2010-08-17 04:27 - 00000000 ____D () C:\ProgramData\Temp
2015-05-31 13:33 - 2015-04-10 15:16 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-31 13:28 - 2010-10-19 21:06 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-05-30 23:50 - 2015-04-10 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-30 23:50 - 2015-04-10 15:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-30 20:51 - 2010-10-16 11:52 - 00000000 ____D () C:\Users\mack
2015-05-30 20:07 - 2012-04-28 18:30 - 00007598 _____ () C:\Users\mack\AppData\Local\resmon.resmoncfg
2015-05-30 19:36 - 2015-04-10 15:18 - 00015323 _____ () C:\Users\mack\Downloads\hijackthis.log
2015-05-28 17:57 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-25 08:55 - 2010-08-17 04:49 - 00001476 _____ () C:\Windows\system32\ServiceFilter.ini
2015-05-24 13:04 - 2015-04-12 14:16 - 00000000 ____D () C:\Users\mack\AppData\Roaming\Avira
2015-05-24 13:02 - 2015-04-12 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-24 12:55 - 2015-04-12 14:02 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-24 12:54 - 2015-04-10 15:40 - 04737144 _____ (Avira Operations GmbH & Co. KG) C:\Users\mack\Downloads\avira_de_av_5527d27f8a46b__ws.exe
2015-05-23 13:09 - 2010-11-11 09:23 - 00000000 ____D () C:\Users\mack\AppData\Local\PokerStars.EU
2015-05-22 19:13 - 2012-05-03 10:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-21 09:17 - 2013-05-25 22:01 - 00452096 ___SH () C:\Users\mack\Desktop\Thumbs.db
2015-05-18 16:51 - 2012-02-08 11:56 - 00000000 ____D () C:\Users\mack\AppData\Local\Eclipse
2015-05-18 16:11 - 2010-10-17 19:12 - 00000000 ____D () C:\Users\mack\AppData\Local\FreePDF_XP
2015-05-18 16:10 - 2010-10-17 19:12 - 00013020 _____ () C:\fpRedmon.log
2015-05-17 10:27 - 2011-01-06 00:10 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 10:27 - 2011-01-06 00:10 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 11:10 - 2012-03-13 23:45 - 00000000 ____D () C:\Users\mack\workspace
2015-05-15 16:52 - 2010-12-07 14:54 - 00000000 ____D () C:\Users\mack\AppData\Roaming\inkscape
2015-05-13 17:37 - 2010-10-17 19:49 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-13 00:39 - 2014-03-19 19:19 - 00000000 ____D () C:\Users\mack\AppData\Roaming\CodeBlocks
2015-05-10 17:36 - 2014-12-11 15:11 - 00000000 ____D () C:\Users\mack\AppData\Roaming\Notepad++
2015-05-04 21:40 - 2010-11-11 09:21 - 00000000 ____D () C:\Program Files (x86)\PokerStars

==================== Files in the root of some directories =======

2014-11-26 17:37 - 2014-11-26 17:42 - 352321536 _____ () C:\Program Files (x86)\pmagic_2013_08_01.iso
2015-04-12 08:30 - 2015-04-12 08:30 - 1125626 _____ () C:\Program Files (x86)\ProcessExplorer_16.5.zip
2011-01-06 09:01 - 2011-01-06 09:01 - 4182178 _____ (The Public) C:\Users\mack\AppData\Roaming\Avisynth.exe
2011-01-06 09:01 - 2011-01-06 09:01 - 5243208 _____ (                                                            ) C:\Users\mack\AppData\Roaming\AvsP.exe
2011-01-06 09:01 - 2011-01-06 09:01 - 4284535 _____ (ffdshow                                                    ) C:\Users\mack\AppData\Roaming\ffdshow.exe
2011-01-06 09:01 - 2011-01-06 09:02 - 7760687 _____ (Boraxsoft) C:\Users\mack\AppData\Roaming\SetupGFD.exe
2012-03-16 16:15 - 2012-03-16 16:15 - 0000014 _____ () C:\Users\mack\AppData\Roaming\urhtps.dat
2010-10-20 12:13 - 2015-02-05 14:29 - 0000600 _____ () C:\Users\mack\AppData\Roaming\winscp.rnd
2011-01-06 09:01 - 2011-01-06 09:01 - 0642685 _____ (Xvid team                                                  ) C:\Users\mack\AppData\Roaming\xvid.exe
2012-11-17 00:21 - 2012-11-17 00:21 - 0003584 _____ () C:\Users\mack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-12-21 09:23 - 2010-12-21 09:23 - 0000092 _____ () C:\Users\mack\AppData\Local\fusioncache.dat
2015-05-31 18:07 - 2015-05-31 18:07 - 0023288 _____ () C:\Users\mack\AppData\Local\recently-used.xbel
2012-04-28 18:30 - 2015-05-30 20:07 - 0007598 _____ () C:\Users\mack\AppData\Local\resmon.resmoncfg
2015-05-27 20:01 - 2015-05-27 20:01 - 0000000 _____ () C:\Users\mack\AppData\Local\{4DA5B918-4694-4E02-B4AA-CCBEF9D0FB65}
2014-06-17 18:54 - 2014-06-17 18:54 - 0000000 _____ () C:\Users\mack\AppData\Local\{AD4E2A5B-8F1C-4261-A7B2-3DB6F2A5ED60}
2015-05-13 07:00 - 2015-05-13 07:00 - 0000000 _____ () C:\Users\mack\AppData\Local\{BC2E3E8D-AA4D-457E-8C78-FB09BEEA2E2A}
2011-05-11 11:33 - 2011-05-11 11:33 - 0000000 _____ () C:\Users\mack\AppData\Local\{D448B147-BA49-49DE-82A6-A8D0AA808360}
2011-05-21 16:27 - 2011-05-21 16:27 - 0000000 _____ () C:\Users\mack\AppData\Local\{E700C3C4-2E00-4AE3-B562-67FDE080E09B}
2010-10-16 20:10 - 2010-10-16 20:10 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-08-17 04:32 - 2009-12-24 14:38 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-10-16 21:23 - 2010-10-17 13:39 - 0009627 _____ () C:\ProgramData\hpzinstall.log
2010-08-17 04:28 - 2010-08-17 04:28 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-08-17 04:27 - 2010-08-17 04:28 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Files to move or delete:
====================
C:\Users\Public\dcmsvcsetup.exe


Some files in TEMP:
====================
C:\Users\mack\AppData\Local\Temp\avgnt.exe
C:\Users\mack\AppData\Local\Temp\Quarantine.exe
C:\Users\mack\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 10:55

==================== End of log ============================


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by mack at 2015-05-31 18:19:12
Running from C:\Users\mack\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3116657491-1295945133-2050658187-500 - Administrator - Disabled)
Gast (S-1-5-21-3116657491-1295945133-2050658187-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3116657491-1295945133-2050658187-1005 - Limited - Enabled)
mack (S-1-5-21-3116657491-1295945133-2050658187-1001 - Administrator - Enabled) => C:\Users\mack

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29677 - BitTorrent Inc.)
3DataManager (HKLM-x32\...\3DataManager) (Version: 2.2 - 3DataManager)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.90 - NOS Microsystems Ltd.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Advanced Backup Manager 4.4.15108.883 (HKLM\...\Advanced Backup Manager) (Version: 4.4.15108.883 - Digital Dynamic)
AFPL Ghostscript 8.53 (HKLM\...\AFPL Ghostscript 8.53) (Version:  - )
AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version:  - )
Akamai NetSession Interface (HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
Any Video Converter 5.7.6 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.17.7.0 - Ask.com) <==== ATTENTION
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.29 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ASUS_UL_Series_Screensaver (HKLM-x32\...\ASUS_UL_Series_Screensaver) (Version:  - )
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0053 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0007 - ASUS)
Audacity 1.3.12 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Autodesk Design Review 2011 (HKLM-x32\...\Autodesk Design Review 2011) (Version: 11.0.0.86 - Autodesk, Inc.)
Autodesk Design Review 2011 (x32 Version: 11.0.0.86 - Autodesk, Inc.) Hidden
Avira (HKLM-x32\...\{022ef99f-0db2-4efc-964d-5dd2da3151f6}) (Version: 1.1.37.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.37.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
AvsP (HKLM-x32\...\AvsP_is1) (Version:  - )
Bluesoleil2.7.0.13 VoIP Release 071227 (HKLM-x32\...\{8F85CC2C-4B26-4CF6-B835-DC59BCEDD287}) (Version: 2.7.0.13 VoIP Release 071227 - IVT Corporation)
Boingo Wi-Fi (HKLM-x32\...\{B653A2EC-D816-4498-A4FD-651047AB9DC9}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{F3586612-687E-4F67-B070-CB511E18B5B3}) (Version: 0.9.13 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05178 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05178 - Cisco Systems, Inc.) Hidden
CodeBlocks (HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAS (HKLM-x32\...\DAS) (Version: 4.6.0 - Infineon Technologies AG)
DAS (x32 Version: 4.6.0 - Infineon Technologies AG) Hidden
dcmsvc 1.0 (HKLM-x32\...\dcmsvc_is1) (Version:  - )
DirectVobSub 2.41.6609 (HKLM-x32\...\vsfilter_is1) (Version: 2.41.6609 - MPC-HC Team)
Driver Sweeper Version 3.2.0 (HKLM-x32\...\{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1) (Version: 3.2.0 - Phyxion.net)
DVD slideshow GUI 0.9.4.0 (HKLM-x32\...\BE37E547-62DF-43C8-AE6A-D03E82BC67A2_is1) (Version: DVD slideshow GUI 0.9.4.0 - Tin2tin)
Emu64 V4.30 (HKLM-x32\...\{FB1EBA58-4829-4AE5-A9C8-7170E7BA7005}) (Version: 4.3.0003 - ALFSOFT)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version:  - )
Express Gate (HKLM-x32\...\{B5A5627C-0173-4DB2-ADA8-740479370F67}) (Version: 1.2.13.40 - DeviceVM, Inc.)
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
FLAC 1.2.1b (remove only) (HKLM-x32\...\FLAC) (Version: 1.2.1b - Xiph.org)
foobar2000 v1.1.9 (HKLM-x32\...\foobar2000) (Version: 1.1.9 - Peter Pawlowski)
FOTO AT Fotowelt (HKLM-x32\...\FOTO AT Fotowelt) (Version:  - )
Foto-Mosaik-Edda Standard V5.8.0 (HKLM-x32\...\{BF962E1B-D17A-4713-A100-6531A132D83D}_is1) (Version:  - Steffen Schirmer)
Free Alarm Clock 2.7.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 2.7 - Comfort Software Group)
Free Download Manager 3.8 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
FreeCAD 0.15 - A free open source CAD system (HKLM-x32\...\FreeCAD 0.15) (Version: 0.15.4671 - Juergen Riegel)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
Game Park Console (HKLM-x32\...\{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1) (Version: 6.2.0.2 - Oberon Media, Inc.)
gedit 2.30.1 (HKLM-x32\...\gedit_is1) (Version: 2.30.1 - GNOME)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
GnuPG For Windows (HKLM-x32\...\GPG4Win) (Version: 1.1.4 - The Gpg4win Project)
GonVisor 1.74 (HKLM-x32\...\GonVisor_is1) (Version:  - G.A.A.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version:  - )
Graphviz (HKLM-x32\...\{884CF059-9A11-4DF7-A2A7-17EFE90B9278}) (Version: 2.38 - AT&T Research Labs.)
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
GUI for dvdauthor 1.07 (HKLM-x32\...\GUI for dvdauthor) (Version: 1.07 - Boraxsoft)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HFSExplorer 0.22.1 (HKLM-x32\...\HFSExplorer) (Version: 0.22.1 - Catacombae Software)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.0.0 - LIGHTNING UK!)
Inkscape 0.48.0 (HKLM-x32\...\Inkscape) (Version: 0.48.0 - )
inSSIDer (HKLM-x32\...\{05479D03-9112-4AEC-A7E7-AA878B078187}) (Version: 2.1.1 - MetaGeek)
iTunes (HKLM\...\{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}) (Version: 11.0.0.163 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.14 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
J-Link ARM V4.84f (HKLM-x32\...\J-Link ARM V4.84f) (Version: V4.84f - SEGGER Microcontroller Systeme GmbH)
J-Link V4.98a (HKLM-x32\...\J-Link V4.98a) (Version: V4.98a - SEGGER Microcontroller Systeme GmbH)
Keil µVision4 (HKLM-x32\...\Keil µVision4) (Version: 5.14.0.0 - ARM Ltd)
LibUSB-Win32-0.1.10.1 (HKLM-x32\...\LibUSB-Win32_is1) (Version: 0.1.10.1 - LibUSB-Win32)
MacDisk version 7.6 (HKLM-x32\...\LSD-MacDisk_is1) (Version: 7.6.0 - Logiciels & Services Duhem)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
ManyCam 3.1.43 (HKLM-x32\...\ManyCam) (Version: 3.1.43 - ManyCam LLC)
Matroska Pack (HKLM-x32\...\Matroska Pack) (Version:  - )
MatroskaProp (remove only) (HKLM-x32\...\MatroskaProp) (Version:  - )
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Application Virtualization Desktop Client (HKLM-x32\...\{1650E31F-23B8-40B5-A60A-C5934F557E3B}) (Version: 4.6.0.20200 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version:  - Microsoft)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 13.001.07.01.22 - Huawei Technologies Co.,Ltd)
MotioninJoy DS3 driver version 0.6.0004 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.6.0004 - www.motioninjoy.com)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MP3 M4R Converter v3.0 build 716 (HKLM-x32\...\{4279F631-E2C1-4201-BA3C-C806C1927866}_is1) (Version:  - Hoo Technologies)
MP3-Check (v1.0.35.0) (HKLM-x32\...\MP3-Check_is1) (Version: 1.0.35.0 - AudioMoves)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Multimedia Mouse Driver (HKLM-x32\...\InstallShield_{1863AFFE-90C1-406C-A60B-61F7BCF9D71C}) (Version: 3.0 - Ihr Firmenname)
Multimedia Mouse Driver (x32 Version: 3.0 - Ihr Firmenname) Hidden
MusicBee 2.4 (HKLM-x32\...\MusicBee) (Version: 2.4 - Steven Mayall)
Network Stumbler 0.4.0 (remove only) (HKLM-x32\...\Network Stumbler) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.7 - Notepad++ Team)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.81.0 - PS3 Media Server)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RarZilla Free Unrar (HKLM-x32\...\RarZilla Free Unrar) (Version: 5.10 - Philipp Winterberg)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5958 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
RetroShare (HKLM-x32\...\RetroShare) (Version:  - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.1500.0 - SAMSUNG Electronics Co., Ltd.)
ScummVM 1.2.1 (HKLM-x32\...\ScummVM_is1) (Version:  - )
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Simple Port Forwarding (HKLM-x32\...\Simple Port Forwarding) (Version: 3.5.0 - PcWinTech.com)
SoulSeek 157 NS 13e (HKLM-x32\...\Soulseek2) (Version:  - )
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.1700 - SRS Labs, Inc.)
Subtitle Edit v3.2.2 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.2.2 - Nikse)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
syncables desktop SE (HKLM-x32\...\{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}) (Version: 5.5.615.9518 - syncables)
TransMac version 11.1 (HKLM-x32\...\TransMac_is1) (Version: 11.1 - Acute Systems)
TVersity Codec Pack 1.7 (HKLM-x32\...\TVersity Codec Pack) (Version: 1.7 - TVersity Inc.)
TVersity Media Server 1.9.7 (HKLM-x32\...\TVersity Media Server) (Version: 1.9.7 - TVersity)
USB 2.0 UVC 0.3M WebCam (HKLM\...\USB 2.0 UVC 0.3M WebCam) (Version:  - )
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VJamm3 3.1.14.0 (HKLM-x32\...\VJamm 3_is1) (Version: 3.1.14.0 - Camart Ltd.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Wave Editor 3.2.0.8 (HKLM-x32\...\Wave Editor_is1) (Version: 3.2.0.8 - AbyssMedia.com)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Driver Package - Arduino LLC (www.arduino.cc) (usbser) Ports  (11/15/2007 5.1.2600.0) (HKLM\...\C6DAD6F60E5B4302F05C32F11473618CAE57F679) (Version: 11/15/2007 5.1.2600.0 - Arduino LLC (www.arduino.cc))
Windows Driver Package - FTDI CDM Driver Package (03/30/2010 2.06.02) (HKLM\...\240DFA8B9DBB2BEFF5AE826BA90E033A7C417BCB) (Version: 03/30/2010 2.06.02 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (03/30/2010 2.06.02) (HKLM\...\C133949232A5809A75DC9D5EEAAC7AFA8EE7064A) (Version: 03/30/2010 2.06.02 - FTDI)
Windows Driver Package - MakerBot Industries (usbser) Ports  (11/15/2007 5.1.2600.0) (HKLM\...\3054382FA4E9AC823A08FDF371158D3AEE161266) (Version: 11/15/2007 5.1.2600.0 - MakerBot Industries)
Windows Driver Package - MakerBot Industries (usbser) Ports  (11/15/2007 5.1.2600.0) (HKLM\...\A2CC78D4F6D86A9038A407CC68A23DABC2EC8A42) (Version: 11/15/2007 5.1.2600.0 - MakerBot Industries)
Windows Driver Package - MakerBot Industries (usbser) Ports  (11/15/2007 5.1.2600.0) (HKLM\...\D02BFA1D18A534511E58A5C30EF636268A9B227C) (Version: 11/15/2007 5.1.2600.0 - MakerBot Industries)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows-Treiberpaket - KEIL - Tools By ARM (WinUSB) USB  (08/29/2013 1.0.0.3) (HKLM\...\C96E78AFEDFD4529DF572369E6FD81679F49E548) (Version: 08/29/2013 1.0.0.3 - KEIL - Tools By ARM)
Windows-Treiberpaket - NVIDIA Display  (11/05/2009 6.14.11.8787) (HKLM\...\F13DBDE9ECDF9E5B733247B7CD7B13A77631CFEB) (Version: 11/05/2009 6.14.11.8787 - NVIDIA)
Windows-Treiberpaket - Segger (jlink) USB  (04/11/2012 2.6.8.2) (HKLM\...\419546AE8E4244C647A348987F769803F43B9C4F) (Version: 04/11/2012 2.6.8.2 - Segger)
Windows-Treiberpaket - SEGGER (JLinkCDC_x64) Ports  (08/28/2014 6.0.2601.5) (HKLM\...\ED80E3D3A350D18BFD3D3D8DAED8E2B19105763A) (Version: 08/28/2014 6.0.2601.5 - SEGGER)
Windows-Treiberpaket - SEGGER (usbser) Ports  (01/25/2012 6.0.2600.4) (HKLM\...\BD6BF8BBF7BE0D0091163F649A1A423B7EB9D4F1) (Version: 01/25/2012 6.0.2600.4 - SEGGER)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
WinSCP 5.5.6 (HKLM-x32\...\winscp3_is1) (Version: 5.5.6 - Martin Prikryl)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
YTD YouTube Downloader & Converter 3.7 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version:  - GreenTree Applications SRL)
ZoneAlarm Firewall (x32 Version: 11.0.000.504 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 11.0.000.504 - Check Point)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)
ZoneAlarm Security (x32 Version: 11.0.000.504 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (x32 Version: 1.8.11.11 - Check Point Software Technologies LTD) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-05-31 15:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0190B0C7-2FCA-4E91-9B73-D102A87B34F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {0EAB8871-7E1A-4533-9358-27B6B2ADA584} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2010-10-16] (Microsoft Corporation)
Task: {153FF763-2919-48B8-9CF2-D346C28B7009} - System32\Tasks\{CA1FA97D-B322-4FED-8E41-24076C42C9E2} => pcalua.exe -a C:\Users\mack\Downloads\vjammlatestblueprintfree\Setup.exe -d C:\Users\mack\Downloads\vjammlatestblueprintfree
Task: {263931EE-CE08-4AD1-8FB5-EBCC2F66097D} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {29323A22-613E-4844-AB38-A1D71317D8DE} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-05] ()
Task: {2F2FAC55-3A58-4AF1-A489-651AD1B20BF1} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-19] (ASUS)
Task: {40F562F5-3A88-414D-988B-85EB46E652F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {41549488-74DD-425F-A7F1-4A0213F20BF4} - System32\Tasks\{0ECC246A-78E8-4A07-AE39-87C784E7ADA9} => C:\Program Files (x86)\VJamm Blueprint Free Edition\VJamm_Blueprint.exe
Task: {5774E067-0F81-485E-91E4-E69B5C9D23B1} - System32\Tasks\{06D451D2-AFBF-4929-BAD0-E01B27682368} => pcalua.exe -a C:\Users\mack\Downloads\HijackThis.exe -d C:\Users\mack\Downloads
Task: {777A25F9-D618-4CA8-93C7-51E205CD230B} - System32\Tasks\{AA605E1C-0221-47B8-86ED-F66D07642371} => pcalua.exe -a C:\Users\mack\Downloads\HijackThis(1).exe -d C:\Users\mack\Downloads
Task: {81114E4D-9BB5-4AE8-9643-324C919B2EFF} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-01-13] (ATK)
Task: {819C6479-536A-4CF6-B5DF-0A50BF31D8D3} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {81B83E1C-4838-4DD1-B572-22C21A3580FC} - System32\Tasks\{65633E0E-4BCB-4D27-8A96-3EF7B9EF7AF9} => C:\Program Files (x86)\VJamm Blueprint Free Edition\VJamm_Blueprint.exe
Task: {8C791A2F-2390-4B11-B94E-79DC36812542} - System32\Tasks\{3EB19E80-8583-4DC7-A7DF-5FE9675ABFB8} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {A3D714AB-7D4C-4AB1-AB9F-E310C868EE81} - System32\Tasks\Digital Dynamic\Advanced Backup Manager\Autorun_User_mack => C:\Program Files (x86)\Digital Dynamic\Advanced Backup Manager\backupmanager64.exe [2015-04-29] (Digital Dynamic)
Task: {BBBF0D81-34FD-42A9-A2A7-BD3688D65E3C} - System32\Tasks\{23AD55E0-F58D-4319-8730-4434FBDFA9F6} => pcalua.exe -a "C:\Program Files (x86)\FreePDF_XP\setup.exe" -d "C:\Program Files (x86)\FreePDF_XP"
Task: {CC468511-5070-4464-93D9-16FC9F817254} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {D94BE5FA-69E8-4CD0-8A56-3AAE02666E36} - System32\Tasks\{A82D3219-B2E9-444E-A9CB-550BBA14E9C9} => pcalua.exe -a C:\Users\mack\Downloads\numark_omnicontrol_win32_2.8.40_beta\Numark_OMNICONTROL_WIN32_2.8.40_Beta\Setup.exe -d C:\Users\mack\Downloads\numark_omnicontrol_win32_2.8.40_beta\Numark_OMNICONTROL_WIN32_2.8.40_Beta
Task: {FB8FA078-AE29-411E-BC96-EF0BFB8C880B} - System32\Tasks\P4G Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {FCD92107-2680-44B9-BF32-89B085FFB265} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2010-03-16 03:48 - 2010-03-16 03:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-08-17 04:31 - 2010-08-17 04:31 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2010-08-17 04:31 - 2010-08-17 04:31 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2015-04-15 22:13 - 2015-04-15 22:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2010-08-17 04:46 - 2007-08-08 09:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2010-10-16 15:20 - 2005-03-12 02:07 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2010-08-17 04:46 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2010-01-05 02:43 - 2010-01-05 02:43 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2010-01-11 19:27 - 2010-01-11 19:27 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2009-12-19 04:11 - 2009-12-19 04:11 - 00033280 _____ () C:\Program Files\P4G\OvrClk.dll
2010-08-17 04:46 - 2007-03-10 03:58 - 00124416 _____ () C:\Program Files\ATKGFNEX\AGFNEX64.dll
2009-11-24 22:45 - 2009-11-24 22:45 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2015-04-29 17:38 - 2015-04-29 17:38 - 01404928 _____ () C:\Program Files (x86)\Digital Dynamic\Advanced Backup Manager\backupsvc5.exe
2007-12-27 15:39 - 2007-12-27 15:39 - 00166520 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe
2008-09-18 10:25 - 2008-09-18 10:25 - 00806912 _____ () C:\Program Files (x86)\Multimedia Mouse Driver\V5\MouseDrv.exe
2012-01-03 11:41 - 2009-04-07 14:53 - 00030440 _____ () C:\Program Files (x86)\dcmsvc\dcmsvc.exe
2007-12-27 15:39 - 2007-12-27 15:39 - 00051816 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
2010-12-27 13:49 - 2009-10-12 11:45 - 00312784 ____N () C:\Program Files (x86)\3DataManager\WTGService.exe
2014-07-21 23:50 - 2014-07-21 23:50 - 00063400 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2009-11-02 23:20 - 2009-11-02 23:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 23:23 - 2009-11-02 23:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2006-05-03 04:49 - 2006-05-03 04:49 - 00028672 _____ () C:\Program Files (x86)\Multimedia Mouse Driver\V5\MouseHook.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:2F370DA6
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\Users\mack\Documents\Carsharing_Nutzungsantrag_Kammerer_Markus.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\Carsharing_Nutzungsantrag_Kammerer_Markus.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\mack\Documents\Carsharing_Nutzungsantrag_Kammerer_Markus.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\Carsharing_Nutzungsantrag_Kammerer_Markus.jpeg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\mack\Documents\e_card.jpg.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\e_card.jpg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\mack\Documents\Führerschein_Rückseite_Kammerer_Markus.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\Führerschein_Rückseite_Kammerer_Markus.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\mack\Documents\Führerschein_Vorderseite_Kammerer_Markus.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\Führerschein_Vorderseite_Kammerer_Markus.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\mack\Documents\meldebestätigung.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\meldebestätigung.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\mack\Documents\Meldezettel_2013.jpg.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\Meldezettel_2013.jpg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\mack\Documents\Selbsterhalterstipendium_Kammerer_1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\Selbsterhalterstipendium_Kammerer_1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\mack\Documents\Selbsterhalterstipendium_Kammerer_2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\Selbsterhalterstipendium_Kammerer_2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\mack\Documents\sv_fuehrerschein.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\sv_fuehrerschein.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\mack\Documents\Wiener_Linien_Jahreskarte_Kammerer_Markus.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\mack\Documents\Wiener_Linien_Jahreskarte_Kammerer_Markus.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\mack\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUS WebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: FreePDF Assistant => C:\Program Files (x86)\FreePDF_XP\fpassist.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DD7F081A-3B9F-45F9-AF36-70884EB85B96}] => (Allow) LPort=5353
FirewallRules: [{B9157D46-EEC7-44E7-97F5-0617706E4C78}] => (Allow) LPort=8182
FirewallRules: [{B3B9AFCF-2F21-4188-915E-9A2618A7F95E}] => (Allow) svchost.exe
FirewallRules: [{8CB53273-4A38-487E-A438-C45A98C2DADF}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{1DA196BC-F45C-40CA-A1BD-C126373F3EB8}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{E748A37C-71D5-4ED5-AF11-4BF9502A8A8F}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe
FirewallRules: [{3716E004-7719-430E-896C-B16BC0C084AB}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe
FirewallRules: [{2725F553-8B27-4B92-A18D-C6B7429C3D18}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe
FirewallRules: [{2B504C94-2E04-4563-993B-5BBA88200814}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe
FirewallRules: [{9C2AF731-4764-4F08-A4AC-D6EB2046AFB1}] => (Allow) LPort=49875
FirewallRules: [{4F967EB3-7178-4F3C-8DA5-A0A62392DCB0}] => (Allow) LPort=5000
FirewallRules: [TCP Query User{A882B0D5-F1B8-4A51-8E95-19B0CBB8A81E}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe] => (Block) C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
FirewallRules: [UDP Query User{7F8815B7-F4A0-40E7-8AA1-32ECCE20104A}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe] => (Block) C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
FirewallRules: [TCP Query User{938755C4-F1A9-41DD-84FC-E3958692A0BA}C:\users\mack\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\mack\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{861A7D2C-42B3-450A-B44B-A3DE7B7F790B}C:\users\mack\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\mack\appdata\local\akamai\netsession_win.exe
FirewallRules: [{66A6BE8F-6D38-4C43-B3A3-95445B0F7FA2}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{496805D5-EB0F-4A04-B477-2F49C9FCDEA0}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{5E67D90A-55B4-4A94-8448-6C5D29A78934}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{2EE3BCE4-448C-4F0F-9D69-B6C79B8422D1}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{F6D0F0CD-C5D4-4F8A-B4CF-FD1FCD126A3B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{21E29F8D-0AE4-46EE-B128-1BACDC6C1BDA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{980FCDA5-35CC-452C-AED0-54A35E16F45A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F7552B16-2FA4-468B-B86D-4F6F78D18416}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5F735562-B91E-4371-AFB3-12A8CEB9CC47}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A8F42600-53AF-4EAD-8366-30259A60CB10}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{1582EB63-A9EE-4E08-AF98-050AAA37807E}] => (Allow) C:\ProgramData\TVersity\Media Server\MediaServer.exe
FirewallRules: [{2E097EFB-8571-4E95-948B-7BDBB5403CE3}] => (Allow) C:\Users\mack\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0559C367-176C-4770-AD1F-35AC304D51B1}] => (Allow) C:\Users\mack\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{D4BF4FB9-2E2E-4279-B979-F18030A7C499}C:\users\mack\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\mack\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{28597034-D3B7-41A8-98AD-B8FEDE083EBE}C:\users\mack\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\mack\appdata\local\akamai\netsession_win.exe
FirewallRules: [{23E65939-64A5-4841-8E6C-DFCD431FEC8D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{72309AE0-D82D-4FF4-90CE-C877BBF9596F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DBD79CC5-D660-4FF5-ABE2-8CFF85596DF3}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_jtag_over_usb_chip\das_server_jtag_over_usb_chip.exe
FirewallRules: [{75431006-3A67-454B-BD09-463AAD27FE10}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_jtag_over_usb_chip\das_server_jtag_over_usb_chip.exe
FirewallRules: [{C7345A57-5846-41C2-99CD-6216CBFE055D}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_tantino\das_server_tantino.exe
FirewallRules: [{280C88C8-4769-429C-97CB-60F1ABDE40CD}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_tantino\das_server_tantino.exe
FirewallRules: [{8235C2C2-AF64-41F2-838E-54C5E28080D2}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_usb11_jtag_over_usb_box\das_server_usb11_jtag_over_usb_box.exe
FirewallRules: [{3C979EF7-0AD1-41E0-8B1D-F836669B77F7}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_usb11_jtag_over_usb_box\das_server_usb11_jtag_over_usb_box.exe
FirewallRules: [{51A71173-6B90-4AED-9FE9-DF7389AC3E22}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_usb11_jtag_over_usb_sscmbox\das_server_usb11_jtag_over_usb_sscmbox.exe
FirewallRules: [{006D294A-86EB-4483-9D90-0F0643E31126}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_usb11_jtag_over_usb_sscmbox\das_server_usb11_jtag_over_usb_sscmbox.exe
FirewallRules: [{581A745E-B47C-45C5-81FE-1472CCB97557}] => (Allow) C:\Program Files (x86)\DAS\servers\UDAS\UDAS.exe
FirewallRules: [{5C1DD7DC-79F1-4042-AAAE-69A661058D16}] => (Allow) C:\Program Files (x86)\DAS\servers\UDAS\UDAS.exe
FirewallRules: [{FCC5D26C-7166-4782-9204-04471D41365C}] => (Allow) C:\Program Files (x86)\DAS\dashpas\das_dashpas.exe
FirewallRules: [{5B723CB8-3879-4C0B-B9C2-E3C5849CD172}] => (Allow) C:\Program Files (x86)\DAS\dashpas\das_dashpas.exe
FirewallRules: [{D0BADDEF-39FF-423E-B13E-853AFF3D391F}] => (Allow) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
FirewallRules: [{B16A3DD0-4F1E-4588-9B05-7D407D346E39}] => (Allow) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
FirewallRules: [{C9CB2B2D-6C71-4534-ABD4-213EE02FD5EE}] => (Allow) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
FirewallRules: [{FF7599B1-53EA-43E9-A829-9454BF8A1FFF}] => (Allow) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
FirewallRules: [{AF9A32A5-E1C2-4588-A35A-7F6EFD2DED99}] => (Allow) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
FirewallRules: [{E5908A6F-675C-406E-BB11-5DFACF8E9D49}] => (Allow) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
FirewallRules: [{2D75A763-9033-480C-B6B5-7BFCF7D56018}] => (Allow) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
FirewallRules: [{C9DEA4FC-3471-4AC4-BA8B-9703E4A8B1A5}] => (Allow) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
FirewallRules: [{FD0E43A8-5D78-4B53-AD06-AA69EF8889CC}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_jtag_over_usb_chip\das_server_jtag_over_usb_chip.exe
FirewallRules: [{C2ED0F10-4259-4FAF-B1E4-F7C52F1BDD58}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_jtag_over_usb_chip\das_server_jtag_over_usb_chip.exe
FirewallRules: [{B109F85A-79C6-45A1-BBEB-F31D16FE7C44}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_tantino\das_server_tantino.exe
FirewallRules: [{936AB318-E7BE-440A-B947-DA3B9E0CCC5C}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_tantino\das_server_tantino.exe
FirewallRules: [{FADB770D-38F2-4A15-B6D6-687DCE4378E2}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_usb11_jtag_over_usb_box\das_server_usb11_jtag_over_usb_box.exe
FirewallRules: [{5BCDC60D-5E03-4772-96E3-7BB1D72FCEBA}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_usb11_jtag_over_usb_box\das_server_usb11_jtag_over_usb_box.exe
FirewallRules: [{179DBB96-7370-4321-99E3-48C07C20EB79}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_usb11_jtag_over_usb_sscmbox\das_server_usb11_jtag_over_usb_sscmbox.exe
FirewallRules: [{7118A0B5-D6D1-41EB-9414-F1D7AB03ED53}] => (Allow) C:\Program Files (x86)\DAS\servers\das_server_usb11_jtag_over_usb_sscmbox\das_server_usb11_jtag_over_usb_sscmbox.exe
FirewallRules: [{52EC9C8E-B515-448E-9413-2889B28A54D8}] => (Allow) C:\Program Files (x86)\DAS\servers\UDAS\UDAS.exe
FirewallRules: [{7203D3B1-17B0-4280-BBBD-B917DD62160E}] => (Allow) C:\Program Files (x86)\DAS\servers\UDAS\UDAS.exe
FirewallRules: [{C01C06AB-7548-44E0-8299-CF1312456F4C}] => (Allow) C:\Program Files (x86)\DAS\dashpas\das_dashpas.exe
FirewallRules: [{9FB8CD79-4729-4EB6-8BF4-27D75A25D614}] => (Allow) C:\Program Files (x86)\DAS\dashpas\das_dashpas.exe
FirewallRules: [{B91A5886-C3D9-4BD6-B84E-65B77C8A80A9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe] => Enabled:Orbit
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Orbitdownloader\orbitnet.exe] => Enabled:Orbit

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/31/2015 01:42:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backupmanager64.exe, Version 4.4.15108.883 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 994

Startzeit: 01d09b94ff877453

Endzeit: 219

Anwendungspfad: C:\Program Files (x86)\Digital Dynamic\Advanced Backup Manager\backupmanager64.exe

Berichts-ID: 23158b77-0789-11e5-bc45-001fcf408320

Error: (05/31/2015 07:06:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15710

Error: (05/31/2015 07:06:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15710

Error: (05/31/2015 07:06:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/30/2015 11:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2009370

Error: (05/30/2015 11:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2009370

Error: (05/30/2015 11:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/29/2015 07:38:19 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.17929 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 4632. Meldungs-ID: [0x2509].

Error: (05/29/2015 07:37:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 34554924

Error: (05/29/2015 07:37:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 34554924


System errors:
=============
Error: (05/31/2015 05:29:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "DirMngr" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/31/2015 05:28:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LibUsb-Win32 - Daemon, Version 0.1.10.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/31/2015 05:28:25 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst vpnagent erreicht.

Error: (05/31/2015 05:28:02 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000003b (0x00000000c0000046, 0xfffff800038f27fc, 0xfffff8800b0f0020, 0x0000000000000000)C:\Windows\MEMORY.DMP053115-60341-01

Error: (05/31/2015 05:27:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎31.‎05.‎2015 um 17:26:25 unerwartet heruntergefahren.

Error: (05/31/2015 05:23:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "DirMngr" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/31/2015 05:21:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LibUsb-Win32 - Daemon, Version 0.1.10.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/31/2015 05:21:26 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000003b (0x00000000c0000046, 0xfffff800039007fc, 0xfffff88009195090, 0x0000000000000000)C:\Windows\MEMORY.DMP053115-66518-01

Error: (05/31/2015 05:20:33 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎31.‎05.‎2015 um 17:18:46 unerwartet heruntergefahren.

Error: (05/31/2015 03:39:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "DirMngr" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================
Error: (05/31/2015 01:42:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backupmanager64.exe4.4.15108.88399401d09b94ff877453219C:\Program Files (x86)\Digital Dynamic\Advanced Backup Manager\backupmanager64.exe23158b77-0789-11e5-bc45-001fcf408320

Error: (05/31/2015 07:06:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15710

Error: (05/31/2015 07:06:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15710

Error: (05/31/2015 07:06:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/30/2015 11:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2009370

Error: (05/30/2015 11:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2009370

Error: (05/30/2015 11:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/29/2015 07:38:19 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.17929 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 4632. Meldungs-ID: [0x2509].

Error: (05/29/2015 07:37:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 34554924

Error: (05/29/2015 07:37:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 34554924


CodeIntegrity Errors:
===================================
  Date: 2015-05-31 17:51:23.691
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-31 16:33:40.757
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-31 15:58:12.584
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-31 14:58:36.095
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-31 14:58:35.752
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-31 10:48:35.429
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-31 07:07:44.999
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-30 22:28:28.300
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-30 20:37:28.454
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-30 20:17:55.425
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Genuine Intel(R) CPU U7300 @ 1.30GHz
Percentage of memory in use: 49%
Total physical RAM: 4061.02 MB
Available physical RAM: 2063.11 MB
Total Pagefile: 8120.23 MB
Available Pagefile: 5764.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:3.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:204.03 GB) (Free:61.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=204 GB) - (Type=OF Extended)

==================== End of log ============================

Machiavelli 31.05.2015 17:35
Hallo,

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3116657491-1295945133-2050658187-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3116657491-1295945133-2050658187-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3116657491-1295945133-2050658187-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-3116657491-1295945133-2050658187-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO-x32: No Name -> {000123B4-9B42-4900-B3F7-F4B073EFC214} ->  No File
BHO-x32: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} ->  No File
Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-3116657491-1295945133-2050658187-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
C:\Users\mack\AppData\Local\Temp\avgnt.exe
C:\Users\mack\AppData\Local\Temp\Quarantine.exe
C:\Users\mack\AppData\Local\Temp\sqlite3.dll
AlternateDataStreams: C:\ProgramData\Temp:2F370DA6
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Next,
Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.



smacko 31.05.2015 17:41
Code:
Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by mack at 2015-05-31 18:37:56 Run:1
Running from C:\Users\mack\Downloads
Loaded Profiles: mack (Available Profiles: mack)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3116657491-1295945133-2050658187-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3116657491-1295945133-2050658187-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3116657491-1295945133-2050658187-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-3116657491-1295945133-2050658187-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO-x32: No Name -> {000123B4-9B42-4900-B3F7-F4B073EFC214} ->  No File
BHO-x32: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} ->  No File
Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-3116657491-1295945133-2050658187-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
C:\Users\mack\AppData\Local\Temp\avgnt.exe
C:\Users\mack\AppData\Local\Temp\Quarantine.exe
C:\Users\mack\AppData\Local\Temp\sqlite3.dll
AlternateDataStreams: C:\ProgramData\Temp:2F370DA6
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
       
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value Removed successfully
"HKLM\SOFTWARE\Policies\Google" => key Removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully
"HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
"HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key Removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => key Removed successfully
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key not found.
"HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key Removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}" => key Removed successfully
HKCR\Wow6432Node\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}" => key Removed successfully
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value Removed successfully
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found.
HKU\S-1-5-21-3116657491-1295945133-2050658187-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value Removed successfully
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key Removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key Removed successfully
C:\Users\mack\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\mack\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\mack\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\ProgramData\Temp => ":2F370DA6" ADS Removed successfully.
C:\ProgramData\Temp => ":4CF61E54" ADS Removed successfully.
C:\ProgramData\Temp => ":AB689DEA" ADS Removed successfully.

==== End of Fixlog 18:37:59 ====
Code:
Farbar Service Scanner Version: 17-01-2015
Ran by mack (administrator) on 31-05-2015 at 18:41:03
Running from "C:\Users\mack\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

Machiavelli 31.05.2015 17:42
Gehts jetzt (JRT, AdwCleaner)?

smacko 31.05.2015 18:07
Leider nein.
Vom Adware Cleaner krieg ich aber noch ein Logfile. Kannst du mit dem was anfangen?


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:35 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131