Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Sicherheitsupdate für W7 wiederholt sich.. (https://www.trojaner-board.de/164803-sicherheitsupdate-w7-wiederholt.html)

Zenon49 07.03.2015 04:06
Sicherheitsupdate für W7 wiederholt sich..
 
Ich weiß leider nichtmal genau ob man das als Schädling einstufen kann.

Ich habe seit Mai 2014 ein bestimmtes Sicherheitsupdate von Windows 7 (64bit), das sich ständig neu installieren will. Es wird im Windows Update Verlauf wie folgt gelistet und ist an manchen Tagen etwa 5x vertreten:
Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2871997)

Naja das Problem ist, egal wie oft ich's installiere (es wird mir auch gemeldet, dass es korrekt installiert wurde), nach 5 Minuten kommt dann aber die Meldung(es muss nichtmal ein Neustart erfolgt sein): Neue Updates sind verfügbar - 1 wichtiges Update ist verfügbar!
Und ebendieses Update ist immer das gleiche ->(KB2871997)

Screenshot:
abload.de/img/kb2871997_543573803ryi.jpg

Ich hab' vor einiger Zeit einen Windows Update Fix probiert, aber das war ohne Erfolg und so blieb das Problem bestehen. Hat jemand vielleicht Rat oder kennt diese Problematik?

schrauber 07.03.2015 10:15
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Zenon49 07.03.2015 13:31
FRST.txt


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by ***** (administrator) on ACER-A-5750G on 07-03-2015 13:00:54
Running from C:\mediaTOOLS\FSRT64 - Analysetool
Loaded Profiles: ***** & postgres (Available profiles: ***** & postgres)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
() C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(PcWinTech.com) C:\Program Files (x86)\CleanMem\Mini_Monitor.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Qihu Software Co. Limited) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
() C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(IDRIX) C:\Program Files\VeraCrypt\VeraCrypt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(GameplayCrush) C:\mediaTOOLS\WindowedBorderlessGaming_2.1.0.0\WindowedBorderlessGaming.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Valve Corporation) C:\STEAM\Steam.exe
(Valve Corporation) C:\STEAM\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\STEAM\bin\steamwebhelper.exe
(MPC-HC Team) C:\Program Files (x86)\MPC-HC\mpc-hc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11786344 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-03-21] (Realtek Semiconductor)
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [4017368 2012-10-29] (Stardock Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-08-01] (NVIDIA Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [1208944 2015-02-12] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\Run: [TrueCrypt] => C:\TrueCrypt\TrueCrypt.exe [1516496 2012-07-08] (TrueCrypt Foundation)
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\Run: [] => [X]
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\RunOnce: [Adobe Speed Launcher] => 1425622892
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {02eeeef4-2cfb-11e1-ba90-001e101f3315} - J:\AutoRun.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {0475378d-32aa-11e2-8192-ccaf782b6b87} - F:\AutoRun.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {275d2127-8503-11e4-bf0b-001e101fb681} - J:\AutoRun.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {70b29a9b-66a5-11e3-a510-95cbebbf525b} - E:\AutoRun.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {72346b6d-066f-11e1-bd5a-ccaf782b6b87} - G:\AutoRun.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {93b6411b-d8e9-11e1-a64f-a80ba72e425a} - G:\Startup.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {adcea6d9-382f-11e2-bf41-ccaf782b6b87} - G:\AutoRun.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {b5f2c873-01a7-11e3-85cc-b870f4b50047} - E:\LGAutoRun.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {c118cd0b-05ab-11e1-9044-ccaf782b6b87} - J:\AutoRun.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {c118cd17-05ab-11e1-9044-ccaf782b6b87} - A:\AutoRun.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {c80d1c00-2a1c-11e3-9dec-b870f4b50047} - H:\AutoRun.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {ca276179-6d38-11e1-b750-b870f4b50047} - E:\Startme.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {e8848cab-6ef1-11e1-8bb0-001e101f8aaa} - F:\AutoRun.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {eb496a0c-f8de-11e0-9bb8-ccaf782b6b87} - E:\AutoRun.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {eb496a1a-f8de-11e0-9bb8-ccaf782b6b87} - F:\AutoRun.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {eec7add2-fa75-11e0-b411-ccaf782b6b87} - E:\AutoRun.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1687097068-401554184-1692899982-1054\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default
HKU\S-1-5-21-1687097068-401554184-1692899982-1054\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\Run: [Copy] => C:\Users\*****\AppData\Roaming\Copy\CopyAgent.exe [15435920 2015-02-07] (Barracuda Networks, Inc.)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166616 2014-08-01] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146528 2014-08-01] (NVIDIA Corporation)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnk
ShortcutTarget: Fences.lnk -> C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.lnk
ShortcutTarget: TimeLeft.lnk -> C:\Program Files (x86)\TimeLeft3\TimeLeft.exe (NesterSoft Inc.)
Startup: C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
ShellIconOverlayIdentifiers: [ 0Cloudfogger] -> {15EDBCBF-7231-4290-946E-5BB12C6AF342} =>  No File
ShellIconOverlayIdentifiers: [ 1Cloudfogger] -> {14A3EC74-D852-416A-9691-AC3096EE1953} =>  No File
ShellIconOverlayIdentifiers: [ 2Cloudfogger] -> {E9C2814C-12B8-4D74-9551-16DDEBFC8AE4} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ 0Cloudfogger] -> {15EDBCBF-7231-4290-946E-5BB12C6AF342} =>  No File
ShellIconOverlayIdentifiers-x32: [ 1Cloudfogger] -> {14A3EC74-D852-416A-9691-AC3096EE1953} =>  No File
ShellIconOverlayIdentifiers-x32: [ 2Cloudfogger] -> {E9C2814C-12B8-4D74-9551-16DDEBFC8AE4} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1687097068-401554184-1692899982-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://acer.de.msn.com/
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1687097068-401554184-1692899982-1054 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - No Name - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} -  No File
Toolbar: HKU\S-1-5-21-1687097068-401554184-1692899982-1001 -> No Name - {7E111A5C-3D11-4F56-9463-5310C3C69025} -  No File
DPF: HKLM-x32 {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{05DE8C78-3AC9-4B2C-9D85-13F5F33A6FFC}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{26141D4E-6B47-47A4-BE21-0F9864CC4ED8}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{28490DBF-A1C0-4920-AF28-50ECAEC29186}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{3B5A7CEE-5BDD-41C2-8099-5B5B5E9F3473}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{60AA6E3A-F8B7-4493-B253-ED25FEC3BE48}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{6D6AD976-9958-4895-B655-7562A517A433}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{7236F28B-4F21-47D1-BDB6-6FEF4857AD9A}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{ACFBF600-384E-4311-B0B7-79BC6ED5A56E}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{BB5550E0-672D-4085-89B5-6D45CA7386B3}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{BE6BFEF7-058C-4742-A3B9-624C3714AA79}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{D893661C-D7C1-49DF-AAC3-BCEA438691C7}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{E6B34D56-B1B1-4ACF-9922-063A5EBB478F}: [NameServer] 193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Firebug - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\firebug@software.joehewitt.com.xpi [2014-12-07]
FF Extension: Ghostery - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\firefox@ghostery.com.xpi [2015-02-04]
FF Extension: Mailvelope - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\jid1-AQqSMBYb0a8ADg@jetpack.xpi [2015-02-26]
FF Extension: NoScript - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-12-07]
FF Extension: QuickImage - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\{B9FBA24F-5573-4889-80AC-80809FB9C425}.xpi [2014-12-11]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-07]
FF Extension: Greasemonkey - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-12-12]
FF Extension: QuickJava - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-12-11]
FF Extension: UnMHT - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi [2014-12-16]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011-10-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox
FF Extension: 360网页保护 - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2014-11-23]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - "C:\Program Files (x86)\FVD Suite\addons\chrome\fvdext.crx" [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2015-01-01] (EasyAntiCheat Ltd)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244448 2014-10-28] (Foxit Software Inc.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]
S4 Giraffic; C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2245232 2013-05-13] (Giraffic)
S4 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
S4 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [218624 2011-10-17] () [File not signed]
S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
S4 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2932224 2011-07-09] (PACE Anti-Piracy, Inc.) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-09-07] ()
R2 postgresql-x64-9.0; C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe [111104 2011-04-15] (PostgreSQL Global Development Group) [File not signed]
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [813680 2015-02-12] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14407384 2014-06-12] ()
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 CLKMSVC10_9EC60124; "C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe" /svc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [100424 2014-11-20] (360.cn)
S3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77896 2015-02-12] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305736 2015-02-12] (360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2014-11-20] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [314448 2015-02-12] (Qihu 360 Software Co., Ltd.)
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 AndNetDiag2; C:\Windows\System32\DRIVERS\lgandnetdiag264.sys [29696 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93696 2013-04-23] (LG Electronics Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
S1 Aspi32; No ImagePath
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-26] ()
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [180816 2015-02-12] (Qihu 360 Software Co., Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-09-25] (Disc Soft Ltd)
R3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2011-10-17] (Huawei Technologies Co., Ltd.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-28] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-07-03] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-07-03] (RapidSolution Software AG)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)
S3 Secdrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [11616 2001-08-25] () [File not signed]
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [142120 2007-04-27] (SafeNet, Inc.)
S3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [31248 2006-11-16] (SIA Syncrosoft)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-01-10] (Anchorfree Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]
R0 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [192344 2015-01-08] (IDRIX)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
U2 TwoToXDfrgSrvc; No ImagePath
S3 wanatw; system32\DRIVERS\wanatw64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 05:44 - 2015-03-07 13:00 - 00000000 ____D () C:\FRST
2015-03-06 07:01 - 2015-03-06 07:02 - 02126848 _____ () C:\Users\*****\Downloads\AdwCleaner_4.111.exe
2015-03-06 06:37 - 2015-03-06 06:37 - 01388333 _____ (Thisisu) C:\Users\*****\Downloads\JRT(1).exe
2015-03-06 05:17 - 2015-03-06 05:18 - 07019963 _____ () C:\Users\*****\Downloads\Forsaken 64 (E).zip
2015-03-06 04:00 - 2015-03-06 04:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 64 2.0
2015-03-06 04:00 - 2015-03-06 04:00 - 00000000 ____D () C:\Program Files (x86)\Project64 2.1
2015-03-06 03:59 - 2015-03-06 04:00 - 04489075 _____ ( ) C:\Users\*****\Downloads\setup Project64 2.1.exe
2015-03-05 23:42 - 2015-03-05 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2015-03-05 18:15 - 2015-03-05 18:15 - 00000000 ____D () C:\Users\*****\AppData\Local\Ndemic Creations
2015-03-04 20:29 - 2015-03-04 20:29 - 00000000 ____D () C:\Users\*****\Documents\SEGA
2015-03-02 00:23 - 2015-03-06 07:15 - 00000021 _____ () C:\Windows\S.dirmngr
2015-03-01 19:27 - 2015-03-01 19:27 - 00000000 ____D () C:\Users\*****\AppData\Local\CAPCOM
2015-03-01 18:13 - 2015-03-01 18:13 - 00012295 _____ () C:\Users\*****\Documents\bafoeg_kram_etc24732897.odt
2015-02-27 21:27 - 2015-02-27 21:44 - 00000000 ____D () C:\Program Files (x86)\inCloak VPN
2015-02-27 21:27 - 2015-02-27 21:27 - 00002711 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\inCloak VPN.lnk
2015-02-27 21:27 - 2015-02-27 21:27 - 00002705 _____ () C:\Users\Public\Desktop\inCloak VPN.lnk
2015-02-27 21:24 - 2015-02-27 21:24 - 05593268 _____ (Your Company Name ) C:\Users\*****\Downloads\incloak_vpn_1.03.exe
2015-02-26 12:10 - 2015-02-26 12:10 - 00001384 _____ () C:\Users\*****\Documents\Cryptophane.txt
2015-02-26 11:57 - 2015-02-26 12:10 - 00000000 ____D () C:\Program Files (x86)\Cryptophane
2015-02-26 11:57 - 2015-02-26 11:57 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cryptophane
2015-02-26 11:57 - 2015-02-26 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cryptophane
2015-02-24 19:14 - 2015-02-24 19:47 - 00014888 _____ () C:\Users\*****\Downloads\movies.odb
2015-02-24 15:43 - 2015-02-24 15:43 - 00034789 _____ () C:\Users\*****\Downloads\Rechnung 70915.0-15  Ihre Bestellung ONL3893 vom 24.02.2015.zip
2015-02-23 15:42 - 2015-03-06 07:14 - 00007400 _____ () C:\Windows\PFRO.log
2015-02-22 16:29 - 2015-02-22 16:29 - 00001113 _____ () C:\Users\Public\Desktop\360 Total Security.lnk
2015-02-22 16:29 - 2015-02-22 16:29 - 00000000 ____D () C:\ProgramData\360TotalSecurity
2015-02-22 01:23 - 2015-02-22 01:23 - 00000000 ____D () C:\Users\*****\AppData\Local\Steam
2015-02-17 18:41 - 2015-02-17 18:41 - 00000000 ____D () C:\Users\*****\AppData\Roaming\XLMSoft
2015-02-17 18:32 - 2015-02-17 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BOOKcook Bücherverwaltung
2015-02-17 18:32 - 2015-02-17 18:32 - 00000000 ____D () C:\Program Files (x86)\XLM Software
2015-02-17 18:28 - 2015-02-17 18:28 - 00967704 _____ (XLM Software Axel Meierhöfer ) C:\Users\*****\Downloads\BOOKcookSetup_v1.43.1(FEB_2015).exe
2015-02-15 15:30 - 2015-02-15 15:30 - 00001958 _____ () C:\Users\*****\Desktop\Kindle.lnk
2015-02-15 15:30 - 2015-02-15 15:30 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-02-15 15:26 - 2015-02-15 15:29 - 40790520 _____ (Amazon.com) C:\Users\*****\Downloads\KindleForPC-installer(1).exe
2015-02-13 21:37 - 2015-02-13 21:37 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Foxit Software
2015-02-13 21:36 - 2015-02-13 21:36 - 00000000 ____D () C:\Users\Public\Foxit Software
2015-02-13 21:36 - 2015-02-13 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-02-13 21:35 - 2015-02-13 21:35 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2015-02-13 21:27 - 2015-02-13 21:29 - 53078632 _____ (Foxit Software Inc. ) C:\Users\*****\Downloads\FoxitReader708.1216_prom_L10N_Setup.exe
2015-02-13 21:09 - 2015-02-13 21:10 - 04307793 _____ () C:\Users\*****\Downloads\ICE Book Reader 9.4.0 Portable.7z
2015-02-10 21:45 - 2015-02-10 21:46 - 02201614 _____ (Raid-Rush ) C:\Users\*****\Downloads\xupper-setup.exe
2015-02-10 14:21 - 2015-02-10 14:21 - 01976342 _____ () C:\Users\*****\Downloads\LIT.ME.DN.4952581.RAR
2015-02-10 09:42 - 2015-02-10 09:43 - 00000000 ____D () C:\Users\*****\Desktop\Tor Browser
2015-02-10 09:33 - 2015-02-10 09:38 - 34662667 _____ () C:\Users\*****\Downloads\torbrowser-install-4.0.3_de.exe
2015-02-07 15:44 - 2015-03-06 07:16 - 00002308 _____ () C:\Windows\setupact.log
2015-02-07 15:44 - 2015-02-07 15:49 - 04934448 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-07 15:44 - 2015-02-07 15:44 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-06 07:24 - 2015-02-06 07:24 - 00000955 _____ () C:\Users\*****\Desktop\MakeMKV.lnk
2015-02-06 07:24 - 2015-02-06 07:24 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV
2015-02-06 07:24 - 2015-02-06 07:24 - 00000000 ____D () C:\Program Files (x86)\MakeMKV
2015-02-06 07:23 - 2015-02-06 07:24 - 06449418 _____ (GuinpinSoft inc) C:\Users\*****\Downloads\Setup_MakeMKV_v1.9.1.exe
2015-02-05 11:00 - 2015-02-05 11:00 - 00996044 _____ () C:\Users\*****\Downloads\Meteorite-v0.11-Win32.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 13:00 - 2014-12-17 07:47 - 00000000 ____D () C:\mediaTOOLS
2015-03-07 10:50 - 2011-08-21 02:10 - 01195268 _____ () C:\Windows\WindowsUpdate.log
2015-03-07 06:04 - 2013-09-03 21:25 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc
2015-03-07 05:14 - 2011-10-16 16:57 - 00000000 ____D () C:\STEAM
2015-03-07 02:38 - 2011-11-21 21:37 - 00000000 ____D () C:\Users\*****\AppData\Roaming\foobar2000
2015-03-07 00:16 - 2014-10-27 11:04 - 00000000 ____D () C:\Users\*****\AppData\Local\JDownloader 2.0
2015-03-06 20:37 - 2013-12-19 16:35 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Copy
2015-03-06 07:27 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-06 07:27 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-06 07:18 - 2013-12-21 21:29 - 00000000 ____D () C:\ProgramData\VMware
2015-03-06 07:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-06 07:14 - 2014-12-07 12:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-06 07:06 - 2014-10-29 17:07 - 00000000 ____D () C:\AdwCleaner
2015-03-06 06:35 - 2015-01-27 14:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-06 06:34 - 2014-12-07 12:00 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-06 06:34 - 2014-12-07 12:00 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-06 06:34 - 2014-05-20 02:12 - 00001087 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-03-06 06:34 - 2011-10-15 13:39 - 00001425 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-05 23:42 - 2013-10-02 04:34 - 00000576 _____ () C:\Users\Public\Desktop\Fraps.lnk
2015-03-05 20:33 - 2013-10-10 21:03 - 00000000 ___HD () C:\ProgramData\vid
2015-03-05 20:33 - 2013-10-10 21:03 - 00000000 ___HD () C:\ProgramData\tks
2015-03-05 11:59 - 2011-08-21 12:02 - 00704750 _____ () C:\Windows\system32\perfh007.dat
2015-03-05 11:59 - 2011-08-21 12:02 - 00151886 _____ () C:\Windows\system32\perfc007.dat
2015-03-05 11:59 - 2009-07-14 06:13 - 01630642 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-05 11:34 - 2013-10-02 05:44 - 00000000 ____D () C:\Users\*****\AppData\Local\Thunderbird
2015-03-03 06:13 - 2013-10-02 05:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-03-02 13:42 - 2012-01-27 20:44 - 00000000 ____D () C:\Users\*****\AppData\Roaming\TS3Client
2015-03-02 00:37 - 2013-11-02 11:18 - 00000000 ____D () C:\Users\*****\AppData\Roaming\gnupg
2015-03-02 00:24 - 2013-09-26 18:46 - 00000000 ____D () C:\Users\postgres
2015-03-01 18:13 - 2014-10-20 07:26 - 00000000 ____D () C:\Users\*****\AppData\Roaming\KeePass
2015-03-01 18:13 - 2013-12-17 13:32 - 00000000 ___RD () C:\Dropbox
2015-02-28 04:06 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-27 23:46 - 2014-11-23 14:12 - 00000000 __SHD () C:\ProgramData\360Quarant
2015-02-27 23:46 - 2014-11-23 14:12 - 00000000 __SHD () C:\$360Section
2015-02-27 23:46 - 2014-11-23 13:35 - 00000000 ____D () C:\ProgramData\360safe
2015-02-27 23:45 - 2012-08-01 17:38 - 00000000 ____D () C:\Users\*****\Downloads\ReFX.Vanguard.VSTi.RTAS.v1.8.0-AiR
2015-02-24 18:09 - 2011-10-19 18:56 - 00000000 ____D () C:\Users\*****\AppData\Roaming\IrfanView
2015-02-24 17:58 - 2013-10-02 04:55 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2015-02-24 15:22 - 2013-10-07 16:40 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Notepad++
2015-02-24 15:22 - 2013-10-07 16:40 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2015-02-23 17:10 - 2014-11-23 13:49 - 00000000 ____D () C:\Users\*****\AppData\Roaming\360safe
2015-02-23 17:09 - 2013-11-05 02:09 - 00000000 ____D () C:\Users\*****\Documents\My Kindle Content
2015-02-23 16:06 - 2011-12-09 00:27 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Dropbox
2015-02-23 16:05 - 2012-05-03 11:51 - 00001028 _____ () C:\Users\*****\Desktop\Dropbox.lnk
2015-02-23 16:05 - 2012-05-03 11:49 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-22 16:33 - 2012-07-09 06:11 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-02-18 04:27 - 2011-11-08 21:35 - 00000000 ____D () C:\Users\*****\AppData\Roaming\SoftGrid Client
2015-02-17 02:22 - 2013-11-05 01:13 - 00000000 ____D () C:\Users\*****\Documents\Calibre Library
2015-02-16 03:02 - 2012-07-09 18:26 - 00001063 _____ () C:\Users\*****\Documents\iTLU_profile_a.itlu
2015-02-15 15:30 - 2011-11-26 02:32 - 00000000 ____D () C:\Program Files (x86)\Amazon
2015-02-14 11:36 - 2011-11-11 02:58 - 00012288 _____ () C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-13 21:22 - 2014-04-08 22:12 - 00000000 ____D () C:\Program Files (x86)\ICE Book Reader Professional
2015-02-12 14:35 - 2014-11-23 13:37 - 00077896 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys
2015-02-12 14:35 - 2014-11-23 13:35 - 00314448 _____ (Qihu 360 Software Co., Ltd.) C:\Windows\system32\Drivers\360fsflt.sys
2015-02-12 14:35 - 2014-11-23 13:35 - 00180816 _____ (Qihu 360 Software Co., Ltd.) C:\Windows\system32\Drivers\BAPIDRV64.SYS
2015-02-12 14:35 - 2014-11-23 13:34 - 00305736 _____ (360.cn) C:\Windows\system32\Drivers\360Box64.sys
2015-02-10 12:18 - 2014-04-08 20:53 - 00000000 ____D () C:\Users\*****\Downloads\ebooks
2015-02-06 10:40 - 2013-04-18 22:58 - 00000000 ____D () C:\Users\*****\AppData\Roaming\HandBrake
2015-02-06 07:17 - 2014-12-16 10:11 - 00000040 ___SH () C:\ProgramData\.zreglib
2015-02-06 07:05 - 2014-10-23 20:13 - 00000000 ____D () C:\Metabones
2015-02-06 06:23 - 2012-07-03 17:52 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 06:23 - 2011-10-15 14:00 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe
2015-02-06 06:23 - 2011-07-22 05:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-11-07 01:33 - 2014-11-07 01:33 - 14147584 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe
2011-10-15 18:16 - 2011-10-16 00:13 - 0000288 _____ () C:\Users\*****\AppData\Roaming\.backup.dm
2012-01-23 19:49 - 2015-01-30 02:27 - 0000132 _____ () C:\Users\*****\AppData\Roaming\Adobe BMP Format CS5 Prefs
2012-04-27 00:20 - 2015-02-01 01:43 - 0000132 _____ () C:\Users\*****\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-03-31 02:41 - 2014-03-31 02:49 - 0002352 _____ () C:\Users\*****\AppData\Roaming\ASSDraw3.cfg
2011-10-19 19:08 - 2013-07-19 00:42 - 0000072 _____ () C:\Users\*****\AppData\Roaming\burnaware.ini
2012-06-20 04:23 - 2012-06-20 04:28 - 0311550 _____ () C:\Users\*****\AppData\Roaming\CodecsLE_Install.log
2012-06-20 04:26 - 2012-06-20 04:26 - 0314526 _____ () C:\Users\*****\AppData\Roaming\CodecsPE_Install.log
2015-01-10 00:30 - 2015-01-10 00:45 - 0000652 _____ () C:\Users\*****\AppData\Roaming\haj-log_2015-01-10 00_30_45.mjf
2012-06-19 16:13 - 2012-06-19 16:43 - 10008278 _____ () C:\Users\*****\AppData\Roaming\MediaComposer_Install.log
2013-12-08 14:15 - 2013-12-08 14:33 - 0001331 _____ () C:\Users\*****\AppData\Roaming\SplotchesConfig.dat
2012-01-23 16:57 - 2012-11-04 11:10 - 0001456 _____ () C:\Users\*****\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2011-11-11 02:58 - 2015-02-14 11:36 - 0012288 _____ () C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-19 16:34 - 2014-12-21 08:40 - 18831572 _____ () C:\Users\*****\AppData\Local\OcrMap.bin
2012-07-16 08:40 - 2012-07-16 08:40 - 0007607 _____ () C:\Users\*****\AppData\Local\Resmon.ResmonCfg
2014-12-16 10:11 - 2015-02-06 07:17 - 0000040 ___SH () C:\ProgramData\.zreglib
2011-08-21 02:32 - 2011-08-21 02:34 - 0015230 _____ () C:\ProgramData\ArcadeDeluxe5.log
2014-10-19 06:28 - 2014-10-19 06:28 - 0000000 _____ () C:\ProgramData\JonDoFox.paf.exe
2011-10-19 22:41 - 2011-10-19 22:41 - 0000139 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-08-06 17:08 - 2013-08-06 17:09 - 0000032 _____ () C:\ProgramData\PS.log

Files to move or delete:
====================
C:\ProgramData\JonDoFox.paf.exe


Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7gkkcl.dll
C:\Users\*****\AppData\Local\Temp\npp.6.7.4.Installer.exe
C:\Users\*****\AppData\Local\Temp\proxy_vole8766952842855467977.dll
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\smt_mystartsearch.exe
C:\Users\*****\AppData\Local\Temp\sqlite3.dll
C:\Users\*****\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 04:09

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

Kommentar:
-Hab den Log mal durgeschaut und meinen Nutzernamen wie empfohlen durch ***** ersetzt, der Nutzer postgres ist mir unbekannt und wurde NIE erstellt..
-Bei Avast wurde probiert, es zu entfernen.. anscheinend nach dem Log aber noch Rückstände? Nutze nun 360 Security..
-Bei LastPass & Cloudfrogger sind anscheinend auch noch Reste da obwohl früher deinstalliert?!
-Ich hatte früher mal eine Komplettinstallation von Visual Studio am laufen, während dessen gab's bei mir einen Stromausfall in der Stadt. Viele Sachen die geändert wurden musste ich mühselig per Hand deinstallieren um eine Neuistallation zu ermöglichen und ich vermute da ist vielleicht einiges durcheinander gekommen..

Zenon49 07.03.2015 13:40
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01
Ran by ***** at 2015-03-07 13:01:39
Running from C:\mediaTOOLS\FSRT64 - Analysetool
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 360 Total Security (Disabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AS: 360 Total Security (Disabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled

manually.)

 Tools for .Net 3.5 - DEU Lang Pack (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
 Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
µTorrent (HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 6.0.0.1140 - 360 Security Center)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ActiveX контрола на Windows Live Mesh за отдалечени връзки (HKLM-x32\...\{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}) (Version: 15.4.5722.2

- Microsoft Corporation)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version:

15.4.5722.2 - Microsoft Corporation)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems

Incorporated)
Aegisub 3.2.2 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.2 - Aegisub Team)
Aiseesoft Blu-ray Player 6.2.28 (HKLM-x32\...\{3E1A13C3-E458-4995-BEA6-4B9BE279D502}_is1) (Version: 6.2.28 - Aiseesoft Studio)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.1.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Application Insights Tools for Visual Studio 2013 (x32 Version: 2.1 - Microsoft Corporation) Hidden
Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.8.9046 - )
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.4 - GPL Public release.)
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Balabolka (HKLM-x32\...\Balabolka) (Version: 2.10.0.574 - Ilya Morozov)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 DEU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
BluFab 9.1.4.4 (05/06/2014) (HKLM-x32\...\BluFab 9_is1) (Version:  - BluFab Software)
BOOKcook Bücherverwaltung 1.43.1 (HKLM-x32\...\BOOKcook Bücherverwaltung_is1) (Version:  - XLM Software Axel Meierhöfer)
Build Tools - amd64 (Version: 12.0.30723 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.30723 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
Capsized (HKLM-x32\...\Steam App 95300) (Version:  - Alientrap)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.76.0.2015 - Georgy Berdyshev)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version:

15.4.5722.2 - Microsoft Corporation)
Control ActiveX del Windows Live Mesh per a connexions remotes (HKLM-x32\...\{76C064E2-BB99-4453-8FDA-42BC01AD0734}) (Version:

15.4.5722.2 - Microsoft Corporation)
Control ActiveX Windows Live Mesh pentru conexiuni la distanță (HKLM-x32\...\{260E3D78-94E6-47EC-8E29-46301572BB1E}) (Version:

15.4.5722.2 - Microsoft Corporation)
Controle ActiveX do Windows Live Mesh para Conexões Remotas (HKLM-x32\...\{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}) (Version:

15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version:

15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version:

15.4.5722.2 - Microsoft Corporation)
Crazy Taxi (HKLM-x32\...\Steam App 71230) (Version:  - SEGA)
Cryptophane 0.7.0 (HKLM-x32\...\Cryptophane_is1) (Version: 0.7.0 - eCOSM)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
Darkout (HKLM-x32\...\Steam App 257050) (Version:  - Allgraf)
Deadly Premonition: The Director's Cut (HKLM-x32\...\Steam App 247660) (Version:  - Rising Star Games)
Desura (HKLM-x32\...\Desura) (Version: 100.58 - Desura)
Desura: BEEP (HKLM-x32\...\Desura_62843961475104) (Version: Full - Big Fat Alien)
Desura: Lunar Wish: Orbs Of Fate (HKLM-x32\...\Desura_101640401059872) (Version: Full - lustermx)
Desura: MTBFreeride (HKLM-x32\...\Desura_101674760798240) (Version: Alpha - mtbfdeveloper)
Desura: OpenArena (HKLM-x32\...\Desura_24597277704224) (Version: Full - FSFPS project contributors)
Desura: Particulars (HKLM-x32\...\Desura_95674691485728) (Version: Alpha - SeeThrough Studios)
Desura: Project Zomboid (HKLM-x32\...\Desura_62350040236064) (Version: Alpha - The Indie Stone)
Devenv-Ressourcen für Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
DF CrcSfv 1.3 (HKLM-x32\...\DF CrcSfv_is1) (Version:  - Frischalowski EDV-Beratung)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Divinity: Original Sin (HKLM-x32\...\Steam App 230230) (Version:  - Larian Studios)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition Language Pack (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dropbox (HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Edna & Harvey: Harvey's New Eyes (HKLM-x32\...\Steam App 219910) (Version:  - Daedalic Entertainment)
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 -

Microsoft Corporation)
Epic Battle Fantasy 4 (HKLM-x32\...\Steam App 265610) (Version:  - Matt Roszak)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version:  - )
Erforderliche Komponenten für SSDT  (HKLM-x32\...\{3FF082A7-A5DE-4BDA-B56A-1D2BEFD617A3}) (Version: 11.1.3000.0 - Microsoft

Corporation)
Fallen Enchantress: Legendary Heroes (HKLM-x32\...\Steam App 228260) (Version:  - Stardock Entertainment)
ffdshow v1.3.4531 [2014-06-28] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4531.0 - )
FFMpegSource Plugin (HKLM-x32\...\FFMpegSource Plugin_is1) (Version:  - )
foobar2000 v1.3.6 (HKLM-x32\...\foobar2000) (Version: 1.3.6 - Peter Pawlowski)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-

3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.3.25.1124 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.8.1216 - Foxit Software Inc.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GetNZB Version 1.370 (HKLM-x32\...\GetNZB_is1) (Version: 1.370 - )
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
Helium Audio Joiner (build 331) (HKLM-x32\...\{1C7BCE67-6479-4D56-AD92-E50479028171}_is1) (Version: 1.9.0.331 - Imploded Software)
Helix YUV Codecs (remove only) (HKLM-x32\...\HelixYUVCodecs) (Version:  - )
How to Survive (HKLM-x32\...\Steam App 250400) (Version:  - )
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
ICQ 8.2 (build 6901) (HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\ICQ) (Version: 8.2.6901.0 - ICQ)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
inCloak VPN (HKLM-x32\...\{23493C78-637B-4A3F-BE08-CE9A2E6241A9}) (Version: 1.03 - Your Company Name)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KeePass Password Safe 2.28 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl)
Kit SDK de vérification de Visual Studio*2012 - fra (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Kontrola Windows Live Mesh ActiveX za daljinske veze (HKLM-x32\...\{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}) (Version: 15.4.5722.2 -

Microsoft Corporation)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2

- Microsoft Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for de-de Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Logitech Gaming Software 64 (HKLM-x32\...\InstallShield_{58BF5D14-CBCF-473C-B0E0-A7955A23224E}) (Version:  - )
Magic 2015 (HKLM-x32\...\Steam App 255420) (Version:  - Stainless Games)
Magicka: Wizard Wars (HKLM-x32\...\Steam App 202090) (Version:  - Paradox North)
MakeMKV v1.9.1 (HKLM-x32\...\MakeMKV) (Version: v1.9.1 - GuinpinSoft inc)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes

Corporation)
MediaInfo 0.7.71 (HKLM\...\MediaInfo) (Version: 0.7.71 - MediaArea.net)
Memory Profiler (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 -

Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft

Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft

Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 -

Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft

Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 -

Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft

Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft

Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK - DEU (HKLM-x32\...\{F351AA2C-723C-4CFE-A7CB-8E43AB164F7F}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft

Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{F09DEB00-9F41-4BC9-BA81-9F131B12B3D5}) (Version: 11.1.3000.0 - Microsoft

Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{D4E30517-FE6F-491E-942F-AE10E1B18F38}) (Version: 11.1.2902.0 -

Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{B4EDAE03-DB34-4DD0-BA7E-2ED80DEA50B1}) (Version: 11.1.2902.0 -

Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{269A8DF6-BBDA-441F-932B-233F9B746D72}) (Version: 11.1.3000.0 - Microsoft

Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{93945D16-4C3D-433E-B7E4-3D0D86B284C8}) (Version: 11.1.3000.0 - Microsoft

Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{6F173435-3F19-4043-BA3D-A46AA8472859}) (Version: 11.1.3000.0 - Microsoft

Corporation)
Microsoft SQL Server 2012 T-SQL-Sprachdienst  (HKLM-x32\...\{1D812D86-D8EF-41AC-A518-BA12E1913747}) (Version: 11.1.3000.0 - Microsoft

Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft

Corporation)
Microsoft SQL Server Data Tools - DEU (12.0.30919.1) (HKLM-x32\...\{7CC03C58-3471-43D2-A251-EC9AE225E772}) (Version: 12.0.30919.1 -

Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version:

12.0.30919.1 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 2.0 (HKLM-x32\...\{F17B8386-A74A-4E4E-A7DD-435372991E14}) (Version: 2.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version:

8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft

Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft

Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft

Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft

Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft

Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 -

Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 -

Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version:

9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version:

9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 -

Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 -

Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 -

Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729

- Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version:

9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version:

9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 -

Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219

- Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version:

11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version:

11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version:

11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version:

11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version:

12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version:

12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64))

(Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for

Office Runtime (x64) Language Pack - DEU) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 mit Update 3 (HKLM-x32\...\{c5f1b3cc-a03d-44d8-be17-21252a106599}) (Version: 12.0.30723 -

Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft

Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft

Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{43341417-7882-4F34-8390-53DFD00F6C0F}) (Version: 11.1.3366.16 -

Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{24440413-490E-41CA-BD33-0B30FD3EBE3A}) (Version: 11.1.3366.16 -

Microsoft Corporation)
Moppi Flower Saver 1.0 (HKLM-x32\...\Moppi Flower Saver Installer_is1) (Version:  - )
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
MPC-HC 1.7.7 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.7 - MPC-HC Team)
MSU Video Quality Measurement Tool 3.0 DEMO 3.0 (HKLM\...\MSU Video Quality Measurement Tool 3.0 DEMO_is1) (Version:  - MSU CS

Graphics & Media Lab (Video Group))
My MP4Box GUI 0.6.0.6 (HKLM\...\{3FBE3061-F2BC-4D3A-B4A9-8FB15C503F87}_is1) (Version: 0.6.0.6 - Matt Bodin)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA CUDA Samples 6.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDASamples_6.5) (Version: 6.5 - NVIDIA Corporation)
NVIDIA CUDA Toolkit 6.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDAToolkit_6.5) (Version: 6.5 - NVIDIA Corporation)
NVIDIA CUDA Visual Studio Integration 6.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDAVisualStudioIntegration_6.5) (Version:

6.5 - NVIDIA Corporation)
NVIDIA GPU Deployment Kit 340.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GDK) (Version: 340.62 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.62 - NVIDIA Corporation)
NVIDIA Nsight Visual Studio Edition 4.1.0.14204 (HKLM\...\{FEDB4463-83C0-4259-B119-5FE9C64A277F}) (Version: 4.1.0.14204 - NVIDIA

Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA

Corporation)
NVIDIA Tools Extension SDK (NVTX) - 64 bit (HKLM\...\{4D983759-07FC-4571-BB59-58C9BBADECC5}) (Version: 1.00.00.00 - NVIDIA

Corporation)
NVIDIA Update 15.3.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 15.3.33 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.23 - NVIDIA

Corporation)
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
Opera Stable 26.0.1656.60 (HKLM-x32\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA)
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706})

(Version: 15.4.5722.2 - Microsoft Corporation)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (HKLM-x32\...\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31})

(Version: 15.4.5722.2 - Microsoft Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-

6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 RC für Windows Store-Apps (Deutsch) (x32 Version: 4.5.21005

- Microsoft Corporation) Hidden
Pauker (HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\Pauker) (Version:  - Ronny Standtke)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PreEmptive Analytics Client German Language Pack (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
Python Tools - Umleitungsvorlage (x32 Version: 1.2 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Resident Evil / biohazard HD REMASTER (HKLM-x32\...\Steam App 304240) (Version:  - CAPCOM Co., Ltd.)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe)

(Version: 1.0.0 - DMAILER)
SDK de comprobación de Visual Studio 2012 - esn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Shadowrun: Dragonfall - Director's Cut (HKLM-x32\...\Steam App 300550) (Version:  - Harebrained Schemes)
SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
Sigil 0.8.2 (HKLM\...\Sigil_is1) (Version:  - John Schember)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SolveigMM Video Splitter Home Edition (HKLM-x32\...\SolveigMM Video Splitter Home Edition 4.0.1410.24) (Version: 4.0.1410.24 - Solveig

Multimedia)
Spotify (HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Swirl Abstracts Screensaver (HKLM-x32\...\{4c94c56f-d808-406b-a7d1-0f956de45a8a}) (Version: 1.0.0.0 - InstallX, LLC) <==== ATTENTION
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TimeLeft (HKLM-x32\...\TIMELEFT3_is1) (Version: 3.62 - NesterSoft Inc.)
Tomb Raider II (HKLM-x32\...\Steam App 225300) (Version:  - Core Design)
Tomb Raider III: Adventures of Lara Croft (HKLM-x32\...\Steam App 225320) (Version:  - Core Design)
Tomb Raider: Anniversary (HKLM-x32\...\Steam App 8000) (Version:  - Crystal Dynamics)
TP-LINK TL-WN721N_WN722N Treiber (HKLM-x32\...\{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}) (Version: 1.2.1 - TP-LINK)
TrackMania² Stadium (HKLM-x32\...\Steam App 232910) (Version:  - Nadeo)
Transistor (HKLM-x32\...\Steam App 237930) (Version:  - Supergiant Games)
TypeScript Power Tool (x32 Version: 1.0.3.1 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.3.1 - Microsoft Corporation) Hidden
Unreal Development Kit: 2012-10 (HKLM\...\UDK-0a6a40ea-8287-4f25-ac5a-8c34b192a2bc) (Version:  - Epic Games, Inc.)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Urruneko konexioetarako Windows Live Mesh ActiveX kontrola (HKLM-x32\...\{7BA6DF02-B094-45D7-A3C9-BE3684253922}) (Version: 15.4.5722.2

- Microsoft Corporation)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 -

Microsoft Corporation)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.0f-1 - IDRIX)
Visual Studio 2012 Update 4 (KB2707250) (HKLM-x32\...\{312d9252-c71c-4c84-b171-f4ad46e22098}) (Version: 11.0.61030 - Microsoft

Corporation)
Visual Studio 2013 Update 3 (KB2829760) (HKLM-x32\...\{86438e3d-7f83-4dd2-94aa-047e7c3974cb}) (Version: 12.0.30723 - Microsoft

Corporation)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 10.0.3 - VMware, Inc)
VMware Workstation (Version: 10.0.3 - VMware, Inc.) Hidden
VS Update core components (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 DEU Language Pack (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 DEU Language Pack (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Wecker für Windows 6.5 (HKLM-x32\...\{FFDC4005-E968-498D-93C8-CC148742167D}}_is1) (Version: 6.5 - Christoph Bünger Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F})

(Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 -

Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 -

Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 -

Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version:

15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 -

Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 -

Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 -

Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version:

05/31/2012 7.1.2.0 - Nokia)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
YAMB (HKLM-x32\...\YAMB) (Version:  - )
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F})

(Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version:

15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft

Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft

Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย) (HKLM-x32\...\{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}) (Version: 15.4.5722.2 -

Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft

Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 ->

C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 ->

C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 ->

C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 ->

C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 ->

C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 ->

C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 ->

C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 ->

C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 ->

C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 ->

C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

23-02-2015 16:28:51 Geplanter Prüfpunkt
23-02-2015 17:10:38 Windows Update
23-02-2015 17:12:54 Windows Update
27-02-2015 21:26:07 Installed inCloak VPN.
27-02-2015 21:29:54 Gerätetreiber-Paketinstallation: TAP-Windows Provider V9 Netzwerkadapter
07-03-2015 03:46:44 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2011-10-17 01:09 - 00002013 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobe-dns-5.adobe.com
127.0.0.1 activate.adobe.de
127.0.0.1 practivate.adobe.de
127.0.0.1 ereg.adobe.de
127.0.0.1 activate.wip3.adobe.de
127.0.0.1 wip3.adobe.de
127.0.0.1 3dns-3.adobe.de

There are 8 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be

moved.)

Task: {0172E992-E646-49FF-8B3A-469A29270AA3} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM

\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated)
Task: {2CAD0DF8-C7F0-4EC2-A9B6-A7C1E630629F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21]

(Piriform Ltd)
Task: {2EBAF774-0FC2-462D-9AEC-1661DD36D74F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {4DBA96C8-2A39-4E3F-95BB-AC16C0C195AB} - System32\Tasks\CleanMem Mini Monitor => C:\Program Files (x86)\CleanMem

\mini_monitor.exe [2012-09-20] (PcWinTech.com)
Task: {4FFC8C6F-854C-4DD0-A731-63854D664787} - \FacebookUpdateTaskUserS-1-5-21-1687097068-401554184-1692899982-1001UA No Task File

<==== ATTENTION
Task: {6D55F12D-EB29-420E-B3BA-44B545ACFC5C} - \LaunchApp No Task File <==== ATTENTION
Task: {8744B1F7-8C97-4DFD-B65A-BD9669D4B6E6} - \FacebookUpdateTaskUserS-1-5-21-1687097068-401554184-1692899982-1001Core No Task File

<==== ATTENTION
Task: {90C36BFD-4BF6-4086-AD5B-A3E4BC351F95} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B2090BC7-797E-4A64-A768-2964C3CCC0D1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software

Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B48AF527-D3AB-4E96-88D9-0D756DF4CC22} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast

\AvastEmUpdate.exe
Task: {C5668071-1E25-493E-809A-BA8B429F3FC7} - \Adobe Reader Speed Launcher No Task File <==== ATTENTION
Task: {C63B5B04-E629-4896-8F00-E2D97FFB3B28} - System32\Tasks\AdobeAAMUpdater-1.0-acer-a-5750g-***** => C:\Program Files (x86)\Common

Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {CC220CD3-C427-4154-A3B3-F59CD895A618} - System32\Tasks\Clean System Memory => C:\Windows\syswow64\CleanMem.exe [2012-09-20]

(PcWinTech.com)
Task: {FEF89A0A-55EB-4DAA-8E53-27B7837036C4} - System32\Tasks\{34EE32BD-3F39-4310-9FC9-9238E6DD1C78} => pcalua.exe -a C:\Users\*****

\Downloads\VirtualBox-4.3.4-91027-Win.exe -d C:\Users\*****\Downloads

==================== Loaded Modules (whitelisted) ==============

2014-11-23 13:34 - 2015-02-12 14:35 - 00813680 _____ () C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
2014-10-26 23:05 - 2014-08-01 06:42 - 00013272 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-10-27 00:08 - 2014-08-01 04:45 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-11-23 13:34 - 2015-02-12 14:35 - 00612944 _____ () C:\Program Files (x86)\360\Total Security\MenuEx64.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-02-02 02:30 - 2013-10-23 15:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2013-10-07 15:54 - 2013-10-07 15:54 - 00218112 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2010-11-16 14:38 - 2010-11-16 14:38 - 00339456 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2011-10-17 18:03 - 2011-10-17 18:02 - 00514048 _____ () C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
2013-09-05 21:00 - 2013-09-07 02:34 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-26 18:43 - 2011-04-15 13:13 - 00216064 _____ () C:\Program Files\PostgreSQL\9.0\bin\LIBPQ.dll
2013-09-26 18:43 - 2010-05-07 08:48 - 01333760 _____ () C:\Program Files\PostgreSQL\9.0\bin\libxml2.dll
2014-06-12 16:44 - 2014-06-12 16:44 - 14407384 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2011-07-22 05:54 - 2011-06-10 18:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-11-23 13:34 - 2015-02-12 14:35 - 01208944 _____ () C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support

\libxml2.dll
2014-10-26 23:05 - 2014-08-01 06:42 - 00012120 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-10-07 15:49 - 2013-10-07 15:49 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2013-10-07 15:47 - 2013-10-07 15:47 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2013-10-07 15:44 - 2013-10-07 15:44 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2013-10-07 15:49 - 2013-10-07 15:49 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2013-10-07 15:49 - 2013-10-07 15:49 - 00628224 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00428032 _____ () C:\Program Files (x86)\Mobile Partner\core.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00261632 _____ () C:\Program Files (x86)\Mobile Partner\sdk.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00011362 _____ () C:\Program Files (x86)\Mobile Partner\mingwm10.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00043008 _____ () C:\Program Files (x86)\Mobile Partner\libgcc_s_dw2-1.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 02415104 _____ () C:\Program Files (x86)\Mobile Partner\QtCore4.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 09515520 _____ () C:\Program Files (x86)\Mobile Partner\QtGui4.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00381952 _____ () C:\Program Files (x86)\Mobile Partner\Proxy.DLL
2011-10-17 18:03 - 2011-10-17 18:02 - 00218112 _____ () C:\Program Files (x86)\Mobile Partner\Common.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00135168 _____ () C:\Program Files (x86)\Mobile Partner\Trace.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00545280 _____ () C:\Program Files (x86)\Mobile Partner\PluginContainer.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00238080 _____ () C:\Program Files (x86)\Mobile Partner\AtCodec.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00301056 _____ () C:\Program Files (x86)\Mobile Partner\DeviceSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00235008 _____ () C:\Program Files (x86)\Mobile Partner\NetSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00133120 _____ () C:\Program Files (x86)\Mobile Partner\OSDialup.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00159232 _____ () C:\Program Files (x86)\Mobile Partner\XCodec.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00157184 _____ () C:\Program Files (x86)\Mobile Partner\DataServicePlugin.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00176128 _____ () C:\Program Files (x86)\Mobile Partner\CallSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00264704 _____ () C:\Program Files (x86)\Mobile Partner\AddrBookSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00217600 _____ () C:\Program Files (x86)\Mobile Partner\SmsSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00142336 _____ () C:\Program Files (x86)\Mobile Partner\USSDSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00156672 _____ () C:\Program Files (x86)\Mobile Partner\STKSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00338432 _____ () C:\Program Files (x86)\Mobile Partner\DeviceAppPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00065536 _____ () C:\Program Files (x86)\Mobile Partner\OSPowerMgr.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00106496 _____ () C:\Program Files (x86)\Mobile Partner\Win7Support.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 01077248 _____ () C:\Program Files (x86)\Mobile Partner\AddrBookPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00670720 _____ () C:\Program Files (x86)\Mobile Partner\SmsAppPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00550400 _____ () C:\Program Files (x86)\Mobile Partner\CallAppPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00547840 _____ () C:\Program Files (x86)\Mobile Partner\CallLogSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00158720 _____ () C:\Program Files (x86)\Mobile Partner\NetConnectSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00211968 _____ () C:\Program Files (x86)\Mobile Partner\DialUpPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00101376 _____ () C:\Program Files (x86)\Mobile Partner\OSAdapt.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00180224 _____ () C:\Program Files (x86)\Mobile Partner\NDISPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00131072 _____ () C:\Program Files (x86)\Mobile Partner\OSNDIS.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 01101824 _____ () C:\Program Files (x86)\Mobile Partner\NDISAPI.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00278528 _____ () C:\Program Files (x86)\Mobile Partner\NetInfoSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00062976 _____ () C:\Program Files (x86)\Mobile Partner\OSCall.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00495104 _____ () C:\Program Files (x86)\Mobile Partner\DeviceMgrUIPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00123392 _____ () C:\Program Files (x86)\Mobile Partner\ATR2SMgr.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00184832 _____ () C:\Program Files (x86)\Mobile Partner\XFramePlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00308224 _____ () C:\Program Files (x86)\Mobile Partner\StatusBarMgrPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00117760 _____ () C:\Program Files (x86)\Mobile Partner\LayoutPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00428032 _____ () C:\Program Files (x86)\Mobile Partner\DialupUIPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00093184 _____ () C:\Program Files (x86)\Mobile Partner\NotifyServicePlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00333312 _____ () C:\Program Files (x86)\Mobile Partner\NetConnectPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00249344 _____ () C:\Program Files (x86)\Mobile Partner\MenuMgrPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00483328 _____ () C:\Program Files (x86)\Mobile Partner\NetInfoUIExPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00808960 _____ () C:\Program Files (x86)\Mobile Partner\SMSUIPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00739328 _____ () C:\Program Files (x86)\Mobile Partner\AddrBookUIPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00239104 _____ () C:\Program Files (x86)\Mobile Partner\LiveUpdateInterface.DLL
2011-10-17 18:03 - 2011-10-17 18:03 - 01148416 _____ () C:\Program Files (x86)\Mobile Partner\QtNetwork4.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00229888 _____ () C:\Program Files (x86)\Mobile Partner\ToolBarMgrPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00082944 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qgif4.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00081920 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qico4.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00192000 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qjpeg4.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00350720 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qmng4.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00370176 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qtiff4.dll
2014-06-12 17:22 - 2014-06-12 17:22 - 01261272 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2011-07-18 22:07 - 2011-07-18 22:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2014-01-07 00:42 - 2014-01-07 00:42 - 01611264 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
2014-03-10 21:47 - 2014-03-10 21:47 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop

\ae685719bd599604bdf031cdad0ba38a\IsdiInterop.ni.dll
2011-07-22 05:10 - 2011-04-30 08:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-03-12 17:10 - 2014-11-11 19:47 - 00774656 _____ () C:\STEAM\SDL2.dll
2015-02-07 16:26 - 2014-12-02 01:29 - 05002752 _____ () C:\STEAM\v8.dll
2015-02-07 16:26 - 2014-12-02 01:29 - 01612800 _____ () C:\STEAM\icui18n.dll
2015-02-07 16:26 - 2014-12-02 01:29 - 01210368 _____ () C:\STEAM\icuuc.dll
2014-05-22 02:54 - 2015-02-19 00:51 - 02360000 _____ () C:\STEAM\video.dll
2014-09-25 17:01 - 2014-12-01 22:31 - 02396672 _____ () C:\STEAM\libavcodec-56.dll
2014-09-25 17:01 - 2014-12-01 22:31 - 00442880 _____ () C:\STEAM\libavutil-54.dll
2014-09-25 17:01 - 2014-12-01 22:31 - 00479744 _____ () C:\STEAM\libavformat-56.dll
2014-09-25 17:01 - 2014-12-01 22:31 - 00332800 _____ () C:\STEAM\libavresample-2.dll
2014-09-25 17:01 - 2014-12-01 22:31 - 00485888 _____ () C:\STEAM\libswscale-3.dll
2011-10-16 16:57 - 2015-02-19 00:51 - 00702656 _____ () C:\STEAM\bin\chromehtml.DLL
2011-10-16 16:57 - 2015-01-28 02:30 - 34641288 _____ () C:\STEAM\bin\libcef.dll
2014-09-25 17:01 - 2015-01-28 02:30 - 01709960 _____ () C:\STEAM\bin\ffmpegsumo.dll
2014-11-17 03:27 - 2014-10-05 16:18 - 00239864 _____ () C:\Program Files (x86)\MPC-HC\LAVFilters\libbluray.dll
2014-12-16 13:36 - 2014-06-28 16:39 - 03502592 _____ () C:\Program Files (x86)\ffdshow\ffdshow.ax
2012-07-03 16:43 - 2012-07-03 16:43 - 00797184 _____ () C:\Program Files (x86)\RapidSolution\Audials 9\ac3filter.ax

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Microsoft:1YL26yuNMhJebFkOF0
AlternateDataStreams: C:\ProgramData\Microsoft:lENnA5vff516fFhzmuW
AlternateDataStreams: C:\Users\*****\Cookies:cygM3w0l6CBJC2n9wN
AlternateDataStreams: C:\Users\*****\AppData\Local\iNN2YC20irDVgW:WKa4N2Bptibo15RqduIuUQPCV
AlternateDataStreams: C:\Users\*****\AppData\Local\nx0yC7wG2l:uZ4VAZHWL1s3FnY547Srz2U
AlternateDataStreams: C:\Users\*****\AppData\Local\Temporary Internet Files:ESNGrHTQEM5OtEgbVQId
AlternateDataStreams: C:\Users\*****\AppData\Local\Temporary Internet Files:IJbfx6utWWRMKl3UM7p
AlternateDataStreams: C:\Users\*****\AppData\Local\Temporary Internet Files:ODT82Af2glL7afdCP
AlternateDataStreams: C:\Users\*****\AppData\Local\vC0gfSXfKSm1:OI6R9NoE3JlZMy8Ig2FLnA

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1687097068-401554184-1692899982-1001\Control Panel\Desktop\\Wallpaper -> C:\Program Files (x86)\Walyk Wallpaper Changer

\wwc_wallpaper.bmp
DNS Servers: 193.189.244.225 - 193.189.244.206

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: CLKMSVC10_9EC60124 => 2
MSCONFIG\Services: Desura Install Service => 3
MSCONFIG\Services: EgisTec Ticket Service => 3
MSCONFIG\Services: ePowerSvc => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: Giraffic => 2
MSCONFIG\Services: GREGService => 2
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: HWDeviceService64.exe => 2
MSCONFIG\Services: Live Updater Service => 2
MSCONFIG\Services: M4LIC => 2
MSCONFIG\Services: MacDrive8Service => 2
MSCONFIG\Services: Mobile Partner. RunOuc => 2
MSCONFIG\Services: NTI IScheduleSvc => 2
MSCONFIG\Services: PaceLicenseDServices => 2
MSCONFIG\Services: PCSUITEDFRGSVC => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Sony PC Companion => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: TeamViewer7 => 2
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss

\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Wecker für Windows 6.lnk => C:

\Windows\pss\Wecker für Windows 6.lnk.Startup
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk => C:\Windows\pss

\Xfire.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -

launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Copy => "C:\Users\*****\AppData\Roaming\Copy\CopyAgent.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
MSCONFIG\startupreg: Facebook Update => "C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Getting started with MacDrive 8 => "C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe" /auto
MSCONFIG\startupreg: ICQ => C:\Users\*****\AppData\Roaming\ICQM\icq.exe -CU
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NapsterShell => C:\Program Files (x86)\Napster\napster.exe /systray
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: Power Management => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: Spotify => "C:\Users\*****\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: Update Service => C:\Program Files (x86)\Common Files\Teknum Systems\update.exe "/startup"
MSCONFIG\startupreg: vmware-tray.exe => "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"

==================== Accounts: =============================

A5108FB4EE024DCDA5F9 (S-1-5-21-1687097068-401554184-1692899982-1113 - Limited - Enabled)
Administrator (S-1-5-21-1687097068-401554184-1692899982-500 - Administrator - Disabled)
Gast (S-1-5-21-1687097068-401554184-1692899982-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1687097068-401554184-1692899982-1003 - Limited - Enabled)
***** (S-1-5-21-1687097068-401554184-1692899982-1001 - Administrator - Enabled) => C:\Users\*****
postgres (S-1-5-21-1687097068-401554184-1692899982-1054 - Limited - Enabled) => C:\Users\postgres

==================== Faulty Device Manager Devices =============

Name: TeamViewer VPN Adapter
Description: TeamViewer VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TeamViewer GmbH
Service: teamviewervpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the

instructions.

Name: Broadcom 802.11n-Netzwerkadapter
Description: Broadcom 802.11n-Netzwerkadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the

instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/07/2015 01:00:38 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <10, 0x80071a91, Fehler beim Speichern

der Änderungen am Crawl Scope-Manager: >.

Error: (03/07/2015 01:00:38 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler:

<20, 0x80071a91, "">.

Error: (03/07/2015 01:00:22 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <10, 0x80071a91, Fehler beim Speichern

der Änderungen am Crawl Scope-Manager: >.

Error: (03/07/2015 01:00:22 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler:

<20, 0x80071a91, "">.

Error: (03/07/2015 01:00:14 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <10, 0x80071a91, Fehler beim Speichern

der Änderungen am Crawl Scope-Manager: >.

Error: (03/07/2015 01:00:14 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler:

<20, 0x80071a91, "">.

Error: (03/07/2015 00:59:43 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <10, 0x80071a91, Fehler beim Speichern

der Änderungen am Crawl Scope-Manager: >.

Error: (03/07/2015 00:59:43 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler:

<20, 0x80071a91, "">.

Error: (03/07/2015 00:59:34 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <10, 0x80071a91, Fehler beim Speichern

der Änderungen am Crawl Scope-Manager: >.

Error: (03/07/2015 00:59:34 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler:

<20, 0x80071a91, "">.


System errors:
=============
Error: (03/07/2015 01:00:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 106 Mal passiert.

Error: (03/07/2015 01:00:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%6801

Error: (03/07/2015 01:00:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 105 Mal passiert.

Error: (03/07/2015 01:00:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%6801

Error: (03/07/2015 01:00:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 104 Mal passiert.

Error: (03/07/2015 01:00:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%6801

Error: (03/07/2015 00:59:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 103 Mal passiert.

Error: (03/07/2015 00:59:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%6801

Error: (03/07/2015 00:59:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 102 Mal passiert.

Error: (03/07/2015 00:59:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%6801


Microsoft Office Sessions:
=========================
Error: (03/07/2015 01:00:38 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 100x80071a91Fehler beim Speichern der Änderungen am Crawl Scope-Manager:

Error: (03/07/2015 01:00:38 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 200x80071a91

Error: (03/07/2015 01:00:22 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 100x80071a91Fehler beim Speichern der Änderungen am Crawl Scope-Manager:

Error: (03/07/2015 01:00:22 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 200x80071a91

Error: (03/07/2015 01:00:14 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 100x80071a91Fehler beim Speichern der Änderungen am Crawl Scope-Manager:

Error: (03/07/2015 01:00:14 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 200x80071a91

Error: (03/07/2015 00:59:43 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 100x80071a91Fehler beim Speichern der Änderungen am Crawl Scope-Manager:

Error: (03/07/2015 00:59:43 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 200x80071a91

Error: (03/07/2015 00:59:34 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 100x80071a91Fehler beim Speichern der Änderungen am Crawl Scope-Manager:

Error: (03/07/2015 00:59:34 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 200x80071a91


CodeIntegrity Errors:
===================================
  Date: 2014-10-31 14:16:16.780
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\*****\AppData\Local\Temp

\ListOpenedFileDrv_64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine

kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich

um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-10-31 14:16:16.686
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\*****\AppData\Local\Temp

\ListOpenedFileDrv_64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine

kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich

um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-10-31 14:16:16.593
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\*****\AppData\Local\Temp

\ListOpenedFileDrv_64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine

kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich

um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-10-31 14:16:16.484
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\*****\AppData\Local\Temp

\ListOpenedFileDrv_64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine

kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich

um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-01-10 18:04:45.859
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht

überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder

Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer

unbekannten Quelle handelt, installiert.

  Date: 2014-01-10 18:04:45.746
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht

überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder

Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer

unbekannten Quelle handelt, installiert.

  Date: 2013-02-01 04:00:30.107
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll" konnte

nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-01 04:00:30.076
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll" konnte

nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 34%
Total physical RAM: 8043.83 MB
Available physical RAM: 5239.55 MB
Total Pagefile: 16085.84 MB
Available Pagefile: 11917.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive a: (Mobile Partner) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
Drive c: (Acer) (Fixed) (Total:447.66 GB) (Free:31.53 GB) NTFS
Drive h: (THE AIR I BREATHE) (CDROM) (Total:22.31 GB) (Free:0 GB) UDF
Drive i: (VOLUME) (Fixed) (Total:0.04 GB) (Free:0.04 GB) FAT32
Drive z: (inateckVC) (Fixed) (Total:465.71 GB) (Free:28.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: AF2F2F70)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=447.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6CF22AD3)
Partition 1: (Not Active) - (Size=45 MB) - (Type=0B)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=06)

==================== End Of Log ============================
Kommentar:
- PcWinTech ?? Hä??
- MacDrive 8 brauche nicht, machte nur Probleme und ist schon deinstalliert aber noch im Startup, habs daher rausgenommen.. weitere Möglichkeit?
-LaunchApp ?!?!
-FacebookUpdateTaskUserS-1-5-21-1687097068-401554184-1692899982-1001UA ????! Nutze Fb seit einem Jahr nicht mehr..

Plugins bei Mozilla.. hätte da einige enfternt um mein Mozilla mal sauber zu bekommen / UP TO DATE , aber hat bisher nicht hingehauen, hab's mit roten Fragezeichen markiert:
http://abload.de/img/mozilla_pluginsgfqq2.jpg


Schon mal DANKE im Voraus!

schrauber 07.03.2015 18:49
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Swirl Abstracts Screensaver


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 






Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Zenon49 07.03.2015 20:57
Seitdem Combofix durchgelaufen ist funktioniert mein KeePass Programm zur Passwort-Verwaltung nicht mehr! Meine letzte externe Sicherung der Passwörter in einer verschlüsselten HTML Datei ist schon 2 Wochen alt, etwaige neue Pws sind in meinem .kdbx File...
Hab' KeePass deinstalliert & neuinstalliert, DENNOCH kommt diese Meldung:
Datei kann nicht ausgeführt werden
C:/Program Files(x86)/KeePass Password Safe 2/KeePass.exe
CreateProcess schlug fehl; Code 31.
Ein an das System angeschlossenes Gerät funktioniert nicht.
Hilfe!

Hier der Combofix Log:
Code:
ComboFix 15-03-01.01 - ***** 07.03.2015  20:06:04.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8044.4865 [GMT 1:00]
ausgeführt von:: c:\users\*****\Desktop\ComboFix.exe
AV: 360 Total Security *Disabled/Updated* {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
SP: 360 Total Security *Disabled/Updated* {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\*****\AppData\Roaming\Local
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\arrow.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\context.html
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\deletelocallowlastpass.txt
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\deleteprogramfiles.txt
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\embed_cs_min.js
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\enabletoolbar.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\favicon.ico
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\find_bluetooth.exe
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\generate_min.js
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\iehome.html
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\iehome2.html
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\ielib_min.js
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\add.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\addfriend.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\addgroup.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\cog.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\collapseoff.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\collapseon.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\expandoff.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\expandon.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lib\book_open.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lib\creditcards.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lib\export.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lib\folder-blue.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lib\help.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lib\import.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lib\kcontrol.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lib\key.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lib\note_add.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lib\popular.gif
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lib\popular.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lib\remove-user-red.gif
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\logo.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\logouticon.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lp_vault.jpg
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lpdropdown_off.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lpdropdown_on.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lpwhitelogo.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\menu_x.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\poweredby.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\seccheck.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\time.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\add_site.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\cancel.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\create_group.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\delete.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\edit.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\enterprise.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\eye-hidden.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\eye-shown.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\folder_close.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\folder_open.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\link_account.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\manage_shared.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\search_lite.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\secure_note2.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\settings.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\share.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault_button_hover.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault_button_normal.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vaultaccept.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vaultalert.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vaultcopy.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vaultcreditmonitor.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vaultdelete.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vaultedit.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vaultff.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vaultidentity.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vaultinvite.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vaultreject.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vaultshare.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vaultshares.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vaulttools.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\img.html
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\InTheHand.Net.Personal.dll
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\json2c.js
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\af-ZA.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\ar-EG.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\ar-SA.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\az-AZ.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\be-BY.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\bg-BG.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\bn-BD.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\bs-BA.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\ca-ES.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\cs-CZ.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\da-DK.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\de-DE.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\el-GR.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\en-AU.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\en-GB.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\en-US.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\eo-US.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\es-ES.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\es-MX.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\et-EE.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\fa-IR.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\fi-FI.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\fo-FO.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\fr-CA.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\fr-FR.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\ga-IE.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\gl-ES.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\gu-IN.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\he-IL.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\hi-IN.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\hr-HR.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\hu-HU.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\id-ID.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\is-IS.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\it-IT.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\ja-JP.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\ka-GE.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\kn-IN.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\ko-KR.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\lt-LT.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\lv-LV.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\mg-MG.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\mk-MK.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\ml-IN.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\mr-IN.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\ms-MY.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\nb-NO.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\ne-NP.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\nl-NL.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\nn-NO.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\pa-IN.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\pl-PL.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\pt-BR.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\pt-PT.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\ro-RO.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\ru-RU.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\si-LK.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\sk-SK.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\sl-SI.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\sq-AL.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\sr-RS.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\sv-SE.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\ta-IN.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\te-IN.regexp.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\th-TH.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\tl-PH.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\tr-TR.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\tzm-MA.regexp.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\uk-UA.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\ur-PK.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\ver
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\vi-VN.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\zh-CN.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\zh-TW.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lastpass.exe
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\LastPassBroker.exe
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lp_ie.zip
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lp_languages.zip
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\LPIEHome.ocx
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\LPIEHome64.ocx
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\LPPlugin.dll
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\LPPlugin_x64.dll
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\LPToolbar.dll
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\LPToolbar_x64.dll
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\menu.html
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\mpwchange.html
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\nplastpass.dll
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\nplastpass64.dll
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\popup_inframe_lib_min.js
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\popupcombobox.css
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\popupcombobox_min.js
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\popupfilltab.css
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\popupfilltab.frag
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\popupfilltab_common_min.js
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\popupfilltab_min.js
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\programfiles.txt
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\vaultcommonc.js
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\WinBioStandalone.exe
c:\users\*****\AppData\Roaming\poclbm
c:\users\*****\AppData\Roaming\poclbm\poclbm.ini
c:\users\*****\videos\VIDEO_TS Track 1.bin
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\IsUn0407.exe
c:\windows\msdownld.tmp
c:\windows\SysWow64\ijl11.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-02-07 bis 2015-03-07  ))))))))))))))))))))))))))))))
.
.
2015-03-07 19:19 . 2015-03-07 19:19        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2015-03-07 19:19 . 2015-03-07 19:19        --------        d-----w-        c:\users\postgres\AppData\Local\temp
2015-03-07 19:19 . 2015-03-07 19:19        --------        d-----w-        c:\users\hedev\AppData\Local\temp
2015-03-07 19:19 . 2015-03-07 19:19        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-03-07 18:52 . 2015-03-07 18:52        --------        d-----w-        c:\program files (x86)\ESET
2015-03-07 14:21 . 2015-03-07 14:21        --------        d-sh--w-        c:\windows\SysWow64\AI_RecycleBin
2015-03-07 04:44 . 2015-03-07 17:14        --------        d-----w-        C:\FRST
2015-03-06 05:35 . 2015-03-06 05:35        970912        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr120.dll
2015-03-06 05:35 . 2015-03-06 05:35        455328        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp120.dll
2015-03-06 05:35 . 2015-03-06 05:35        3466856        ----a-w-        c:\program files (x86)\Mozilla Firefox\d3dcompiler_47.dll
2015-03-06 05:35 . 2015-03-06 05:35        169584        ----a-w-        c:\program files (x86)\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2015-03-06 03:00 . 2015-03-06 03:00        --------        d-----w-        c:\program files (x86)\Project64 2.1
2015-03-05 17:15 . 2015-03-05 17:15        --------        d-----w-        c:\users\*****\AppData\Local\Ndemic Creations
2015-03-01 18:27 . 2015-03-01 18:27        --------        d-----w-        c:\users\*****\AppData\Local\CAPCOM
2015-02-26 10:57 . 2015-02-26 11:10        --------        d-----w-        c:\program files (x86)\Cryptophane
2015-02-22 15:29 . 2015-02-22 15:29        --------        d-----w-        c:\programdata\360TotalSecurity
2015-02-22 00:23 . 2015-02-22 00:23        --------        d-----w-        c:\users\*****\AppData\Local\Steam
2015-02-17 17:41 . 2015-02-17 17:41        --------        d-----w-        c:\users\*****\AppData\Roaming\XLMSoft
2015-02-17 17:32 . 2015-02-17 17:32        --------        d-----w-        c:\program files (x86)\XLM Software
2015-02-13 20:37 . 2015-02-13 20:37        --------        d-----w-        c:\users\*****\AppData\Roaming\Foxit Software
2015-02-13 20:36 . 2015-02-13 20:36        --------        d-----w-        c:\users\Public\Foxit Software
2015-02-13 20:35 . 2015-02-13 20:35        --------        d-----w-        c:\program files (x86)\Foxit Software
2015-02-06 06:24 . 2015-02-06 06:24        --------        d-----w-        c:\program files (x86)\MakeMKV
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-12 13:35 . 2014-11-23 12:34        305736        ----a-w-        c:\windows\system32\drivers\360Box64.sys
2015-02-12 13:35 . 2014-11-23 12:37        77896        ----a-w-        c:\windows\system32\drivers\360AvFlt.sys
2015-02-12 13:35 . 2014-11-23 12:35        314448        ----a-w-        c:\windows\system32\drivers\360fsflt.sys
2015-02-12 13:35 . 2014-11-23 12:35        180816        ----a-w-        c:\windows\system32\drivers\BAPIDRV64.SYS
2015-02-06 05:23 . 2012-07-03 16:52        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-06 05:23 . 2011-07-22 04:47        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-25 19:35 . 2014-10-17 12:02        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-08 00:37 . 2014-10-20 02:30        192344        ----a-w-        c:\windows\system32\drivers\veracrypt.sys
2015-01-01 16:23 . 2015-01-01 16:58        175136        ----a-w-        c:\windows\SysWow64\EasyAntiCheat.exe
2014-12-28 16:48 . 2014-11-01 10:20        129752        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-21 07:40 . 2014-12-19 15:34        18831572        ----a-w-        c:\users\*****\AppData\Local\OcrMap.bin
2014-12-16 12:39 . 2014-12-16 12:39        35365        ----a-w-        c:\windows\SysWow64\uninstHelixYUV.exe
2014-11-07 00:33 . 2014-11-07 00:33        14147584        ----a-w-        c:\program files (x86)\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        152544        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-11-21 7063832]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2015-02-18 785416]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Adobe Speed Launcher"="1425622892" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"QHSafeTray"="c:\program files (x86)\360\Total Security\safemon\QHSafeTray.exe" [2015-02-12 1208944]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Copy"="c:\users\*****\AppData\Roaming\Copy\CopyAgent.exe" [2015-02-07 15435920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Fences.lnk - c:\program files (x86)\Stardock\Fences\Fences.exe /startup [2012-10-29 4017368]
TimeLeft.lnk - c:\program files (x86)\TimeLeft3\TimeLeft.exe [2014-12-16 2050224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]
R3 360AvFlt;360AvFlt mini-filter driver;c:\windows\system32\DRIVERS\360AvFlt.sys;c:\windows\SYSNATIVE\DRIVERS\360AvFlt.sys [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 AndNetDiag2;LGE AndroidNet For Diagnostics Port;c:\windows\system32\DRIVERS\lgandnetdiag264.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag264.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R3 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynUSB64.sys;c:\windows\SYSNATIVE\drivers\SynUSB64.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 CLKMSVC10_9EC60124;CyberLink Product - 2011/10/24 13:39;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [x]
R4 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
R4 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [x]
R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
R4 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R4 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe [x]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
R4 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [x]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 veracrypt;veracrypt;c:\windows\System32\drivers\veracrypt.sys;c:\windows\SYSNATIVE\drivers\veracrypt.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 360Box64;360Box mini-filter driver;c:\windows\system32\DRIVERS\360Box64.sys;c:\windows\SYSNATIVE\DRIVERS\360Box64.sys [x]
S1 360Camera;360Safe Camera Filter Service;c:\windows\system32\Drivers\360Camera64.sys;c:\windows\SYSNATIVE\Drivers\360Camera64.sys [x]
S1 360FsFlt;360FsFlt mini-filter driver;c:\windows\system32\DRIVERS\360FsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\360FsFlt.sys [x]
S1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV64.sys;c:\windows\SYSNATIVE\DRIVERS\BAPIDRV64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IpOverUsbSvc;Windows Phone IP over USB Transport (IpOverUsbSvc);c:\program files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe;c:\program files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 postgresql-x64-9.0;postgresql-x64-9.0 - PostgreSQL Server 9.0;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-x64-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-x64-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w [x]
S2 QHActiveDefense;360 Total Security;c:\program files (x86)\360\Total Security\safemon\QHActiveDefense.exe;c:\program files (x86)\360\Total Security\safemon\QHActiveDefense.exe [x]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
S2 vstor2-mntapi20-shared;Vstor2 MntApi 2.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi20-shared.sys;SysWOW64\drivers\vstor2-mntapi20-shared.sys [x]
S3 360AntiHacker;360Safe Anti Hacker Service;c:\windows\system32\Drivers\360AntiHacker64.sys;c:\windows\SYSNATIVE\Drivers\360AntiHacker64.sys [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S4 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S4 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S4 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S4 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - NVSTREAMKMS
*Deregistered* - truecrypt
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        185824        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        185824        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        185824        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        185824        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        185824        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        185824        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        185824        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12        185824        ----a-w-        c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-21 2207848]
"Fences"="c:\program files (x86)\Stardock\Fences\Fences.exe" [2012-10-29 4017368]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-08-01 2403104]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2012-10-29 551640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
TCP: Interfaces\{05DE8C78-3AC9-4B2C-9D85-13F5F33A6FFC}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{26141D4E-6B47-47A4-BE21-0F9864CC4ED8}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{28490DBF-A1C0-4920-AF28-50ECAEC29186}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{3B5A7CEE-5BDD-41C2-8099-5B5B5E9F3473}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{60AA6E3A-F8B7-4493-B253-ED25FEC3BE48}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{6D6AD976-9958-4895-B655-7562A517A433}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{7236F28B-4F21-47D1-BDB6-6FEF4857AD9A}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{ACFBF600-384E-4311-B0B7-79BC6ED5A56E}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{BB5550E0-672D-4085-89B5-6D45CA7386B3}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{BE6BFEF7-058C-4742-A3B9-624C3714AA79}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{D893661C-D7C1-49DF-AAC3-BCEA438691C7}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{E6B34D56-B1B1-4ACF-9922-063A5EBB478F}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{15EDBCBF-7231-4290-946E-5BB12C6AF342} - (no file)
ShellIconOverlayIdentifiers-{14A3EC74-D852-416A-9691-AC3096EE1953} - (no file)
ShellIconOverlayIdentifiers-{E9C2814C-12B8-4D74-9551-16DDEBFC8AE4} - (no file)
ShellIconOverlayIdentifiers-{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{7E111A5C-3D11-4F56-9463-5310C3C69025} - (no file)
ShellIconOverlayIdentifiers-{15EDBCBF-7231-4290-946E-5BB12C6AF342} - (no file)
ShellIconOverlayIdentifiers-{14A3EC74-D852-416A-9691-AC3096EE1953} - (no file)
ShellIconOverlayIdentifiers-{E9C2814C-12B8-4D74-9551-16DDEBFC8AE4} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-HelixYUVCodecs - c:\windows\system32\uninstHelixYUV.exe
AddRemove-YAMB - c:\program files (x86)\YAMB\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.0]
"ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.0]
"ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4d,66,3e,6f,0b,46,16,4d,86,c7,fb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4d,66,3e,6f,0b,46,16,4d,86,c7,fb,\
.
[HKEY_USERS\S-1-5-21-1687097068-401554184-1692899982-1001\Software\SecuROM\License information*]
"datasecu"=hex:7d,b1,21,a1,cd,37,47,7f,eb,4c,b5,c7,e4,06,c5,52,b0,1a,fa,bd,e3,
  8b,95,50,11,9b,8d,73,00,44,ec,30,8a,93,ea,d6,5f,fb,1a,9b,1a,9d,55,d1,57,07,\
"rkeysecu"=hex:63,02,4e,e1,f0,dd,7b,5f,af,38,e0,12,2a,49,64,9b
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:75,a2,25,0d,99,1a,54,73,69,a9,af,e5,11,69,66,5e,98,2e,db,79,1d,
  10,88,a3,69,ee,82,70,00,91,51,fc,3f,a9,e7,e9,e4,67,43,e8,02,36,f2,86,89,d2,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:75,a2,25,0d,99,1a,54,73,69,a9,af,e5,11,69,66,5e,98,2e,db,79,1d,
  10,88,a3,69,ee,82,70,00,91,51,fc,27,4f,f4,f1,c1,b2,ed,8d,02,36,f2,86,89,d2,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-03-07  20:35:55
ComboFix-quarantined-files.txt  2015-03-07 19:35
.
Vor Suchlauf: 42 Verzeichnis(se), 32.526.516.224 Bytes frei
Nach Suchlauf: 53 Verzeichnis(se), 32.773.066.752 Bytes frei
.
- - End Of File - - 37CFC9E8F0FB0FFE6729FF15FC5E1263

schrauber 08.03.2015 14:46
Nach Reboot immer noch nicht?

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Zenon49 08.03.2015 18:50
Info: Nach dem dritten Reboot geht nun KeePass wieder

Die Logs..
Malwarebytes Anti-Malware Log:
HTML-Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 08.03.2015
Suchlauf-Zeit: 16:36:22
Logdatei: Malwarebytes-AM_.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.03.08.04
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: *****

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 568714
Verstrichene Zeit: 58 Min, 39 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 2
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, , [8391be85c6c4ea4c7aebe84534d150b0],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, , [5cb850f325653afc8bd9022b5ca9fd03],

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 4
PUP.Optional.Somoto, C:\Users\*****\Downloads\magic-audio-joiner.exe, , [bc5858eb6a204aecedf845c05ea84eb2],
PUP.Optional.OpenCandy, C:\Users\*****\Downloads\MediaInfo_GUI_0.7.71_Windows.exe, , [b55f6bd8dfab4aec8c213ccaaf57827e],
PUP.Optional.OpenCandy, C:\Users\*****\Downloads\SetupImgBurn_2.5.8.0.exe, , [68aca79c31599a9cfbb216f0f11517e9],
PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, , [9e76d96af595c5710a5e25088c7923dd],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Anmerkung:
ImgBurn & MediaInfo sind NICHT unerwünscht und bundeln soweit mir bekann keine Adware.
Magic Audio Joiner ist Dreck, das hat damals mir Toolbars ohne Ende installiert, offenbar hab' ich die Installation vergessen..

JTR Log:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Home Premium x64
Ran by ***** on 08.03.2015 at 17:49:48,39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.03.2015 at 17:54:40,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner Log:

Code:
# AdwCleaner v4.111 - Bericht erstellt 08/03/2015 um 17:55:53
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-03-05.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : ***** - ACER-A-5750G
# Gestarted von : C:\Users\*****\Downloads\AdwCleaner_4.111.exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****

Task Gefunden : LaunchApp

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v36.0.1 (x86 de)


-\\ Chromium v


-\\ Opera v26.0.1656.60

*************************

AdwCleaner[R0].txt - [10082 Bytes] - [29/10/2014 17:07:40]
AdwCleaner[R1].txt - [929 Bytes] - [29/10/2014 21:22:38]
AdwCleaner[R2].txt - [1183 Bytes] - [16/11/2014 15:31:49]
AdwCleaner[R3].txt - [2347 Bytes] - [07/12/2014 10:05:11]
AdwCleaner[R4].txt - [5530 Bytes] - [06/03/2015 07:02:59]
AdwCleaner[R5].txt - [1033 Bytes] - [08/03/2015 17:55:53]
AdwCleaner[S0].txt - [9550 Bytes] - [29/10/2014 17:14:51]
AdwCleaner[S1].txt - [1227 Bytes] - [16/11/2014 15:33:53]
AdwCleaner[S2].txt - [2381 Bytes] - [07/12/2014 10:10:25]
AdwCleaner[S3].txt - [4663 Bytes] - [06/03/2015 07:06:06]

########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [1328 Bytes] ##########

Zenon49 08.03.2015 18:56
FRST.txt

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 03
Ran by ***** (administrator) on ACER-A-5750G on 08-03-2015 18:20:09
Running from C:\TOOLS\SecurityTOOLS\FSRT64 - Analysetool
Loaded Profiles: ***** & postgres (Available profiles: ***** & postgres)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
() C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(PcWinTech.com) C:\Program Files (x86)\CleanMem\Mini_Monitor.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Qihu Software Co. Limited) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
() C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(IDRIX) C:\Program Files\VeraCrypt\VeraCrypt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11786344 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-03-21] (Realtek Semiconductor)
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [4017368 2012-10-29] (Stardock Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-08-01] (NVIDIA Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [1208944 2015-02-12] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [785416 2015-02-18] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1687097068-401554184-1692899982-1054\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default
HKU\S-1-5-21-1687097068-401554184-1692899982-1054\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\Run: [Copy] => C:\Users\*****\AppData\Roaming\Copy\CopyAgent.exe [15435920 2015-02-07] (Barracuda Networks, Inc.)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [166616 2014-08-01] (NVIDIA Corporation)
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166616 2014-08-01] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146528 2014-08-01] (NVIDIA Corporation)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnk
ShortcutTarget: Fences.lnk -> C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
Startup: C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
ShellIconOverlayIdentifiers: [ 0Cloudfogger] -> {15EDBCBF-7231-4290-946E-5BB12C6AF342} =>  No File
ShellIconOverlayIdentifiers: [ 1Cloudfogger] -> {14A3EC74-D852-416A-9691-AC3096EE1953} =>  No File
ShellIconOverlayIdentifiers: [ 2Cloudfogger] -> {E9C2814C-12B8-4D74-9551-16DDEBFC8AE4} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1687097068-401554184-1692899982-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1687097068-401554184-1692899982-1054 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-03-27] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-03-27] (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - No Name - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} -  No File
Toolbar: HKU\S-1-5-21-1687097068-401554184-1692899982-1001 -> No Name - {7E111A5C-3D11-4F56-9463-5310C3C69025} -  No File
DPF: HKLM-x32 {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\..\Interfaces\{05DE8C78-3AC9-4B2C-9D85-13F5F33A6FFC}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{26141D4E-6B47-47A4-BE21-0F9864CC4ED8}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{28490DBF-A1C0-4920-AF28-50ECAEC29186}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{3B5A7CEE-5BDD-41C2-8099-5B5B5E9F3473}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{60AA6E3A-F8B7-4493-B253-ED25FEC3BE48}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{6D6AD976-9958-4895-B655-7562A517A433}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{7236F28B-4F21-47D1-BDB6-6FEF4857AD9A}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{ACFBF600-384E-4311-B0B7-79BC6ED5A56E}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{BB5550E0-672D-4085-89B5-6D45CA7386B3}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{BE6BFEF7-058C-4742-A3B9-624C3714AA79}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{D893661C-D7C1-49DF-AAC3-BCEA438691C7}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{E6B34D56-B1B1-4ACF-9922-063A5EBB478F}: [NameServer] 193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-03-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-03-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll [2013-05-30] (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Firebug - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\firebug@software.joehewitt.com.xpi [2014-12-07]
FF Extension: Ghostery - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\firefox@ghostery.com.xpi [2015-02-04]
FF Extension: Mailvelope - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\jid1-AQqSMBYb0a8ADg@jetpack.xpi [2015-02-26]
FF Extension: NoScript - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-12-07]
FF Extension: QuickImage - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\{B9FBA24F-5573-4889-80AC-80809FB9C425}.xpi [2014-12-11]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-07]
FF Extension: Greasemonkey - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-12-12]
FF Extension: QuickJava - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-12-11]
FF Extension: UnMHT - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi [2014-12-16]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011-10-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox
FF Extension: 360网页保护 - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2014-11-23]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - "C:\Program Files (x86)\FVD Suite\addons\chrome\fvdext.crx" [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2015-01-01] (EasyAntiCheat Ltd)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244448 2014-10-28] (Foxit Software Inc.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]
S4 Giraffic; C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2245232 2013-05-13] (Giraffic)
S4 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
S4 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [218624 2011-10-17] () [File not signed]
S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
S4 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2932224 2011-07-09] (PACE Anti-Piracy, Inc.) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-09-07] ()
R2 postgresql-x64-9.0; C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe [111104 2011-04-15] (PostgreSQL Global Development Group) [File not signed]
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [813680 2015-02-12] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175112 2015-02-18] (Sandboxie Holdings, LLC)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14407384 2014-06-12] ()
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 CLKMSVC10_9EC60124; "C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe" /svc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [100424 2014-11-20] (360.cn)
S3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77896 2015-02-12] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305736 2015-02-12] (360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2014-11-20] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [314448 2015-02-12] (Qihu 360 Software Co., Ltd.)
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 AndNetDiag2; C:\Windows\System32\DRIVERS\lgandnetdiag264.sys [29696 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93696 2013-04-23] (LG Electronics Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S1 Aspi32; No ImagePath
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-26] ()
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [180816 2015-02-12] (Qihu 360 Software Co., Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-09-25] (Disc Soft Ltd)
R3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2011-10-17] (Huawei Technologies Co., Ltd.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-07-03] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-07-03] (RapidSolution Software AG)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [237064 2015-02-18] (Sandboxie Holdings, LLC)
S3 Secdrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [11616 2001-08-25] () [File not signed]
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [142120 2007-04-27] (SafeNet, Inc.)
S3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [31248 2006-11-16] (SIA Syncrosoft)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-01-10] (Anchorfree Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]
R0 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [192344 2015-01-08] (IDRIX)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 TwoToXDfrgSrvc; No ImagePath
S3 wanatw; system32\DRIVERS\wanatw64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-08 18:03 - 2015-03-08 18:03 - 00000022 _____ () C:\Windows\S.dirmngr
2015-03-08 17:54 - 2015-03-08 17:54 - 00000696 _____ () C:\Users\*****\Desktop\JRT.txt
2015-03-08 17:47 - 2015-03-08 17:47 - 01388333 _____ (Thisisu) C:\Users\*****\Downloads\JRT.exe
2015-03-07 23:34 - 2015-03-07 23:34 - 00848856 _____ (Panda Security ) C:\Users\*****\Downloads\USBVaccineSetup.exe
2015-03-07 23:26 - 2015-03-07 23:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-03-07 23:26 - 2015-03-07 23:26 - 00000000 ____D () C:\Program Files\7-Zip
2015-03-07 21:56 - 2015-03-07 21:56 - 00000000 ____D () C:\Users\*****\AppData\Roaming\VSRevoGroup
2015-03-07 20:46 - 2015-03-07 20:46 - 02536151 _____ (Dominik Reichl ) C:\Users\*****\Downloads\KeePass-2.28-Setup.exe
2015-03-07 20:36 - 2015-03-07 20:36 - 00051684 _____ () C:\ComboFix.txt
2015-03-07 20:03 - 2015-03-07 20:36 - 00000000 ____D () C:\Qoobox
2015-03-07 20:03 - 2015-03-07 20:31 - 00000000 ____D () C:\Windows\erdnt
2015-03-07 20:03 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-07 20:03 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-07 20:03 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-07 20:03 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-07 20:03 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-07 20:03 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-07 20:03 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-07 20:03 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-07 19:57 - 2015-03-07 19:58 - 05612482 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2015-03-07 19:52 - 2015-03-07 19:52 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-07 18:37 - 2015-03-08 17:20 - 00001804 _____ () C:\Windows\Sandboxie.ini
2015-03-07 18:37 - 2015-03-07 18:37 - 00000878 _____ () C:\Users\*****\Desktop\Sandboxed Web Browser.lnk
2015-03-07 18:37 - 2015-03-07 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-03-07 05:44 - 2015-03-08 18:20 - 00000000 ____D () C:\FRST
2015-03-06 07:01 - 2015-03-06 07:02 - 02126848 _____ () C:\Users\*****\Downloads\AdwCleaner_4.111.exe
2015-03-06 05:17 - 2015-03-06 05:18 - 07019963 _____ () C:\Users\*****\Downloads\Forsaken 64 (E).zip
2015-03-06 04:00 - 2015-03-06 04:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 64 2.0
2015-03-06 04:00 - 2015-03-06 04:00 - 00000000 ____D () C:\Program Files (x86)\Project64 2.1
2015-03-05 23:42 - 2015-03-05 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2015-03-05 18:15 - 2015-03-05 18:15 - 00000000 ____D () C:\Users\*****\AppData\Local\Ndemic Creations
2015-03-04 20:29 - 2015-03-04 20:29 - 00000000 ____D () C:\Users\*****\Documents\SEGA
2015-03-01 19:27 - 2015-03-01 19:27 - 00000000 ____D () C:\Users\*****\AppData\Local\CAPCOM
2015-03-01 18:13 - 2015-03-01 18:13 - 00012295 _____ () C:\Users\*****\Documents\bafoeg_kram_etc24732897.odt
2015-02-27 21:24 - 2015-02-27 21:24 - 05593268 _____ (Your Company Name ) C:\Users\*****\Downloads\incloak_vpn_1.03.exe
2015-02-26 12:10 - 2015-02-26 12:10 - 00001384 _____ () C:\Users\*****\Documents\Cryptophane.txt
2015-02-26 11:57 - 2015-02-26 12:10 - 00000000 ____D () C:\Program Files (x86)\Cryptophane
2015-02-26 11:57 - 2015-02-26 11:57 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cryptophane
2015-02-26 11:57 - 2015-02-26 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cryptophane
2015-02-24 19:14 - 2015-02-24 19:47 - 00014888 _____ () C:\Users\*****\Downloads\movies.odb
2015-02-24 15:43 - 2015-02-24 15:43 - 00034789 _____ () C:\Users\*****\Downloads\Rechnung 70915.0-15  Ihre Bestellung ONL3893 vom 24.02.2015.zip
2015-02-23 15:42 - 2015-03-08 18:01 - 00010462 _____ () C:\Windows\PFRO.log
2015-02-22 16:29 - 2015-02-22 16:29 - 00001113 _____ () C:\Users\Public\Desktop\360 Total Security.lnk
2015-02-22 16:29 - 2015-02-22 16:29 - 00000000 ____D () C:\ProgramData\360TotalSecurity
2015-02-22 01:23 - 2015-02-22 01:23 - 00000000 ____D () C:\Users\*****\AppData\Local\Steam
2015-02-17 18:41 - 2015-02-17 18:41 - 00000000 ____D () C:\Users\*****\AppData\Roaming\XLMSoft
2015-02-17 18:32 - 2015-02-17 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BOOKcook Bücherverwaltung
2015-02-17 18:32 - 2015-02-17 18:32 - 00000000 ____D () C:\Program Files (x86)\XLM Software
2015-02-17 18:28 - 2015-02-17 18:28 - 00967704 _____ (XLM Software Axel Meierhöfer ) C:\Users\*****\Downloads\BOOKcookSetup_v1.43.1(FEB_2015).exe
2015-02-15 15:30 - 2015-02-15 15:30 - 00001958 _____ () C:\Users\*****\Desktop\Kindle.lnk
2015-02-15 15:30 - 2015-02-15 15:30 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-02-15 15:26 - 2015-02-15 15:29 - 40790520 _____ (Amazon.com) C:\Users\*****\Downloads\KindleForPC-installer(1).exe
2015-02-13 21:37 - 2015-02-13 21:37 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Foxit Software
2015-02-13 21:36 - 2015-02-13 21:36 - 00000000 ____D () C:\Users\Public\Foxit Software
2015-02-13 21:36 - 2015-02-13 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-02-13 21:35 - 2015-02-13 21:35 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2015-02-13 21:27 - 2015-02-13 21:29 - 53078632 _____ (Foxit Software Inc. ) C:\Users\*****\Downloads\FoxitReader708.1216_prom_L10N_Setup.exe
2015-02-13 21:09 - 2015-02-13 21:10 - 04307793 _____ () C:\Users\*****\Downloads\ICE Book Reader 9.4.0 Portable.7z
2015-02-10 21:45 - 2015-02-10 21:46 - 02201614 _____ (Raid-Rush ) C:\Users\*****\Downloads\xupper-setup.exe
2015-02-10 14:21 - 2015-02-10 14:21 - 01976342 _____ () C:\Users\*****\Downloads\LIT.ME.DN.4952581.RAR
2015-02-10 09:42 - 2015-02-10 09:43 - 00000000 ____D () C:\Users\*****\Desktop\Tor Browser
2015-02-10 09:33 - 2015-02-10 09:38 - 34662667 _____ () C:\Users\*****\Downloads\torbrowser-install-4.0.3_de.exe
2015-02-07 15:44 - 2015-03-08 18:04 - 00002812 _____ () C:\Windows\setupact.log
2015-02-07 15:44 - 2015-02-07 15:49 - 04934448 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-07 15:44 - 2015-02-07 15:44 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-06 07:24 - 2015-02-06 07:24 - 00000955 _____ () C:\Users\*****\Desktop\MakeMKV.lnk
2015-02-06 07:24 - 2015-02-06 07:24 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV
2015-02-06 07:24 - 2015-02-06 07:24 - 00000000 ____D () C:\Program Files (x86)\MakeMKV
2015-02-06 07:23 - 2015-02-06 07:24 - 06449418 _____ (GuinpinSoft inc) C:\Users\*****\Downloads\Setup_MakeMKV_v1.9.1.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-08 18:21 - 2011-08-21 02:10 - 01786986 _____ () C:\Windows\WindowsUpdate.log
2015-03-08 18:15 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-08 18:15 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-08 18:10 - 2013-12-19 16:35 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Copy
2015-03-08 18:06 - 2013-12-21 21:29 - 00000000 ____D () C:\ProgramData\VMware
2015-03-08 18:02 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-08 17:58 - 2014-10-29 17:07 - 00000000 ____D () C:\AdwCleaner
2015-03-08 17:46 - 2011-11-21 21:37 - 00000000 ____D () C:\Users\*****\AppData\Roaming\foobar2000
2015-03-08 17:13 - 2011-10-16 16:57 - 00000000 ____D () C:\STEAM
2015-03-08 16:32 - 2014-11-01 11:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-08 14:27 - 2013-09-03 21:25 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc
2015-03-08 09:56 - 2013-11-02 11:18 - 00000000 ____D () C:\Users\*****\AppData\Roaming\gnupg
2015-03-07 21:34 - 2014-12-17 07:47 - 00000000 ____D () C:\TOOLS
2015-03-07 21:21 - 2013-09-26 18:46 - 00000000 ____D () C:\Users\postgres
2015-03-07 20:19 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-07 19:20 - 2011-08-21 12:02 - 00704298 _____ () C:\Windows\system32\perfh007.dat
2015-03-07 19:20 - 2011-08-21 12:02 - 00151692 _____ () C:\Windows\system32\perfc007.dat
2015-03-07 19:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-07 19:19 - 2011-11-08 21:35 - 00000000 ____D () C:\Users\*****\AppData\Roaming\SoftGrid Client
2015-03-07 19:09 - 2012-07-08 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
2015-03-07 18:37 - 2014-10-19 23:44 - 00000000 ____D () C:\Program Files\Sandboxie
2015-03-07 18:36 - 2014-10-19 23:37 - 06980616 _____ (Sandboxie Holdings, LLC) C:\Users\*****\Downloads\SandboxieInstall.exe
2015-03-07 17:42 - 2014-10-20 07:26 - 00000000 ____D () C:\Users\*****\AppData\Roaming\KeePass
2015-03-07 00:16 - 2014-10-27 11:04 - 00000000 ____D () C:\Users\*****\AppData\Local\JDownloader 2.0
2015-03-06 07:14 - 2014-12-07 12:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-06 06:35 - 2015-01-27 14:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-06 06:34 - 2014-12-07 12:00 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-06 06:34 - 2014-12-07 12:00 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-06 06:34 - 2014-05-20 02:12 - 00001087 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-03-06 06:34 - 2011-10-15 13:39 - 00001425 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-05 23:42 - 2013-10-02 04:34 - 00000576 _____ () C:\Users\Public\Desktop\Fraps.lnk
2015-03-05 20:33 - 2013-10-10 21:03 - 00000000 ___HD () C:\ProgramData\vid
2015-03-05 20:33 - 2013-10-10 21:03 - 00000000 ___HD () C:\ProgramData\tks
2015-03-05 11:59 - 2009-07-14 06:13 - 01630642 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-05 11:34 - 2013-10-02 05:44 - 00000000 ____D () C:\Users\*****\AppData\Local\Thunderbird
2015-03-03 06:13 - 2013-10-02 05:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-03-02 13:42 - 2012-01-27 20:44 - 00000000 ____D () C:\Users\*****\AppData\Roaming\TS3Client
2015-03-01 18:13 - 2013-12-17 13:32 - 00000000 ___RD () C:\Dropbox
2015-02-28 04:06 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-27 23:46 - 2014-11-23 14:12 - 00000000 __SHD () C:\ProgramData\360Quarant
2015-02-27 23:46 - 2014-11-23 14:12 - 00000000 ____D () C:\$360Section
2015-02-27 23:46 - 2014-11-23 13:35 - 00000000 ____D () C:\ProgramData\360safe
2015-02-27 23:45 - 2012-08-01 17:38 - 00000000 ____D () C:\Users\*****\Downloads\ReFX.Vanguard.VSTi.RTAS.v1.8.0-AiR
2015-02-24 18:09 - 2011-10-19 18:56 - 00000000 ____D () C:\Users\*****\AppData\Roaming\IrfanView
2015-02-24 17:58 - 2013-10-02 04:55 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2015-02-24 15:22 - 2013-10-07 16:40 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Notepad++
2015-02-24 15:22 - 2013-10-07 16:40 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2015-02-23 17:10 - 2014-11-23 13:49 - 00000000 ____D () C:\Users\*****\AppData\Roaming\360safe
2015-02-23 17:09 - 2013-11-05 02:09 - 00000000 ____D () C:\Users\*****\Documents\My Kindle Content
2015-02-23 16:06 - 2011-12-09 00:27 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Dropbox
2015-02-23 16:05 - 2012-05-03 11:51 - 00001028 _____ () C:\Users\*****\Desktop\Dropbox.lnk
2015-02-23 16:05 - 2012-05-03 11:49 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-22 16:33 - 2012-07-09 06:11 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-02-17 02:22 - 2013-11-05 01:13 - 00000000 ____D () C:\Users\*****\Documents\Calibre Library
2015-02-16 03:02 - 2012-07-09 18:26 - 00001063 _____ () C:\Users\*****\Documents\iTLU_profile_a.itlu
2015-02-15 15:30 - 2011-11-26 02:32 - 00000000 ____D () C:\Program Files (x86)\Amazon
2015-02-14 11:36 - 2011-11-11 02:58 - 00012288 _____ () C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-13 21:22 - 2014-04-08 22:12 - 00000000 ____D () C:\Program Files (x86)\ICE Book Reader Professional
2015-02-12 14:35 - 2014-11-23 13:37 - 00077896 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys
2015-02-12 14:35 - 2014-11-23 13:35 - 00314448 _____ (Qihu 360 Software Co., Ltd.) C:\Windows\system32\Drivers\360fsflt.sys
2015-02-12 14:35 - 2014-11-23 13:35 - 00180816 _____ (Qihu 360 Software Co., Ltd.) C:\Windows\system32\Drivers\BAPIDRV64.SYS
2015-02-12 14:35 - 2014-11-23 13:34 - 00305736 _____ (360.cn) C:\Windows\system32\Drivers\360Box64.sys
2015-02-10 12:18 - 2014-04-08 20:53 - 00000000 ____D () C:\Users\*****\Downloads\ebooks
2015-02-06 10:40 - 2013-04-18 22:58 - 00000000 ____D () C:\Users\*****\AppData\Roaming\HandBrake
2015-02-06 07:17 - 2014-12-16 10:11 - 00000040 ___SH () C:\ProgramData\.zreglib
2015-02-06 07:05 - 2014-10-23 20:13 - 00000000 ____D () C:\Metabones
2015-02-06 06:23 - 2012-07-03 17:52 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 06:23 - 2011-10-15 14:00 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe
2015-02-06 06:23 - 2011-07-22 05:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-11-07 01:33 - 2014-11-07 01:33 - 14147584 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe
2011-10-15 18:16 - 2011-10-16 00:13 - 0000288 _____ () C:\Users\*****\AppData\Roaming\.backup.dm
2012-01-23 19:49 - 2015-01-30 02:27 - 0000132 _____ () C:\Users\*****\AppData\Roaming\Adobe BMP Format CS5 Prefs
2012-04-27 00:20 - 2015-02-01 01:43 - 0000132 _____ () C:\Users\*****\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-03-31 02:41 - 2014-03-31 02:49 - 0002352 _____ () C:\Users\*****\AppData\Roaming\ASSDraw3.cfg
2011-10-19 19:08 - 2013-07-19 00:42 - 0000072 _____ () C:\Users\*****\AppData\Roaming\burnaware.ini
2012-06-20 04:23 - 2012-06-20 04:28 - 0311550 _____ () C:\Users\*****\AppData\Roaming\CodecsLE_Install.log
2012-06-20 04:26 - 2012-06-20 04:26 - 0314526 _____ () C:\Users\*****\AppData\Roaming\CodecsPE_Install.log
2015-01-10 00:30 - 2015-01-10 00:45 - 0000652 _____ () C:\Users\*****\AppData\Roaming\haj-log_2015-01-10 00_30_45.mjf
2012-06-19 16:13 - 2012-06-19 16:43 - 10008278 _____ () C:\Users\*****\AppData\Roaming\MediaComposer_Install.log
2013-12-08 14:15 - 2013-12-08 14:33 - 0001331 _____ () C:\Users\*****\AppData\Roaming\SplotchesConfig.dat
2012-01-23 16:57 - 2012-11-04 11:10 - 0001456 _____ () C:\Users\*****\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2011-11-11 02:58 - 2015-02-14 11:36 - 0012288 _____ () C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-19 16:34 - 2014-12-21 08:40 - 18831572 _____ () C:\Users\*****\AppData\Local\OcrMap.bin
2012-07-16 08:40 - 2012-07-16 08:40 - 0007607 _____ () C:\Users\*****\AppData\Local\Resmon.ResmonCfg
2014-12-16 10:11 - 2015-02-06 07:17 - 0000040 ___SH () C:\ProgramData\.zreglib
2011-08-21 02:32 - 2011-08-21 02:34 - 0015230 _____ () C:\ProgramData\ArcadeDeluxe5.log
2014-10-19 06:28 - 2014-10-19 06:28 - 0000000 _____ () C:\ProgramData\JonDoFox.paf.exe
2011-10-19 22:41 - 2011-10-19 22:41 - 0000139 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-08-06 17:08 - 2013-08-06 17:09 - 0000032 _____ () C:\ProgramData\PS.log

Files to move or delete:
====================
C:\ProgramData\JonDoFox.paf.exe


Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 04:09

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---


Addition.txt

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2015 03
Ran by ***** at 2015-03-08 18:21:54
Running from C:\TOOLS\SecurityTOOLS\FSRT64 - Analysetool
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 360 Total Security (Enabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AS: 360 Total Security (Enabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Tools for .Net 3.5 - DEU Lang Pack (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
 Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
µTorrent (HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 6.0.0.1140 - 360 Security Center)
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
ActiveX контрола на Windows Live Mesh за отдалечени връзки (HKLM-x32\...\{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}) (Version: 15.4.5722.2 - Microsoft Corporation)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Aegisub 3.2.2 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.2 - Aegisub Team)
Aiseesoft Blu-ray Player 6.2.28 (HKLM-x32\...\{3E1A13C3-E458-4995-BEA6-4B9BE279D502}_is1) (Version: 6.2.28 - Aiseesoft Studio)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.1.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Application Insights Tools for Visual Studio 2013 (x32 Version: 2.1 - Microsoft Corporation) Hidden
Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.8.9046 - )
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.4 - GPL Public release.)
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Balabolka (HKLM-x32\...\Balabolka) (Version: 2.10.0.574 - Ilya Morozov)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 DEU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
BOOKcook Bücherverwaltung 1.43.1 (HKLM-x32\...\BOOKcook Bücherverwaltung_is1) (Version:  - XLM Software Axel Meierhöfer)
Build Tools - amd64 (Version: 12.0.30723 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.30723 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
Capsized (HKLM-x32\...\Steam App 95300) (Version:  - Alientrap)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.76.0.2015 - Georgy Berdyshev)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Control ActiveX del Windows Live Mesh per a connexions remotes (HKLM-x32\...\{76C064E2-BB99-4453-8FDA-42BC01AD0734}) (Version: 15.4.5722.2 - Microsoft Corporation)
Control ActiveX Windows Live Mesh pentru conexiuni la distanță (HKLM-x32\...\{260E3D78-94E6-47EC-8E29-46301572BB1E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controle ActiveX do Windows Live Mesh para Conexões Remotas (HKLM-x32\...\{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Crazy Taxi (HKLM-x32\...\Steam App 71230) (Version:  - SEGA)
Cryptophane 0.7.0 (HKLM-x32\...\Cryptophane_is1) (Version: 0.7.0 - eCOSM)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
Darkout (HKLM-x32\...\Steam App 257050) (Version:  - Allgraf)
Deadly Premonition: The Director's Cut (HKLM-x32\...\Steam App 247660) (Version:  - Rising Star Games)
Desura (HKLM-x32\...\Desura) (Version: 100.58 - Desura)
Desura: BEEP (HKLM-x32\...\Desura_62843961475104) (Version: Full - Big Fat Alien)
Desura: Lunar Wish: Orbs Of Fate (HKLM-x32\...\Desura_101640401059872) (Version: Full - lustermx)
Desura: MTBFreeride (HKLM-x32\...\Desura_101674760798240) (Version: Alpha - mtbfdeveloper)
Desura: OpenArena (HKLM-x32\...\Desura_24597277704224) (Version: Full - FSFPS project contributors)
Desura: Particulars (HKLM-x32\...\Desura_95674691485728) (Version: Alpha - SeeThrough Studios)
Desura: Project Zomboid (HKLM-x32\...\Desura_62350040236064) (Version: Alpha - The Indie Stone)
Devenv-Ressourcen für Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
DF CrcSfv 1.3 (HKLM-x32\...\DF CrcSfv_is1) (Version:  - Frischalowski EDV-Beratung)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Divinity: Original Sin (HKLM-x32\...\Steam App 230230) (Version:  - Larian Studios)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition Language Pack (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dropbox (HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Edna & Harvey: Harvey's New Eyes (HKLM-x32\...\Steam App 219910) (Version:  - Daedalic Entertainment)
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
Epic Battle Fantasy 4 (HKLM-x32\...\Steam App 265610) (Version:  - Matt Roszak)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version:  - )
Erforderliche Komponenten für SSDT  (HKLM-x32\...\{3FF082A7-A5DE-4BDA-B56A-1D2BEFD617A3}) (Version: 11.1.3000.0 - Microsoft Corporation)
Fallen Enchantress: Legendary Heroes (HKLM-x32\...\Steam App 228260) (Version:  - Stardock Entertainment)
ffdshow v1.3.4531 [2014-06-28] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4531.0 - )
FFMpegSource Plugin (HKLM-x32\...\FFMpegSource Plugin_is1) (Version:  - )
foobar2000 v1.3.6 (HKLM-x32\...\foobar2000) (Version: 1.3.6 - Peter Pawlowski)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.3.25.1124 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.8.1216 - Foxit Software Inc.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
Helium Audio Joiner (build 331) (HKLM-x32\...\{1C7BCE67-6479-4D56-AD92-E50479028171}_is1) (Version: 1.9.0.331 - Imploded Software)
Helix YUV Codecs (remove only) (HKLM-x32\...\HelixYUVCodecs) (Version:  - )
How to Survive (HKLM-x32\...\Steam App 250400) (Version:  - )
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
ICQ 8.2 (build 6901) (HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\ICQ) (Version: 8.2.6901.0 - ICQ)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kit SDK de vérification de Visual Studio*2012 - fra (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Kontrola Windows Live Mesh ActiveX za daljinske veze (HKLM-x32\...\{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}) (Version: 15.4.5722.2 - Microsoft Corporation)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for de-de Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Logitech Gaming Software 64 (HKLM-x32\...\InstallShield_{58BF5D14-CBCF-473C-B0E0-A7955A23224E}) (Version:  - )
Magic 2015 (HKLM-x32\...\Steam App 255420) (Version:  - Stainless Games)
Magicka: Wizard Wars (HKLM-x32\...\Steam App 202090) (Version:  - Paradox North)
MakeMKV v1.9.1 (HKLM-x32\...\MakeMKV) (Version: v1.9.1 - GuinpinSoft inc)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaInfo 0.7.71 (HKLM\...\MediaInfo) (Version: 0.7.71 - MediaArea.net)
Memory Profiler (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK - DEU (HKLM-x32\...\{F351AA2C-723C-4CFE-A7CB-8E43AB164F7F}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{F09DEB00-9F41-4BC9-BA81-9F131B12B3D5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{D4E30517-FE6F-491E-942F-AE10E1B18F38}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{B4EDAE03-DB34-4DD0-BA7E-2ED80DEA50B1}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{269A8DF6-BBDA-441F-932B-233F9B746D72}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{93945D16-4C3D-433E-B7E4-3D0D86B284C8}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{6F173435-3F19-4043-BA3D-A46AA8472859}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL-Sprachdienst  (HKLM-x32\...\{1D812D86-D8EF-41AC-A518-BA12E1913747}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (12.0.30919.1) (HKLM-x32\...\{7CC03C58-3471-43D2-A251-EC9AE225E772}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 2.0 (HKLM-x32\...\{F17B8386-A74A-4E4E-A7DD-435372991E14}) (Version: 2.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 mit Update 3 (HKLM-x32\...\{c5f1b3cc-a03d-44d8-be17-21252a106599}) (Version: 12.0.30723 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{43341417-7882-4F34-8390-53DFD00F6C0F}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{24440413-490E-41CA-BD33-0B30FD3EBE3A}) (Version: 11.1.3366.16 - Microsoft Corporation)
Moppi Flower Saver 1.0 (HKLM-x32\...\Moppi Flower Saver Installer_is1) (Version:  - )
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
MPC-HC 1.7.7 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.7 - MPC-HC Team)
MSU Video Quality Measurement Tool 3.0 DEMO 3.0 (HKLM\...\MSU Video Quality Measurement Tool 3.0 DEMO_is1) (Version:  - MSU CS Graphics & Media Lab (Video Group))
My MP4Box GUI 0.6.0.6 (HKLM\...\{3FBE3061-F2BC-4D3A-B4A9-8FB15C503F87}_is1) (Version: 0.6.0.6 - Matt Bodin)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA CUDA Samples 6.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDASamples_6.5) (Version: 6.5 - NVIDIA Corporation)
NVIDIA CUDA Toolkit 6.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDAToolkit_6.5) (Version: 6.5 - NVIDIA Corporation)
NVIDIA CUDA Visual Studio Integration 6.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDAVisualStudioIntegration_6.5) (Version: 6.5 - NVIDIA Corporation)
NVIDIA GPU Deployment Kit 340.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GDK) (Version: 340.62 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.62 - NVIDIA Corporation)
NVIDIA Nsight Visual Studio Edition 4.1.0.14204 (HKLM\...\{FEDB4463-83C0-4259-B119-5FE9C64A277F}) (Version: 4.1.0.14204 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Tools Extension SDK (NVTX) - 64 bit (HKLM\...\{4D983759-07FC-4571-BB59-58C9BBADECC5}) (Version: 1.00.00.00 - NVIDIA Corporation)
NVIDIA Update 15.3.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 15.3.33 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.23 - NVIDIA Corporation)
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
Opera Stable 26.0.1656.60 (HKLM-x32\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA)
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (HKLM-x32\...\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}) (Version: 15.4.5722.2 - Microsoft Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 RC für Windows Store-Apps (Deutsch) (x32 Version: 4.5.21005 - Microsoft Corporation) Hidden
Pauker (HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\Pauker) (Version:  - Ronny Standtke)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PreEmptive Analytics Client German Language Pack (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
Python Tools - Umleitungsvorlage (x32 Version: 1.2 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Resident Evil / biohazard HD REMASTER (HKLM-x32\...\Steam App 304240) (Version:  - CAPCOM Co., Ltd.)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Sandboxie 4.16 (64-bit) (HKLM\...\Sandboxie) (Version: 4.16 - Sandboxie Holdings, LLC)
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.0.0 - DMAILER)
SDK de comprobación de Visual Studio 2012 - esn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Shadowrun: Dragonfall - Director's Cut (HKLM-x32\...\Steam App 300550) (Version:  - Harebrained Schemes)
SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
Sigil 0.8.2 (HKLM\...\Sigil_is1) (Version:  - John Schember)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SolveigMM Video Splitter Home Edition (HKLM-x32\...\SolveigMM Video Splitter Home Edition 4.0.1410.24) (Version: 4.0.1410.24 - Solveig Multimedia)
Spotify (HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TimeLeft (HKLM-x32\...\TIMELEFT3_is1) (Version: 3.62 - NesterSoft Inc.)
Tomb Raider II (HKLM-x32\...\Steam App 225300) (Version:  - Core Design)
Tomb Raider III: Adventures of Lara Croft (HKLM-x32\...\Steam App 225320) (Version:  - Core Design)
Tomb Raider: Anniversary (HKLM-x32\...\Steam App 8000) (Version:  - Crystal Dynamics)
TP-LINK TL-WN721N_WN722N Treiber (HKLM-x32\...\{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}) (Version: 1.2.1 - TP-LINK)
TrackMania² Stadium (HKLM-x32\...\Steam App 232910) (Version:  - Nadeo)
Transistor (HKLM-x32\...\Steam App 237930) (Version:  - Supergiant Games)
TypeScript Power Tool (x32 Version: 1.0.3.1 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.3.1 - Microsoft Corporation) Hidden
Unreal Development Kit: 2012-10 (HKLM\...\UDK-0a6a40ea-8287-4f25-ac5a-8c34b192a2bc) (Version:  - Epic Games, Inc.)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Urruneko konexioetarako Windows Live Mesh ActiveX kontrola (HKLM-x32\...\{7BA6DF02-B094-45D7-A3C9-BE3684253922}) (Version: 15.4.5722.2 - Microsoft Corporation)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.0f-1 - IDRIX)
Visual Studio 2012 Update 4 (KB2707250) (HKLM-x32\...\{312d9252-c71c-4c84-b171-f4ad46e22098}) (Version: 11.0.61030 - Microsoft Corporation)
Visual Studio 2013 Update 3 (KB2829760) (HKLM-x32\...\{86438e3d-7f83-4dd2-94aa-047e7c3974cb}) (Version: 12.0.30723 - Microsoft Corporation)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 10.0.3 - VMware, Inc)
VMware Workstation (Version: 10.0.3 - VMware, Inc.) Hidden
VS Update core components (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 DEU Language Pack (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 DEU Language Pack (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Wecker für Windows 6.5 (HKLM-x32\...\{FFDC4005-E968-498D-93C8-CC148742167D}}_is1) (Version: 6.5 - Christoph Bünger Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
YAMB (HKLM-x32\...\YAMB) (Version:  - )
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย) (HKLM-x32\...\{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

27-02-2015 21:26:07 Installed inCloak VPN.
27-02-2015 21:29:54 Gerätetreiber-Paketinstallation: TAP-Windows Provider V9 Netzwerkadapter
07-03-2015 03:46:44 Windows Update
07-03-2015 15:21:16 Removed Swirl Abstracts Screensaver
07-03-2015 17:11:13 Revo Uninstaller's restore point - inCloak VPN
07-03-2015 17:13:56 Revo Uninstaller's restore point - BluFab 9.1.4.4 (05/06/2014)
07-03-2015 17:17:12 Revo Uninstaller's restore point - GetNZB Version 1.370
07-03-2015 19:09:40 TrueCrypt uninstallation
07-03-2015 19:18:54 Revo Uninstaller's restore point - Microsoft Office Klick-und-Los 2010
07-03-2015 19:19:12 Microsoft Office Klick-und-Los 2010 wird entfernt
07-03-2015 19:26:34 Revo Uninstaller's restore point - Microsoft Office Klick-und-Los 2010
07-03-2015 23:25:40 Removed 7-Zip 9.20 (x64 edition)
07-03-2015 23:26:35 Installed 7-Zip 9.38 (x64 edition)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-03-07 20:19 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0172E992-E646-49FF-8B3A-469A29270AA3} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated)
Task: {2CAD0DF8-C7F0-4EC2-A9B6-A7C1E630629F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {2EBAF774-0FC2-462D-9AEC-1661DD36D74F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {4DBA96C8-2A39-4E3F-95BB-AC16C0C195AB} - System32\Tasks\CleanMem Mini Monitor => C:\Program Files (x86)\CleanMem\mini_monitor.exe [2012-09-20] (PcWinTech.com)
Task: {4FFC8C6F-854C-4DD0-A731-63854D664787} - \FacebookUpdateTaskUserS-1-5-21-1687097068-401554184-1692899982-1001UA No Task File <==== ATTENTION
Task: {6D55F12D-EB29-420E-B3BA-44B545ACFC5C} - \LaunchApp No Task File <==== ATTENTION
Task: {8744B1F7-8C97-4DFD-B65A-BD9669D4B6E6} - \FacebookUpdateTaskUserS-1-5-21-1687097068-401554184-1692899982-1001Core No Task File <==== ATTENTION
Task: {90C36BFD-4BF6-4086-AD5B-A3E4BC351F95} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B2090BC7-797E-4A64-A768-2964C3CCC0D1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B48AF527-D3AB-4E96-88D9-0D756DF4CC22} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {C5668071-1E25-493E-809A-BA8B429F3FC7} - \Adobe Reader Speed Launcher No Task File <==== ATTENTION
Task: {C63B5B04-E629-4896-8F00-E2D97FFB3B28} - System32\Tasks\AdobeAAMUpdater-1.0-acer-a-5750g-***** => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {CC220CD3-C427-4154-A3B3-F59CD895A618} - System32\Tasks\Clean System Memory => C:\Windows\syswow64\CleanMem.exe [2012-09-20] (PcWinTech.com)
Task: {FEF89A0A-55EB-4DAA-8E53-27B7837036C4} - System32\Tasks\{34EE32BD-3F39-4310-9FC9-9238E6DD1C78} => pcalua.exe -a C:\Users\*****\Downloads\VirtualBox-4.3.4-91027-Win.exe -d C:\Users\*****\Downloads

==================== Loaded Modules (whitelisted) ==============

2014-11-23 13:34 - 2015-02-12 14:35 - 00813680 _____ () C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
2014-10-27 00:08 - 2014-08-01 04:45 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-02 02:30 - 2013-10-23 15:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2014-11-23 13:34 - 2015-02-12 14:35 - 00612944 _____ () C:\Program Files (x86)\360\Total Security\MenuEx64.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2013-10-07 15:54 - 2013-10-07 15:54 - 00218112 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2010-11-16 14:38 - 2010-11-16 14:38 - 00339456 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2011-10-17 18:03 - 2011-10-17 18:02 - 00514048 _____ () C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
2013-09-05 21:00 - 2013-09-07 02:34 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-26 18:43 - 2011-04-15 13:13 - 00216064 _____ () C:\Program Files\PostgreSQL\9.0\bin\LIBPQ.dll
2013-09-26 18:43 - 2010-05-07 08:48 - 01333760 _____ () C:\Program Files\PostgreSQL\9.0\bin\libxml2.dll
2014-06-12 16:44 - 2014-06-12 16:44 - 14407384 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2011-07-22 05:54 - 2011-06-10 18:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-11-23 13:34 - 2015-02-12 14:35 - 01208944 _____ () C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-26 23:05 - 2014-08-01 06:42 - 00012120 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-10-07 15:49 - 2013-10-07 15:49 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2013-10-07 15:47 - 2013-10-07 15:47 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2013-10-07 15:44 - 2013-10-07 15:44 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2013-10-07 15:49 - 2013-10-07 15:49 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2013-10-07 15:49 - 2013-10-07 15:49 - 00628224 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00428032 _____ () C:\Program Files (x86)\Mobile Partner\core.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00261632 _____ () C:\Program Files (x86)\Mobile Partner\sdk.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00011362 _____ () C:\Program Files (x86)\Mobile Partner\mingwm10.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00043008 _____ () C:\Program Files (x86)\Mobile Partner\libgcc_s_dw2-1.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 02415104 _____ () C:\Program Files (x86)\Mobile Partner\QtCore4.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 09515520 _____ () C:\Program Files (x86)\Mobile Partner\QtGui4.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00381952 _____ () C:\Program Files (x86)\Mobile Partner\Proxy.DLL
2011-10-17 18:03 - 2011-10-17 18:02 - 00218112 _____ () C:\Program Files (x86)\Mobile Partner\Common.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00135168 _____ () C:\Program Files (x86)\Mobile Partner\Trace.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00545280 _____ () C:\Program Files (x86)\Mobile Partner\PluginContainer.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00238080 _____ () C:\Program Files (x86)\Mobile Partner\AtCodec.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00301056 _____ () C:\Program Files (x86)\Mobile Partner\DeviceSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00235008 _____ () C:\Program Files (x86)\Mobile Partner\NetSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00133120 _____ () C:\Program Files (x86)\Mobile Partner\OSDialup.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00159232 _____ () C:\Program Files (x86)\Mobile Partner\XCodec.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00157184 _____ () C:\Program Files (x86)\Mobile Partner\DataServicePlugin.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00176128 _____ () C:\Program Files (x86)\Mobile Partner\CallSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00264704 _____ () C:\Program Files (x86)\Mobile Partner\AddrBookSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00217600 _____ () C:\Program Files (x86)\Mobile Partner\SmsSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00142336 _____ () C:\Program Files (x86)\Mobile Partner\USSDSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00156672 _____ () C:\Program Files (x86)\Mobile Partner\STKSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00338432 _____ () C:\Program Files (x86)\Mobile Partner\DeviceAppPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00065536 _____ () C:\Program Files (x86)\Mobile Partner\OSPowerMgr.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00106496 _____ () C:\Program Files (x86)\Mobile Partner\Win7Support.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 01077248 _____ () C:\Program Files (x86)\Mobile Partner\AddrBookPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00670720 _____ () C:\Program Files (x86)\Mobile Partner\SmsAppPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00550400 _____ () C:\Program Files (x86)\Mobile Partner\CallAppPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00547840 _____ () C:\Program Files (x86)\Mobile Partner\CallLogSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00158720 _____ () C:\Program Files (x86)\Mobile Partner\NetConnectSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00211968 _____ () C:\Program Files (x86)\Mobile Partner\DialUpPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00101376 _____ () C:\Program Files (x86)\Mobile Partner\OSAdapt.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00180224 _____ () C:\Program Files (x86)\Mobile Partner\NDISPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00131072 _____ () C:\Program Files (x86)\Mobile Partner\OSNDIS.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 01101824 _____ () C:\Program Files (x86)\Mobile Partner\NDISAPI.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00278528 _____ () C:\Program Files (x86)\Mobile Partner\NetInfoSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00062976 _____ () C:\Program Files (x86)\Mobile Partner\OSCall.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00495104 _____ () C:\Program Files (x86)\Mobile Partner\DeviceMgrUIPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00184832 _____ () C:\Program Files (x86)\Mobile Partner\XFramePlugin.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00123392 _____ () C:\Program Files (x86)\Mobile Partner\ATR2SMgr.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00308224 _____ () C:\Program Files (x86)\Mobile Partner\StatusBarMgrPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00117760 _____ () C:\Program Files (x86)\Mobile Partner\LayoutPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00428032 _____ () C:\Program Files (x86)\Mobile Partner\DialupUIPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00093184 _____ () C:\Program Files (x86)\Mobile Partner\NotifyServicePlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00333312 _____ () C:\Program Files (x86)\Mobile Partner\NetConnectPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00249344 _____ () C:\Program Files (x86)\Mobile Partner\MenuMgrPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00483328 _____ () C:\Program Files (x86)\Mobile Partner\NetInfoUIExPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00808960 _____ () C:\Program Files (x86)\Mobile Partner\SMSUIPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00739328 _____ () C:\Program Files (x86)\Mobile Partner\AddrBookUIPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00239104 _____ () C:\Program Files (x86)\Mobile Partner\LiveUpdateInterface.DLL
2011-10-17 18:03 - 2011-10-17 18:03 - 01148416 _____ () C:\Program Files (x86)\Mobile Partner\QtNetwork4.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00229888 _____ () C:\Program Files (x86)\Mobile Partner\ToolBarMgrPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00082944 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qgif4.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00081920 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qico4.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00192000 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qjpeg4.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00350720 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qmng4.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00370176 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qtiff4.dll
2014-06-12 17:22 - 2014-06-12 17:22 - 01261272 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2012-04-15 14:09 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Microsoft:1YL26yuNMhJebFkOF0
AlternateDataStreams: C:\ProgramData\Microsoft:lENnA5vff516fFhzmuW
AlternateDataStreams: C:\Users\*****\Cookies:cygM3w0l6CBJC2n9wN
AlternateDataStreams: C:\Users\*****\AppData\Local\iNN2YC20irDVgW:WKa4N2Bptibo15RqduIuUQPCV
AlternateDataStreams: C:\Users\*****\AppData\Local\nx0yC7wG2l:uZ4VAZHWL1s3FnY547Srz2U
AlternateDataStreams: C:\Users\*****\AppData\Local\Temporary Internet Files:ESNGrHTQEM5OtEgbVQId
AlternateDataStreams: C:\Users\*****\AppData\Local\Temporary Internet Files:IJbfx6utWWRMKl3UM7p
AlternateDataStreams: C:\Users\*****\AppData\Local\Temporary Internet Files:ODT82Af2glL7afdCP
AlternateDataStreams: C:\Users\*****\AppData\Local\vC0gfSXfKSm1:OI6R9NoE3JlZMy8Ig2FLnA

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1687097068-401554184-1692899982-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\*****\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 193.189.244.225 - 193.189.244.206

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: CLKMSVC10_9EC60124 => 2
MSCONFIG\Services: Desura Install Service => 3
MSCONFIG\Services: EgisTec Ticket Service => 3
MSCONFIG\Services: ePowerSvc => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: Giraffic => 2
MSCONFIG\Services: GREGService => 2
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: HWDeviceService64.exe => 2
MSCONFIG\Services: Live Updater Service => 2
MSCONFIG\Services: M4LIC => 2
MSCONFIG\Services: MacDrive8Service => 2
MSCONFIG\Services: Mobile Partner. RunOuc => 2
MSCONFIG\Services: NTI IScheduleSvc => 2
MSCONFIG\Services: PaceLicenseDServices => 2
MSCONFIG\Services: PCSUITEDFRGSVC => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Sony PC Companion => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: TeamViewer7 => 2
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Wecker für Windows 6.lnk => C:\Windows\pss\Wecker für Windows 6.lnk.Startup
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk => C:\Windows\pss\Xfire.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Copy => "C:\Users\*****\AppData\Roaming\Copy\CopyAgent.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
MSCONFIG\startupreg: Facebook Update => "C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Getting started with MacDrive 8 => "C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe" /auto
MSCONFIG\startupreg: ICQ => C:\Users\*****\AppData\Roaming\ICQM\icq.exe -CU
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NapsterShell => C:\Program Files (x86)\Napster\napster.exe /systray
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: Power Management => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: Spotify => "C:\Users\*****\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: Update Service => C:\Program Files (x86)\Common Files\Teknum Systems\update.exe "/startup"
MSCONFIG\startupreg: vmware-tray.exe => "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"

==================== Accounts: =============================

A5108FB4EE024DCDA5F9 (S-1-5-21-1687097068-401554184-1692899982-1113 - Limited - Enabled)
Administrator (S-1-5-21-1687097068-401554184-1692899982-500 - Administrator - Disabled)
Gast (S-1-5-21-1687097068-401554184-1692899982-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1687097068-401554184-1692899982-1003 - Limited - Enabled)
***** (S-1-5-21-1687097068-401554184-1692899982-1001 - Administrator - Enabled) => C:\Users\*****
postgres (S-1-5-21-1687097068-401554184-1692899982-1054 - Limited - Enabled) => C:\Users\postgres

==================== Faulty Device Manager Devices =============

Name: TeamViewer VPN Adapter
Description: TeamViewer VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TeamViewer GmbH
Service: teamviewervpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Broadcom 802.11n-Netzwerkadapter
Description: Broadcom 802.11n-Netzwerkadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/08/2015 06:22:07 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <10, 0x80071a91, Fehler beim Speichern der Änderungen am Crawl Scope-Manager: >.

Error: (03/08/2015 06:22:07 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <20, 0x80071a91, "">.

Error: (03/08/2015 06:20:30 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <10, 0x80071a91, Fehler beim Speichern der Änderungen am Crawl Scope-Manager: >.

Error: (03/08/2015 06:20:30 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <20, 0x80071a91, "">.

Error: (03/08/2015 06:19:34 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <10, 0x80071a91, Fehler beim Speichern der Änderungen am Crawl Scope-Manager: >.

Error: (03/08/2015 06:19:34 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <20, 0x80071a91, "">.

Error: (03/08/2015 06:19:25 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <10, 0x80071a91, Fehler beim Speichern der Änderungen am Crawl Scope-Manager: >.

Error: (03/08/2015 06:19:25 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <20, 0x80071a91, "">.

Error: (03/08/2015 06:18:01 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <10, 0x80071a91, Fehler beim Speichern der Änderungen am Crawl Scope-Manager: >.

Error: (03/08/2015 06:18:01 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <20, 0x80071a91, "">.


System errors:
=============
Error: (03/08/2015 06:22:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 7 Mal passiert.

Error: (03/08/2015 06:22:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%6801

Error: (03/08/2015 06:20:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 6 Mal passiert.

Error: (03/08/2015 06:20:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%6801

Error: (03/08/2015 06:19:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 5 Mal passiert.

Error: (03/08/2015 06:19:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%6801

Error: (03/08/2015 06:19:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 4 Mal passiert.

Error: (03/08/2015 06:19:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%6801

Error: (03/08/2015 06:18:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (03/08/2015 06:18:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%6801


Microsoft Office Sessions:
=========================
Error: (03/08/2015 06:22:07 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 100x80071a91Fehler beim Speichern der Änderungen am Crawl Scope-Manager:

Error: (03/08/2015 06:22:07 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 200x80071a91

Error: (03/08/2015 06:20:30 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 100x80071a91Fehler beim Speichern der Änderungen am Crawl Scope-Manager:

Error: (03/08/2015 06:20:30 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 200x80071a91

Error: (03/08/2015 06:19:34 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 100x80071a91Fehler beim Speichern der Änderungen am Crawl Scope-Manager:

Error: (03/08/2015 06:19:34 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 200x80071a91

Error: (03/08/2015 06:19:25 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 100x80071a91Fehler beim Speichern der Änderungen am Crawl Scope-Manager:

Error: (03/08/2015 06:19:25 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 200x80071a91

Error: (03/08/2015 06:18:01 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 100x80071a91Fehler beim Speichern der Änderungen am Crawl Scope-Manager:

Error: (03/08/2015 06:18:01 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 200x80071a91


CodeIntegrity Errors:
===================================
  Date: 2015-03-07 20:15:15.705
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-07 20:15:15.627
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-10-31 14:16:16.780
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\*****\AppData\Local\Temp\ListOpenedFileDrv_64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-10-31 14:16:16.686
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\*****\AppData\Local\Temp\ListOpenedFileDrv_64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-10-31 14:16:16.593
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\*****\AppData\Local\Temp\ListOpenedFileDrv_64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-10-31 14:16:16.484
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\*****\AppData\Local\Temp\ListOpenedFileDrv_64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-01-10 18:04:45.859
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-01-10 18:04:45.746
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-01 04:00:30.107
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-01 04:00:30.076
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 34%
Total physical RAM: 8043.83 MB
Available physical RAM: 5272.7 MB
Total Pagefile: 16085.84 MB
Available Pagefile: 13235.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive a: (Mobile Partner) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
Drive c: (Acer) (Fixed) (Total:447.66 GB) (Free:33.01 GB) NTFS
Drive i: (VOLUME) (Fixed) (Total:0.04 GB) (Free:0.04 GB) FAT32
Drive k: (STOR.E ALU 2S) (Fixed) (Total:931.51 GB) (Free:44.43 GB) NTFS
Drive y: (seagate ext) (Fixed) (Total:931.49 GB) (Free:71.62 GB) exFAT
Drive z: (inateckVC) (Fixed) (Total:465.71 GB) (Free:28.67 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: AF2F2F70)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=447.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 9948019B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6CF22AD3)
Partition 1: (Not Active) - (Size=45 MB) - (Type=0B)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=06)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 29623882)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Kannst Du nach deiner Sichtung sagen, ob's bei Combofix False-Positives gab? Oder kann ich das deinstallieren? Dann wären die Files halt futsch.. Hatte nach dem Reboot kurzzeitig das Problem, dass ich VeraCrypt nicht starten konnte, es kam die Meldung ich hätte keine Berechtigungen. Nach mehrmaligem Probieren konnte ich's dann dennoch starten.

Weißt du vielleicht was es mit diesen Benutzern auf sich hat?
A5108FB4EE024DCDA5F9 (S-1-5-21-1687097068-401554184-1692899982-1113 - Limited - Enabled)
postgres (S-1-5-21-1687097068-401554184-1692899982-1054 - Limited - Enabled) => C:\Users\postgres
HomeGroupUser$ (S-1-5-21-1687097068-401554184-1692899982-1003 - Limited - Enabled)

schrauber 08.03.2015 19:44
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
Task: {4FFC8C6F-854C-4DD0-A731-63854D664787} - \FacebookUpdateTaskUserS-1-5-21-1687097068-401554184-1692899982-1001UA No Task File <==== ATTENTION

Task: {6D55F12D-EB29-420E-B3BA-44B545ACFC5C} - \LaunchApp No Task File <==== ATTENTION

Task: {8744B1F7-8C97-4DFD-B65A-BD9669D4B6E6} - \FacebookUpdateTaskUserS-1-5-21-1687097068-401554184-1692899982-1001Core No Task File <==== ATTENTION

Task: {C5668071-1E25-493E-809A-BA8B429F3FC7} - \Adobe Reader Speed Launcher No Task File <==== ATTENTION
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Lade Dir bitte von hier Emsisoft Emergency Kit Download Emsisoft Emergency Kit herunter.
  • Bitte installiere das Programm in den vorgegebenen Pfad.
  • Starte das Programm durch Doppelklick der Desktopverknüpfung.
  • Das EEK ist nach dem Laden der Malwaresignaturen für den Scan bereit.
  • Folge nun bitte der bebilderten Bildanleitung zu Emergency Kit, entferne alle Funde und poste am Ende des Scans bzw. der Bereinigung das Log.




PostgreSQL: Documentation: 8.3: The PostgreSQL User Account
Gast-Konto und HomeGroupUser$-Konto löschen sinnvoll?

Du hast nen SQL Server installiert.

Zenon49 08.03.2015 23:44
Code:
Loaded Profiles: *** & postgres (Available profiles: *** & postgres)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {4FFC8C6F-854C-4DD0-A731-63854D664787} - \FacebookUpdateTaskUserS-1-5-21-1687097068-401554184-1692899982-1001UA No Task File <==== ATTENTION

Task: {6D55F12D-EB29-420E-B3BA-44B545ACFC5C} - \LaunchApp No Task File <==== ATTENTION

Task: {8744B1F7-8C97-4DFD-B65A-BD9669D4B6E6} - \FacebookUpdateTaskUserS-1-5-21-1687097068-401554184-1692899982-1001Core No Task File <==== ATTENTION

Task: {C5668071-1E25-493E-809A-BA8B429F3FC7} - \Adobe Reader Speed Launcher No Task File <==== ATTENTION
Emptytemp:
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4FFC8C6F-854C-4DD0-A731-63854D664787}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FFC8C6F-854C-4DD0-A731-63854D664787}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-1687097068-401554184-1692899982-1001UA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D55F12D-EB29-420E-B3BA-44B545ACFC5C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D55F12D-EB29-420E-B3BA-44B545ACFC5C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8744B1F7-8C97-4DFD-B65A-BD9669D4B6E6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8744B1F7-8C97-4DFD-B65A-BD9669D4B6E6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-1687097068-401554184-1692899982-1001Core" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C5668071-1E25-493E-809A-BA8B429F3FC7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5668071-1E25-493E-809A-BA8B429F3FC7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Reader Speed Launcher" => Key deleted successfully.
EmptyTemp: => Removed 569.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 21:40:52 ====
Beim anderen Prog muss ich schauen, hab hier leider sehr wenig Traffic.

Kann ich schon mal probieren mit dem W7 Update und schauen ob das sich noch immer wiederholt? Oder brauchts noch extra Schritte?

Edit: Anscheinend hat's noch nichts gebracht. Windows Update spinnt noch immer.. hab's gerade installiert und nach einer Minute kam wieder die Meldung, es gäbe neue Updates.. und wieder ist's das gleiche Update.

schrauber 09.03.2015 13:13
welches genau? KB Nummer? Wir lassen nach EEK noch ein Repair Tool für WIndows laufen.

Zenon49 10.03.2015 02:27
Zitat:
Zitat von Zenon49 (Beitrag 1437395)
Ich weiß leider nichtmal genau ob man das als Schädling einstufen kann.

Ich habe seit Mai 2014 ein bestimmtes Sicherheitsupdate von Windows 7 (64bit), das sich ständig neu installieren will. Es wird im Windows Update Verlauf wie folgt gelistet und ist an manchen Tagen etwa 5x vertreten:
Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2871997)

Naja das Problem ist, egal wie oft ich's installiere (es wird mir auch gemeldet, dass es korrekt installiert wurde), nach 5 Minuten kommt dann aber die Meldung(es muss nichtmal ein Neustart erfolgt sein): Neue Updates sind verfügbar - 1 wichtiges Update ist verfügbar!
Und ebendieses Update ist immer das gleiche ->(KB2871997)

Screenshot:
abload.de/img/kb2871997_543573803ryi.jpg

Ich hab' vor einiger Zeit einen Windows Update Fix probiert, aber das war ohne Erfolg und so blieb das Problem bestehen. Hat jemand vielleicht Rat oder kennt diese Problematik?
Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2871997)

Das andere Programm kann ich vermutlich frühstens in einer Woche installieren, wenn ich wieder Wlan und kein mobiles Inet habe.

Edit:
Einige Zwischenfragen an die Experten...

1. So gut wie jegliche MHT Dateien sind infiziert?!?! Das sind doch lediglich Speicherungen von Webpages! Kann man dem bei Speicherung IRGENDWIE vorbeugen? Eben in Anbetracht eines OFFLINE Webarchives von Seiten??? Und kann ich den IFrame.Exploit nachträglich fixen/beheben ohne den Inhalt der Datei zu verlieren???

2. Höchst interessant ist: Einige meiner Mails sind offebar infiziert.. dabei habe ich diese Mails nie geöffnet, Thunderbird hat mir die einfach mit Anhang auf den Rechner gezogen.. kann man dem nicht irgendwie vorbeugen? Ich würde gerne Thunderbird weiter nutzen, aber anscheinend ist es eine Unmöglichkeit Mails OHNE MITLADEN des Anhanges zu betrachten/zu speichern (nur laden des Headers finde ich etwas zu mager). Oder was habt Ihr hier für Tipps?! Vielleicht irgendwie in Kombination mit Sandboxie?

3. Any False-Positives hier?

Ich hab' bis jetzt noch nichts entfernt, warte noch auf Feedbeck.

Danke im Voraus!

Hier die Logdatei:
Code:
Emsisoft Emergency Kit - Version 9.0
Letztes Update: 09.03.2015 20:14:52
Benutzerkonto: acer-a-5750g\*****

Scan-Einstellungen:

Scan Methode: Eigener Scan
Objekte: Rootkits, Speicher, Traces, C:\, I:\, J:\, K:\, Z:\

PUPs-Erkennung: An
Archiv-Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan-Beginn:        09.03.2015 20:16:57
C:\Users\*****\AppData\Local\software        gefunden: Application.AppInstall (A)
Key: HKEY_USERS\S-1-5-21-1687097068-401554184-1692899982-1054\SOFTWARE\GAMESPY\GAMESPY ARCADE        gefunden: Adware.Win32.Gaspacade (A)
Value: HKEY_USERS\S-1-5-21-1687097068-401554184-1692899982-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR        gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS        gefunden: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-1687097068-401554184-1692899982-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS        gefunden: Setting.DisableRegistryTools (A)
Key: HKEY_USERS\S-1-5-21-1687097068-401554184-1692899982-1001\SOFTWARE\W3I, LLC        gefunden: Application.InstallAd (A)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir        gefunden: Application.Win32.WebToolbar (A)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir        gefunden: Application.BrowserExt (A)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir        gefunden: Adware.SearchProtect.W (B)
C:\Dropbox\MHTML\Aktfotografie_ Gestalten mit Licht - COLORFOTO.mht -> [Subject: Aktfotografie: Gestalten mit Licht - C][Date: Sun, 16 Nov 2014 23:57:49 +0100] -> (MIME part) -> (message body) -> (IFRAME    7)        gefunden: Exploit.Iframe.Vulnerability (B)
C:\Dropbox\MHTML\Aktfotografie_ Gestalten mit Licht - COLORFOTO.mht -> [Subject: Aktfotografie: Gestalten mit Licht - C][Date: Sun, 16 Nov 2014 23:57:49 +0100] -> (MIME part) -> (message body) -> (IFRAME    11)        gefunden: Exploit.Iframe.Vulnerability (B)
C:\Dropbox\MHTML\Aktfotografie_ Gestalten mit Licht - COLORFOTO.mht -> [Subject: Aktfotografie: Gestalten mit Licht - C][Date: Sun, 16 Nov 2014 23:57:49 +0100] -> (MIME part) -> (message body) -> (IFRAME    17)        gefunden: Exploit.Iframe.Vulnerability (B)
C:\Dropbox\MHTML\Aktfotografie_ Gestalten mit Licht - COLORFOTO.mht -> [Subject: Aktfotografie: Gestalten mit Licht - C][Date: Sun, 16 Nov 2014 23:57:49 +0100] -> (MIME part) -> (message body) -> (IFRAME    2)        gefunden: Exploit.Iframe.Vulnerability (B)
C:\Users\*****\AppData\Roaming\Thunderbird\Profiles\texpbgcw.default\ImapMail\imap.web.de\INBOX -> (message 61) -> [Subject: =?utf-8?q?Ihr vorliegendes Girokonto i][Date: Fri, 12 Dec 2014 08:24:55 GMT] -> (MIME part) -> Rechnung 12.12.2014 - Inkasso Ebay AG.z -> Rechnung nicht gedeckten Lastschrift Ihrer Bestellung Ebay AG vom 12.12.2014.zip -> Forderung 12.12.2014 - Inkasso Ebay AG.com        gefunden: Trojan.GenericKD.2023495 (B)
C:\Users\*****\AppData\Roaming\Thunderbird\Profiles\texpbgcw.default\ImapMail\imap.web.de\INBOX -> (message 96) -> [Subject: =?utf-8?q?Automatische Lastschrift 645][Date: Tue, 30 Dec 2014 09:55:39 GMT] -> (MIME part) -> Rechnung 29.12.2014 - Sachbearbeiter Gi -> Rechnung nicht gedeckten Buchung Ihrer Bestellung GiroPay GmbH vom 29.12.2014.zip -> Ausgleich 29.12.2014 - Sachbearbeiter GiroPay GmbH.com -> (NSIS o) -> lzma_nsis0000        gefunden: Trojan.Nsis.Androm.3 (B)
C:\Users\*****\AppData\Roaming\Thunderbird\Profiles\texpbgcw.default\ImapMail\imap.web.de\INBOX -> (message 96) -> [Subject: =?utf-8?q?Automatische Lastschrift 645][Date: Tue, 30 Dec 2014 09:55:39 GMT] -> (MIME part) -> Rechnung 29.12.2014 - Sachbearbeiter Gi -> Rechnung nicht gedeckten Buchung Ihrer Bestellung GiroPay GmbH vom 29.12.2014.zip -> Ausgleich 29.12.2014 - Sachbearbeiter GiroPay GmbH.com -> (NSIS o) -> lzma_nsis0002        gefunden: Trojan.GenericKD.2057723 (B)
C:\Users\*****\AppData\Roaming\Thunderbird\Profiles\texpbgcw.default\ImapMail\imap.web.de\INBOX -> (message 161) -> [Subject: =?utf-8?q?Rechnung f=C3=BCr ***** Zer][Date: Wed, 4 Feb 2015 10:09:10 GMT] -> (MIME part) -> Forderung an *** *** 04.02.2015 - -> Ausgleich nicht gedeckten Lastschrift Ihrer Bestellung Bank Payment GmbH vom 04.02.2015.zip -> *** *** Ausgleich 04.02.2015 - Inkasso Bank Payment GmbH.com        gefunden: Trojan.GenericKD.2143335 (B)
C:\Users\*****\AppData\Roaming\Thunderbird\Profiles\texpbgcw.default\ImapMail\imap.web.de\Trash -> (message 61) -> [Subject: =?utf-8?q?Rechnung f=C3=BCr ***** Zer][Date: Wed, 4 Feb 2015 10:09:10 GMT] -> (MIME part) -> Forderung an *** *** 04.02.2015 - -> Ausgleich nicht gedeckten Lastschrift Ihrer Bestellung Bank Payment GmbH vom 04.02.2015.zip -> *** *** Ausgleich 04.02.2015 - Inkasso Bank Payment GmbH.com        gefunden: Trojan.GenericKD.2143335 (B)
C:\Users\***\AppData\Roaming\Thunderbird\Profiles\texpbgcw.default\ImapMail\imap.web.de\Trash -> (message 122) -> [Subject: =?utf-8?q?Automatische Lastschrift 645][Date: Tue, 30 Dec 2014 09:55:39 GMT] -> (MIME part) -> Rechnung 29.12.2014 - Sachbearbeiter Gi -> Rechnung nicht gedeckten Buchung Ihrer Bestellung GiroPay GmbH vom 29.12.2014.zip -> Ausgleich 29.12.2014 - Sachbearbeiter GiroPay GmbH.com -> (NSIS o) -> lzma_nsis0000        gefunden: Trojan.Nsis.Androm.3 (B)
C:\Users\***\AppData\Roaming\Thunderbird\Profiles\texpbgcw.default\ImapMail\imap.web.de\Trash -> (message 122) -> [Subject: =?utf-8?q?Automatische Lastschrift 645][Date: Tue, 30 Dec 2014 09:55:39 GMT] -> (MIME part) -> Rechnung 29.12.2014 - Sachbearbeiter Gi -> Rechnung nicht gedeckten Buchung Ihrer Bestellung GiroPay GmbH vom 29.12.2014.zip -> Ausgleich 29.12.2014 - Sachbearbeiter GiroPay GmbH.com -> (NSIS o) -> lzma_nsis0002        gefunden: Trojan.GenericKD.2057723 (B)
C:\Users\***\AppData\Roaming\Thunderbird\Profiles\texpbgcw.default\ImapMail\imap.web.de\Trash -> (message 157) -> [Subject: =?utf-8?q?Ihr vorliegendes Girokonto i][Date: Fri, 12 Dec 2014 08:24:55 GMT] -> (MIME part) -> Rechnung 12.12.2014 - Inkasso Ebay AG.z -> Rechnung nicht gedeckten Lastschrift Ihrer Bestellung Ebay AG vom 12.12.2014.zip -> Forderung 12.12.2014 - Inkasso Ebay AG.com        gefunden: Trojan.GenericKD.2023495 (B)
Z:\EBOOKS\Chris Mansion - Resident Evil HD Remaster Wiki Guide - IGN.mht -> [Subject: Chris Mansion - Resident Evil HD Remas][Date: Mon, 02 Mar 2015 16:07:10 +0100] -> (MIME part) -> (message body) -> (IFRAME    10)        gefunden: Exploit.Iframe.Vulnerability (B)
Z:\GameFAQs_ Resident Evil (PS) Jill Speed Guide (1_25) by Last Cetra.mht -> [Subject: GameFAQs: Resident Evil (PS) Jill Spee][Date: Fri, 06 Mar 2015 01:45:12 +0100] -> (MIME part) -> (message body) -> (IFRAME    1)        gefunden: Exploit.Iframe.Vulnerability (B)
Z:\mht_back\Was gibt es für Unterschiede der ehemaligen DDR und BRD_ (Deutschland, geschichte).mht -> [Subject: =?utf-8?B?V2FzIGdpYnQgZXMgZsO8ciBVbnRl][Date: Tue, 03 Feb 2015 12:41:35 +0100] -> (MIME part) -> (message body) -> (IFRAME    1)        gefunden: Exploit.Iframe.Vulnerability (B)
Z:\mht_back\Was gibt es für Unterschiede der ehemaligen DDR und BRD_ (Deutschland, geschichte).mht -> [Subject: =?utf-8?B?V2FzIGdpYnQgZXMgZsO8ciBVbnRl][Date: Tue, 03 Feb 2015 12:41:35 +0100] -> (MIME part) -> (message body) -> (IFRAME    1)        gefunden: Exploit.Iframe.Vulnerability (B)
Z:\mht_back\Was gibt es für Unterschiede der ehemaligen DDR und BRD_ (Deutschland, geschichte).mht -> [Subject: =?utf-8?B?V2FzIGdpYnQgZXMgZsO8ciBVbnRl][Date: Tue, 03 Feb 2015 12:41:35 +0100] -> (MIME part) -> (message body) -> (IFRAME    1)        gefunden: Exploit.Iframe.Vulnerability (B)
Z:\mht_back\Was gibt es für Unterschiede der ehemaligen DDR und BRD_ (Deutschland, geschichte).mht -> [Subject: =?utf-8?B?V2FzIGdpYnQgZXMgZsO8ciBVbnRl][Date: Tue, 03 Feb 2015 12:41:35 +0100] -> (MIME part) -> (message body) -> (IFRAME    1)        gefunden: Exploit.Iframe.Vulnerability (B)
Z:\mht_back\Was gibt es für Unterschiede der ehemaligen DDR und BRD_ (Deutschland, geschichte).mht -> [Subject: =?utf-8?B?V2FzIGdpYnQgZXMgZsO8ciBVbnRl][Date: Tue, 03 Feb 2015 12:41:35 +0100] -> (MIME part) -> (message body) -> (IFRAME    1)        gefunden: Exploit.Iframe.Vulnerability (B)
Z:\mht_back\Was gibt es für Unterschiede der ehemaligen DDR und BRD_ (Deutschland, geschichte).mht -> [Subject: =?utf-8?B?V2FzIGdpYnQgZXMgZsO8ciBVbnRl][Date: Tue, 03 Feb 2015 12:41:35 +0100] -> (MIME part) -> (message body)        gefunden: Exploit.Iframe.Vulnerability (B)
Z:\Rezepte _ Divinity_ Original Sin _ RPGuides.mht -> [Subject: Rezepte | Divinity: Original Sin | RPG][Date: Sat, 03 Jan 2015 15:46:48 +0100] -> (MIME part) -> (message body) -> (IFRAME    1)        gefunden: Exploit.Iframe.Vulnerability (B)
Z:\Rezepte _ Divinity_ Original Sin _ RPGuides.mht -> [Subject: Rezepte | Divinity: Original Sin | RPG][Date: Sat, 03 Jan 2015 15:46:48 +0100] -> (MIME part) -> (message body) -> (IFRAME    2)        gefunden: Exploit.Iframe.Vulnerability (B)
Z:\Rezepte _ Divinity_ Original Sin _ RPGuides.mht -> [Subject: Rezepte | Divinity: Original Sin | RPG][Date: Sat, 03 Jan 2015 15:46:48 +0100] -> (MIME part) -> (message body) -> (IFRAME    3)        gefunden: Exploit.Iframe.Vulnerability (B)

Gescannt        800398
Gefunden        32

Scan-Ende:        10.03.2015 01:56:15
Scan-Zeit:        5:39:18

schrauber 10.03.2015 19:44
Lass mal ein paar der MHT Dateien bei Virustotal prüfen:

Dateien online auf Viren prüfen - so geht&#039;s - Anleitungen

Thunderbird kenne ich leider gar nicht.

Zenon49 11.03.2015 02:36
https://www.virustotal.com/de/file/26aaa049066da76bf3689b5b5760c79f967fd57dd08909f803b8524533ab8f20/analysis/1426016405/

https://www.virustotal.com/de/file/d930092eb25e9510487f3b984e187e9494fecd4f01179746bff225fc8323880f/analysis/1426016182/

https://www.virustotal.com/de/file/92b8511190dedef7976d4f2506cae4ef7d7a9a819462db68a6d25f46f3451c3f/analysis/1426016237/

https://www.virustotal.com/de/file/a72f32638531e544faa34107a0d08af12f3086da5a067678d33233f0e06c9a59/analysis/1426016681/

Einige finden etwas, einige finden nix.

Hab' mal folgendes probiert: hxxp://support.microsoft.com/kb/971058

Zunächst mit dem Tool. Dabei kam folgendes raus:
http://abload.de/img/windoof_up1z3yn3.jpg

Nach diesem Fixversuch hab ich versucht nach Updates zu suchen, das dauerte seeeehr lange,
dann erscheint BEVOR igendwelche Updates ÜBERHAUPT angezeigt werden das hier:
http://abload.de/img/windoof_up5_0xuf1.jpg

Leider bin ich dann nach dem Neustart wieder an der gleichen Stelle und nach dem Suchen kommt WIEDER:
http://abload.de/img/windoof_up5_0xuf1.jpg

Nungut, hab' dann einen sauberen Neustart (hxxp://support.microsoft.com/kb/929135) probiert, doch ohne Erfolg. Kann so oft ich will neustarten, es bringt nix.

Danach hab' ich die manuelle Anleitung befolgt(hxxp://support.microsoft.com/kb/971058). Bei der Registrierung einiger DLLs kamen jedoch diverse Fehler..
http://abload.de/img/registerdll_errorwuuld.jpg

Und bei der Installation des neusten Windows Update-Agents kam leider ein Fehler...
http://abload.de/img/windows_update_agent_hqs5i.jpg

Ich fürchte die Windows-Update Funktion ist nun gänzlich im EIMER.
Noch irgendwelche Ideen wie man das fixen kann?!


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:14 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131